From d488fc7dacfa1ef46392d70b8f3506d8b21b6d17 Mon Sep 17 00:00:00 2001
From: Ian Dunn <iandunn@git.wordpress.org>
Date: Tue, 15 May 2018 20:43:59 +0000
Subject: [PATCH] Privacy: Require `manage_privacy_options` to edit policy
 page.

A user is required to have the `manage_privacy_options` capability in order to determine which page is set as the privacy policy (the `wp_page_for_privacy_policy`). Given that, it doesn't make sense to allow users without that capability to edit or delete the page.

A similar situation exists with the `page_for_posts` and `page_on_front` options, but Editors are allowed to edit those pages. The reason that this situation is different is because it is more likely that an administrator will want to restrict modifications to the privacy policy, than it is that they will want to allow modifications. Modifications to the policy often require specialized knowledge of local laws, and can have implications for compliance with those laws.

Props dlh, desrosj.
Fixes #44079.


git-svn-id: https://develop.svn.wordpress.org/trunk@43286 602fd350-edb4-49c9-b593-d223f7449a82
---
 src/wp-includes/capabilities.php | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/src/wp-includes/capabilities.php b/src/wp-includes/capabilities.php
index 530fe563d8..608ff40625 100644
--- a/src/wp-includes/capabilities.php
+++ b/src/wp-includes/capabilities.php
@@ -121,6 +121,15 @@ function map_meta_cap( $cap, $user_id ) {
 					$caps[] = $post_type->cap->delete_private_posts;
 				}
 			}
+
+			/*
+			 * Setting the privacy policy page requires `manage_privacy_options`,
+			 * so deleting it should require that too.
+			 */
+			if ( (int) get_option( 'wp_page_for_privacy_policy' ) === $post->ID ) {
+				$caps = array_merge( $caps, map_meta_cap( 'manage_privacy_options', $user_id ) );
+			}
+
 			break;
 		// edit_post breaks down to edit_posts, edit_published_posts, or
 		// edit_others_posts
@@ -183,6 +192,15 @@ function map_meta_cap( $cap, $user_id ) {
 					$caps[] = $post_type->cap->edit_private_posts;
 				}
 			}
+
+			/*
+			 * Setting the privacy policy page requires `manage_privacy_options`,
+			 * so editing it should require that too.
+			 */
+			if ( (int) get_option( 'wp_page_for_privacy_policy' ) === $post->ID ) {
+				$caps = array_merge( $caps, map_meta_cap( 'manage_privacy_options', $user_id ) );
+			}
+
 			break;
 		case 'read_post':
 		case 'read_page':