wp-graphql doesn't respect user capabilities for viewing private posts #2859
Labels
Component: Connections
Issues related to connections
Status: 🚀 Actionable
Issues that have been curated, have enough info to take action, and are ready to be worked on
Type: Bug
Something isn't working
Description
Hello, wp-graphql seems to not respect user capabilities for viewing private posts. We have a user with capabilities: "read_private_posts" and "read_private_pages", which are added to the user at the time of its creation, if it passes some conditions
and when i try to make an authorized request as this user with a query like this
it returns published posts but no private posts, and WPs own front-end shows them in the main loop query, without any additional modifications to the query, which indicates that the capabilities work as expected. Is this a bug, or i missing something?
Steps to reproduce
This is how we add the capabilities
Additional context
No response
WPGraphQL Version
1.14.7
WordPress Version
6.2.2
PHP Version
7.4.26
Additional enviornment details
WPGraphQL JWT Authentication 0.7.0 - plugin is active
Please confirm that you have searched existing issues in the repo.
Please confirm that you have disabled ALL plugins except for WPGraphQL.
The text was updated successfully, but these errors were encountered: