Opened 4 hours ago
Closed 87 minutes ago
#49741 closed defect (bug) (invalid)
WP_REST_Terms_Controller::create_item_permissions_check did not work as expected
| Reported by: |  | Owned by: | |
|---|---|---|---|
| Milestone: | Priority: | normal | |
| Severity: | normal | Version: | 4.9.8 | 
| Component: | REST API | Keywords: | |
| Focuses: | rest-api | Cc: | 
Description
Hello
I’ve created few taxonomies with CPTUI and I wanted to specify capabilities for them, so I did it like this :
<?php function notes_customize_taxonomy($args, $taxonomy_slug) { // These would already be used as default value, but providing as an example. // $taxonomy_slug parameter would be the slug of the taxonomy currently being registered. $args['capabilities'] = array( 'manage_terms' => "manage_categories", 'edit_terms' => "manage_categories", 'delete_terms' => "manage_categories", 'assign_terms' => "edit_posts", ); return $args; } add_filter('cptui_pre_register_taxonomy', 'notes_customize_taxonomy', 10, 2);
So I imagined that if a user have the permission “edit_posts” he can assign a term to a post, but not create a new one on that taxonomy.
But, in the create_item_permissions_check method, it’s not like this :
<?php if ( ( is_taxonomy_hierarchical( $this->taxonomy ) && ! current_user_can( $taxonomy_obj->cap->edit_terms ) ) || ( ! is_taxonomy_hierarchical( $this->taxonomy ) && ! current_user_can( $taxonomy_obj->cap->assign_terms ) ) )
The capablility tested is different if the taxonomy is hierarchical or not.
Why ?
Is this realy what is wanted ?
I think this is really confusing. It didn't allow us to have a user who can only assign terms without creating new ones.
Change History (1)
    
      
    #1
  
    
        
          
             @
 @
            
87 minutes ago
        
    
  
  
  - Component changed from General to REST API
- Milestone Awaiting Review deleted
- Resolution set to invalid
- Status changed from new to closed
- Version changed from trunk to 4.9.8
Note: See
        TracTickets for help on using
        tickets.
    
 
                       
                
                       
			     
			 
                
Hi @jihaisse!
Thanks for opening a ticket and welcome to trac! This is in fact the intentional behavior, and was adjusted this way to match the Classic Editor. You can read the details in #44096.
In this case, if you wanted that behavior, I think the best plan of action would be to subclass the
WP_REST_Terms_Controllerfor your taxonomy, and specify it as therest_controller_classwhen registering your taxonomy.