Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Private posts are hidden from admins in regular post index #1870

Closed
kyleramirez opened this issue Aug 21, 2020 · 9 comments
Closed

Private posts are hidden from admins in regular post index #1870

kyleramirez opened this issue Aug 21, 2020 · 9 comments
Assignees
@oscarssanchez
Labels
confirmed bug wip

Comments

@kyleramirez
Copy link

Describe the bug
As a logged in administrator on a default front page (regular loop of posts), you can normally see private posts in the same list that you can see other public posts. If you log out and become a regular visitor, only the public posts are shown on the page. This is default WordPress functionality. After turning on ElasticPress, those private posts are missing, showing only the public posts, even as a logged in administrator, even though no search query is present. Additionally, when querying /wp-json/api/v2/search?search=anything, no private posts are present.

Steps to Reproduce

  1. As an administrator without ElasticPress plugin enabled, create a new post and mark it as private
  2. While remaining logged in, visit a page where you would see all posts. This could be the front page.
  3. Verify that you can see the private post in the posts list because you are a logged in administrator.
  4. Log out, verify that you cannot see the private post because you are a visitor.
  5. Log back in as an administrator
  6. Enable ElasticPress, visit the same post list page as before.
  7. Verify that you cannot see the private post in the list, even though you are an administrator
  8. Enable the Protected Content setting in the ElasticPress settings page /wp-admin/admin.php?page=elasticpress
  9. Visit the same post list page as before
  10. Verify that you still cannot see the private post in the list, even though you are an administrator

Expected behavior
As an administrator, I should be able to see a mix of public and private posts on my default posts index. ElasticPress should not alter that default query, especially given that no search has occurred.

Environment information

  • Device: MacBook Pro

  • OS: macOS Catalina

  • Browser and version: Chrome 84

  • WordPress version: 5.5

  • Site Health Info: 
     ### wp-core ###

 version: 5.5
 site_language: en_US
 user_language: en_US
 timezone: America/Chicago
 permalink: /%category%/%postname%
 https_status: true
 user_registration: 0
 blog_public: 1
 default_comment_status: open
 multisite: false
 user_count: 1
 dotorg_communication: true

 ### wp-paths-sizes ###

 wordpress_path: ~/Sites/000-config/wordpress
 wordpress_size: loading...
 uploads_path: ./wp-content/uploads
 uploads_size: loading...
 themes_path: ./wp-content/themes
 themes_size: loading...
 plugins_path: ./plugins
 plugins_size: loading...
 database_size: loading...
 total_size: loading...

 ### wp-active-theme ###

 name: Kyle's Work (kyles-work)
 version: 0.1
 author: Kyle Ramirez
 author_website: https://kyles.work
 parent_theme: none
 theme_features: core-block-patterns, title-tag, post-thumbnails, menus
 theme_path: ./wp-content/themes/kyles-work
 auto_update: Disabled

 ### wp-themes-inactive (4) ###

 Twenty Nineteen: version: 1.7, author: the WordPress team,Auto-updates disabled
 Twenty Seventeen: version: 2.4, author: the WordPress team,Auto-updates disabled
 Twenty Sixteen: version: 2.2, author: the WordPress team,Auto-updates disabled
 Twenty Twenty: version: 1.5, author: the WordPress team,Auto-updates disabled

 ### wp-plugins-active (3) ###

 ElasticPress: version: 3.4.3, author: 10up, Auto-updates disabled
 Remove Category URL: version: 1.1.6, author: Valerio Souza, Сreativemotion, Auto-updates disabled
 WP Offload Media Lite: version: 2.4.1, author: Delicious Brains, Auto-updates disabled

 ### wp-media ###

 image_editor: WP_Image_Editor_GD
 imagick_module_version: Not available
 imagemagick_version: Not available
 file_uploads: File uploads is turned off
 post_max_size: 64M
 upload_max_filesize: 64M
 max_effective_size: 64 MB
 max_file_uploads: 20
 gd_version: bundled (2.1.0 compatible)
 ghostscript_version: not available

 ### wp-server ###

 server_architecture: Darwin 19.6.0 x86_64
 httpd_software: Apache/2.4.41 (Unix) LibreSSL/2.8.3
 php_version: 7.3.11 64bit
 php_sapi: apache2handler
 max_input_variables: 1000
 time_limit: 30
 memory_limit: 128M
 admin_memory_limit: 256M
 max_input_time: 60
 upload_max_size: 64M
 php_post_max_size: 64M
 curl_version: 7.64.1 (SecureTransport) LibreSSL/2.8.3
 suhosin: false
 imagick_availability: false
 pretty_permalinks: true
 htaccess_extra_rules: true

 ### wp-database ###

 extension: mysqli
 server_version: 8.0.19
 client_version: mysqlnd 5.0.12-dev - 20150407 - $Id: 7cc7cc96e675f6d72e5cf0f267f48e167c2abb23 $

 ### wp-constants ###

 WP_HOME: undefined
 WP_SITEURL: undefined
 WP_CONTENT_DIR: ~/Sites/000-config/wordpress/wp-content
 WP_PLUGIN_DIR: ~/Sites/000-config/wordpress/wp-content/plugins
 WP_MAX_MEMORY_LIMIT: 256M
 WP_DEBUG: false
 WP_DEBUG_DISPLAY: true
 WP_DEBUG_LOG: false
 SCRIPT_DEBUG: false
 WP_CACHE: false
 CONCATENATE_SCRIPTS: undefined
 COMPRESS_SCRIPTS: undefined
 COMPRESS_CSS: undefined
 WP_LOCAL_DEV: undefined
 DB_CHARSET: utf8
 DB_COLLATE: undefined

 ### wp-filesystem ###

 wordpress: writable
 wp-content: writable
 uploads: writable
 plugins: writable
 themes: writable
@kyleramirez kyleramirez added the type:bug Something isn't working. label Aug 21, 2020
@tlovett1
Copy link
Member

tlovett1 commented Sep 8, 2020

This does seem like a bug. CC @oscarssanchez

@oscarssanchez oscarssanchez self-assigned this Sep 8, 2020
@oscarssanchez
Copy link
Contributor

Hi @kyleramirez,

It looks like this is a duplicate from #1800 could you please confirm this? I also created a PR for this in case this is the same problem: #1813

It would be great if you can try that one out.

Thanks!

@kyleramirez
Copy link
Author

#1813 Seems to have fixed this issue.

@oscarssanchez oscarssanchez mentioned this issue Oct 25, 2020
Open
6 tasks
@lepatachou
Copy link

I think that the capabilities should be used instead of the role.

In my test website, editor can't see private page but can see private post (that setting has been made with “User role editor” plugin).

Thanks !

@johnstonphilip
Copy link

Is there any reason ElasticPress needs to modify the query when a search hasn't taken place?

@oscarssanchez
Copy link
Contributor

Hi @johnstonphilip could you please elaborate ?

@oscarssanchez oscarssanchez added needs discussion and removed type:bug Something isn't working. labels Mar 5, 2021
@oscarssanchez
Copy link
Contributor

Hi @lepatachou ,

This is more intended to mimic the default behavior of WordPress. As an alternative for now I think you could do this by hooking into pre_get_posts and tweaking the post status argument.

@johnstonphilip
Copy link

@oscarssanchez After doing some more digging, it seems that "Protected Content" indexing was turned on, when we didn't want that. By turning it off, all is working as expected. Thanks!

@oscarssanchez
Copy link
Contributor

Closing in favor of #2129

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@oscarssanchez oscarssanchez

Labels
confirmed bug wip
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@tlovett1 @kyleramirez @lepatachou @johnstonphilip @oscarssanchez @mckdemps