Ticket #3827 (closed defect: fixed)

Opened 2 years ago

Last modified 2 years ago

private posts are not appearing on main page for users with read_private_posts

Reported by: molecularbear Assigned to: anonymous
Priority: normal Milestone: 2.1.3
Component: General Version: 2.1.2
Severity: normal Keywords: has-patch commit
Cc:

Description

I created a new role that is identical to the Author role except that it included the "read_private_posts" and "read_private_pages" capabilities. I expected that people who were assigned the new role would then be able to view all private posts. What happened was that the new role could view private posts via direct link (i.e., permalink), but the private entries would not appear on the main page.

I tracked the issue down to get_posts() in wp-includes/query.php. Basically, there is some code there that will get the private posts if the user has "edit_private_posts". I changed this to "read_private_posts" and seem to have gained the functionality that I was looking for; I also changed "edit_private_posts" to "read_private_posts" for good measure. I have attached a patch that describes this. Is there a reason why these are "edit_" capabilities instead of "read_"?

Attachments

query.patch (405 bytes) - added by molecularbear on 02/21/07 05:38:34.
patch to query.php

Change History

02/21/07 05:38:34 changed by molecularbear

  • attachment query.patch added.

patch to query.php

02/21/07 05:42:27 changed by molecularbear

  • version changed from 2.1 to 2.2.
  • milestone changed from 2.3 to 2.1.2.

Changing to Milestone 2.2 since that seems to be where the action is.

02/21/07 05:43:26 changed by molecularbear

  • version changed from 2.2 to 2.1.

Err, fixing the Version.

02/21/07 15:37:22 changed by molecularbear

Note that the second-to-last sentence in the description should read:

I changed this to "read_private_posts" and seem to have gained the functionality that I was looking for; I also changed "edit_private_pages" to "read_private_pages" for good measure.

There, I think I've finally debugged my bug report.

02/22/07 19:50:14 changed by molecularbear

  • version changed from 2.1 to 2.1.1.

This is still an issue in 2.1.1 and the same patch still applies.

02/23/07 21:26:42 changed by Nazgul

  • keywords changed from read_private_posts to has-patch commit.

02/25/07 13:39:37 changed by markjaquith

  • status changed from new to closed.
  • resolution set to fixed.

(In [4940]) Use correct capabilities checks when determining whether to show private posts. Props molecularbear. fixes #3827

03/06/07 02:16:45 changed by molecularbear

  • status changed from closed to reopened.
  • version changed from 2.1.1 to 2.1.2.
  • resolution deleted.
  • milestone changed from 2.1.2 to 2.1.3.

This was marked to be included in 2.1.2, but the change does not appear to be in the latest source. Reopening in the hopes that the patch will make it into 2.1.3.

03/06/07 08:11:20 changed by Nazgul

This was indeed only comitted to trunk.

03/06/07 17:45:43 changed by ryan

  • status changed from reopened to closed.
  • resolution set to fixed.

(In [4971]) Use correct capabilities checks when determining whether to show private posts. Props molecularbear. fixes #3827