WordPress-iOS icon indicating copy to clipboard operation
WordPress-iOS copied to clipboard
verified publisher icon wordpress-mobile

User without list_users capability can list users in post settings

Open yratof opened this issue 3 years ago β€’ 2 comments

Expected behavior

Users with limited roles should not be able to select Author on posts

Actual behavior

Author is not selected in post settings by default, causing post to not allow publish β€”Β going to post settings, limited user is allowed to see ALL USERS on the website.

Steps to reproduce the behavior

Log into Wordpress app with a user has List_users capability revokes, select AUTHOR on a post. See list of authors

Here is the log from the app with site redacted for now (WORDPRESSWEBSITE)

2022-11-21 09:48:42:052 πŸ”΅ Tracked: editor_post_publish_now_tapped <>
2022-11-21 09:48:42:072 πŸ”΅ Tracked: editor_post_published <editor_source: gutenberg, has_gutenberg_blocks: 1, has_wp_stories_blocks: 0, post_type: post, with_categories: 0, with_photos: 0, with_tags: 0, with_videos: 0, word_count: 0>
2022-11-21 09:48:42:083 πŸ”΅ Tracked: editor_session_end <blog_type: core, content_type: new, editor: gutenberg, entry_point: postsList, has_unsupported_blocks: 0, outcome: publish, post_type: post, session_id: E1719E29-945C-48B6-B936-BD6E8BAF5256>
2022-11-21 09:48:42:101 πŸ”΅ Tracked: editor_closed <editor_source: gutenberg, has_gutenberg_blocks: 1, has_wp_stories_blocks: 0>
2022-11-21 09:48:46:399 Failed syncing publicize connections for blog https://WORDPRESSWEBSITE: WordPress.SharingService.SharingServiceError.siteWithNoRemote
2022-11-21 09:48:46:402 Failed updating plans: (null)
2022-11-21 09:48:46:402 Failed checking domain credit for site https:/WORDPRESSWEBSITE: Error Domain=PlanService Code=0 "Unable to update plan prices. There is a problem with the supplied blog." UserInfo={NSLocalizedDescription=Unable to update plan prices. There is a problem with the supplied blog.}
2022-11-21 09:48:46:979 FAB: failed creating BloggingPromptsService instance.
2022-11-21 09:48:46:980 πŸ”΅ Tracked
Tested on [device], iOS [version], WPiOS [version]

iPhone 13PRO iOS 16.0 WPiOS 21.1

yratof avatar Nov 21 '22 08:11 yratof

@dvdchr Not sure how to label this issue correctly, can you assist?

yratof avatar Nov 25 '22 10:11 yratof

Hi @yratof ! πŸ‘‹πŸΌ Thanks for reporting, and I appreciate you posting the logs from the app. That's cool! πŸ™‚

I've labeled the issue properly for now, and we will take a look at the issue.

dvdchr avatar Nov 25 '22 11:11 dvdchr