WP_REST_Terms_Controller::create_item_permissions_check did not work as expected

[jihaisse]

Hello

I’ve created few taxonomies with CPTUI and I wanted to specify capabilities for them, so I did it like this :

<?php
function notes_customize_taxonomy($args, $taxonomy_slug)
{
    // These would already be used as default value, but providing as an example.
    // $taxonomy_slug parameter would be the slug of the taxonomy currently being registered.
    $args['capabilities'] = array(
        'manage_terms' => "manage_categories",
        'edit_terms' => "manage_categories",
        'delete_terms' => "manage_categories",
        'assign_terms' => "edit_posts",
    );

    return $args;
}
add_filter('cptui_pre_register_taxonomy', 'notes_customize_taxonomy', 10, 2);

So I imagined that if a user have the permission “edit_posts” he can assign a term to a post, but not create a new one on that taxonomy.

But, in the create_item_permissions_check method, it’s not like this :

<?php

if ( ( is_taxonomy_hierarchical( $this->taxonomy )
            && ! current_user_can( $taxonomy_obj->cap->edit_terms ) )
        || ( ! is_taxonomy_hierarchical( $this->taxonomy )
            && ! current_user_can( $taxonomy_obj->cap->assign_terms ) ) )

The capablility tested is different if the taxonomy is hierarchical or not.
Why ?

Is this realy what is wanted ?

I think this is really confusing. It didn't allow us to have a user who can only assign terms without creating new ones.

[TimothyBlynJacobs]

Hi @jihaisse!

Thanks for opening a ticket and welcome to trac! This is in fact the intentional behavior, and was adjusted this way to match the Classic Editor. You can read the details in #44096.

In this case, if you wanted that behavior, I think the best plan of action would be to subclass the WP_REST_Terms_Controller for your taxonomy, and specify it as the rest_controller_class when registering your taxonomy.