Check for delete_post instead of manage_options

We were checking for manage_options to know whether the user can view the edit page, and for delete_post when handling form submission. We will now standardise on checking for delete_post in all places.
WordPress · Apr 18, 2024 · 8f2004c · 8f2004c
1 parent 8e43ac2
commit 8f2004c
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 3 deletions.
diff --git a/includes/event/event-capabilities.php b/includes/event/event-capabilities.php
@@ -130,7 +130,7 @@ private function has_delete( WP_User $user, Event $event ): bool {
 			return false;
 		}
 
-		if ( user_can( $user->ID, 'manage_options' ) ) {
+		if ( user_can( $user->ID, 'delete_post', $event->id() ) ) {
 			return true;
 		}
 

diff --git a/tests/event/event-capabilities.php b/tests/event/event-capabilities.php
@@ -105,15 +105,15 @@ public function test_cannot_delete_if_cannot_edit() {
 		$this->assertFalse( user_can( $non_author_user_id, 'delete_translation_event', $event_id ) );
 	}
 
-	public function test_cannot_delete_without_manage_options_capability() {
+	public function test_cannot_delete_without_delete_post_capability() {
 		$this->set_normal_user_as_current();
 
 		$event_id = $this->event_factory->create_active();
 
 		$this->assertFalse( current_user_can( 'delete_translation_event', $event_id ) );
 	}
 
-	public function test_can_delete_with_manage_options_capability() {
+	public function test_can_delete_with_delete_post_capability() {
 		$this->set_admin_user_as_current();
 
 		$event_id = $this->event_factory->create_active();