Wp-calypso: FSE: Permission issue when creating page as author or contributor roles
When creating a page on a FSE site (details on p58i-7YJ-p2), using an author or contributor role account, the page doesn't load with this error:
You need a higher level of permission.
Sorry, you are not allowed to create posts as this user.
However, creating pages on a non-FSE site with same roles works fine!
Creating posts on both FSE and non-FSE sites work fine as well!
arunsathiya
All 10 comments
Bumping priority to high to front-load any needed API work.
@apeatling let us know if you had any specific feature requests, but otherwise we'll try to match capabilities expected in wp-admin.
For folks implementing this, note that roles are tied to a list of wp capabilities. Sites may alter what list of capabilities each role has. Sometimes certain API permissions checks may be mis-aligned with what wp-admin actually calls in the backend.
Names can also be misleading, so please verify by reading code :D See also https://github.com/Automattic/wp-calypso/issues/17687 on an example of this happening.
https://wordpress.org/support/article/roles-and-capabilities/
gwwar
on 19 Aug 2019
Yes, this should match the same capabilities that wp-admin uses.
apeatling
on 22 Aug 2019
We currently only allow users with edit_theme_options permission to work with templates. This is the capability which allows the user to use the customizer. Currently, that option is only available to admins and super admins, which is why we have this issue. Which "Capability" should we use for templates? Not sure which one we want. (cc @gwwar @apeatling)
we'll try to match capabilities expected in wp-admin
Not sure what this means - is that different from the below code?
I think all we'll have to do is modify this:
https://github.com/Automattic/wp-calypso/blob/888d4189d35115c6c37dacddbdfcfcabf053db3e/apps/full-site-editing/full-site-editing-plugin/full-site-editing/templates/class-wp-template-inserter.php#L327-L338
noahtallen
on 22 Aug 2019
Ahhh I see I misread the issue description. Maybe it's still related to the above, though, since we would be trying to access the templates when creating a new page. :P
noahtallen
on 22 Aug 2019
I'm also confused - the WP guide says that authors and contributors are not allowed to edit pages. Do we change that on wpcom?
noahtallen
on 22 Aug 2019
I'm also confused - the WP guide says that authors and contributors are not allowed to edit pages. Do we change that on wpcom?
Roles are modifiable to change what capabilities they include per site. I would recommend seeing what's allowed in wp-admin, then mirroring that on the API checks.
So for example as an author, can they visit /wp-admin/edit.php?post_type=page or /wp-admin/edit.php?post_type=wp_template are they able to edit?
gwwar
on 22 Aug 2019
@arunsathiya how did you get in that state? I don't see authors having page list access for a normal Simple Site? Anything else we're missing?
wp-admin is a little unfriendly here, showing the pages in the sidebar, but it returns:
gwwar
on 23 Aug 2019
@arunsathiya @noahtallen I'm going to close this as a no-op, as I think this is expected behavior unless folks have additional steps.
gwwar
on 23 Aug 2019
I'm going to close this as a no-op, as I think this is expected behavior
Looks like this is indeed the expected behaviour; apologies about any confusions earlier!
I am not sure what I did different when I mentioned However, creating pages on a non-FSE site with same roles works fine! in the original report. But that just seems to be incorrect.
arunsathiya
on 28 Aug 2019
No worries @arunsathiya !
gwwar
on 28 Aug 2019
Related issues
ghost
路
3Comments
spen
路
3Comments
rickybanister
路
3Comments
apeatling
路
3Comments
jeherve
路
3Comments
Most helpful comment
@arunsathiya @noahtallen I'm going to close this as a no-op, as I think this is expected behavior unless folks have additional steps.