Open anointed opened 14 years ago
thenbrent
commented
14 years ago Hi anointed,
Thanks for your detailed error report. I'm exceptionally busy at the moment but will download the members plugin and follow your steps to reproduce the bug as soon as possible. It shouldn't be too long before I can release a fix once I've reproduced it. I'll let you know when it's available.
Brent
anointed
commented
14 years ago Thank you kind sir!
anointed
commented
14 years ago By any chance have you had a chance to look into fixing the problem?
--if not, is there anything I can do to help out?
thenbrent
commented
14 years ago Sorry annointed, I haven't. How about I promise to burn the midnight oil to look into it and hopefully fix it tonight? I'll get back to you within 24 hours hopefully with a fix.
thenbrent
commented
14 years ago Anointed, I'm testing this on my local setup with two different custom post types from other plugins and an ad hoc custom post type created using the Custom Post Type UI plugin. I've created a new role (advisors) then checked/unchecked permissions in map cap settings and they save fine.
As you offerred earlier, can you please provide me a login to a demo site so I can see the problem? It would be a great help! :)
anointed
commented
14 years ago I sent an email with the information.
thenbrent
commented
14 years ago Thanks anointed, I've figured it out!
All of your custom post types are using the same Capability type. If you are creating them with Custom Post Type UI, this is setting the capability type to "post" rather than any capability specific to that custom content type. This is rather dangerous for managing custom capabilities, but I understand why the author has chosen to do this (to make it easier to manage who can control posts of that type).
To fix the issue, all you need to do is go to "Custom Post Types | Manage Post Types" admin menu page. Click "edit" on each post type. Then click "View Advanced Options" and set "Capability Type" to something specific to that post type. To be internally semantically correct, I'd recommended the post type name in singular form, so for a post type "movies" set the capability type to "movie".
If you are not using Custom Post Type and you have created the custom post types yourself, you will need to change the capability type in the code. The easiest way to do this is not to set the capability at all as WordPress has a sensible default of "edit_(post_type_name)_post" which will work perfectly with Map Cap.
Hope that helps.
anointed
commented
14 years ago Thank you.
You are correct, I register all of my custom post types myself and did indeed have the capability set: 'capability_type' => 'page',
When I get home I will make the changes needed and report back if I still have issues, although I'm guessing all should be well once I make the changes.
thenbrent
commented
14 years ago Excellent. By just removing that line, WordPress will take care of the capabilities internally and you can successfully use Map Cap to determine who can do what.
One caveat, make sure you remove all custom post type capabilities for custom roles and if you have edited the capabilities of any of the built-in WP roles (contributor, subscriber etc.) for your custom post types that you make sure these have the correct permissions before deleting 'capability_type' => 'page'. If you don't, you might find contributors/authors/editors or even admins have unexpected abilities to publish/edit pages. You can always use the "Members" plugin to fixup individual capabilities later on if needed.
I have 7 different post_types registered on my demo site. I also have created a number of custom roles using Justin Tadlock's plugin from: http://wordpress.org/extend/plugins/members/
The problem:
this is reproducible on every site I have tried the plugin on. Using wp 3.0.1multisites.
I have no problem providing access to a demo site so you can see the problem.