edit_posts capability being demanded

[carlomanf]

Yet again the capabilities are causing trouble. While adding a workaround solution for core ticket #52043, I noticed that the edit_posts capability is being demanded for some admin pages that shouldn't require it:

• The "Add New" page for any funnel type
• The listing page for a funnel type, in the event that it's the only funnel type the user can edit and they don't have the capability to create new funnel types

I am yet to locate the edit_posts capability check that is guarding these pages, but I could verify that adding edit_posts to the user opened the admin pages up again.

The following questions will be useful to answer:

• Was this caused by the core ticket workaround, or did it already happen before?
• Did this already happen before solving Complete user roles implementation #17?
• Does the unmerged patch that solved the core ticket, Collect admin custom-post-type pages to check on user_can_access_admi… WordPress/wordpress-develop#3024, solve this as well?
• Do the two parts to this issue even share the same cause, or are they coincidental?

This looks similar to core ticket #22895, but may not be exactly the same because these post types use the same capability for edit_posts and create_posts. In any case, it would also be worth trying out the workaround described in the ticket description and/or the workaround linked in this comment to see if they solve this. The workaround described in this comment is what was implemented in 9880c88 and it seemed to work well enough.

[carlomanf]

It looks like the unmerged patch for the core ticket, WordPress/wordpress-develop#3024, opened up the "Add New" page again, but it didn't open up the other admin pages that were being denied.

I also noticed that there is actually a third group of admin pages that are being denied, which is all of the "Edit Steps" pages. Again, adding edit_posts opens these up, despite the post types not using the edit_posts capability at all. The patch for the core ticket didn't open them up either.

[carlomanf]

Both the "Add New" and "Edit Steps" pages are demanding edit_posts in v1.3.2 as well, so it looks like this is a long-time issue and not caused by recent commits.

[carlomanf]

• The listing page for a funnel type, in the event that it's the only funnel type the user can edit and they don't have the capability to create new funnel types

Upon closer inspection, it looks like this is indeed the subject of core ticket #22895.

• The "Add New" page for any funnel type

This one is also already reported in core ticket #16808.

I also noticed that there is actually a third group of admin pages that are being denied, which is all of the "Edit Steps" pages. Again, adding edit_posts opens these up, despite the post types not using the edit_posts capability at all.

I couldn't find a core ticket for this one.