From c8bb158b12e9b3842a7257c6a06414c230d79720 Mon Sep 17 00:00:00 2001
From: carlomanf <carlomanf@users.noreply.github.com>
Date: Tue, 28 Jun 2022 20:12:26 +1000
Subject: [PATCH] Update capabilities.php

Update capabilities.php based on discussions at https://github.com/WordPress/gutenberg/issues/27597
---
 src/wp-includes/capabilities.php | 110 +++++++++++--------------------
 1 file changed, 39 insertions(+), 71 deletions(-)

diff --git a/src/wp-includes/capabilities.php b/src/wp-includes/capabilities.php
index 595bab102ee84..71b092e54c0e6 100644
--- a/src/wp-includes/capabilities.php
+++ b/src/wp-includes/capabilities.php
@@ -97,22 +97,6 @@ function map_meta_cap( $cap, $user_id, ...$args ) {
 				break;
 			}
 
-			// Handle templates and template parts.
-			if ( in_array( $post_type->name, array( 'wp_template', 'wp_template_part' ), true ) ) {
-				$terms = get_the_terms( $post, 'wp_theme' );
-
-				if ( ! is_wp_error( $terms ) && $terms ) {
-					// Can be handled with the template capabilities.
-					$template_cap = str_replace( 'wp', 'delete', $post_type->name );
-					$template_id = $terms[0]->name . '//' . $post->post_name;
-					return map_meta_cap( $template_cap, $user_id, $template_id );
-				} else {
-					// Template without a theme, fall back to edit_theme_options.
-					$caps[] = 'edit_theme_options';
-					break;
-				}
-			}
-
 			if ( ! $post_type->map_meta_cap ) {
 				$caps[] = $post_type->cap->$cap;
 				// Prior to 3.1 we would re-call map_meta_cap here.
@@ -184,22 +168,6 @@ function map_meta_cap( $cap, $user_id, ...$args ) {
 				break;
 			}
 
-			// Handle templates and template parts.
-			if ( in_array( $post_type->name, array( 'wp_template', 'wp_template_part' ), true ) ) {
-				$terms = get_the_terms( $post, 'wp_theme' );
-
-				if ( ! is_wp_error( $terms ) && $terms ) {
-					// Can be handled with the template capabilities.
-					$template_cap = str_replace( 'wp', 'edit', $post_type->name );
-					$template_id = $terms[0]->name . '//' . $post->post_name;
-					return map_meta_cap( $template_cap, $user_id, $template_id );
-				} else {
-					// Template without a theme, fall back to edit_theme_options.
-					$caps[] = 'edit_theme_options';
-					break;
-				}
-			}
-
 			if ( ! $post_type->map_meta_cap ) {
 				$caps[] = $post_type->cap->$cap;
 				// Prior to 3.1 we would re-call map_meta_cap here.
@@ -269,22 +237,6 @@ function map_meta_cap( $cap, $user_id, ...$args ) {
 				break;
 			}
 
-			// Handle templates and template parts.
-			if ( in_array( $post_type->name, array( 'wp_template', 'wp_template_part' ), true ) ) {
-				$terms = get_the_terms( $post, 'wp_theme' );
-
-				if ( ! is_wp_error( $terms ) && $terms ) {
-					// Can be handled with the template capabilities.
-					$template_cap = str_replace( 'wp', 'read', $post_type->name );
-					$template_id = $terms[0]->name . '//' . $post->post_name;
-					return map_meta_cap( $template_cap, $user_id, $template_id );
-				} else {
-					// Template without a theme, fall back to edit_theme_options.
-					$caps[] = 'edit_theme_options';
-					break;
-				}
-			}
-
 			if ( ! $post_type->map_meta_cap ) {
 				$caps[] = $post_type->cap->$cap;
 				// Prior to 3.1 we would re-call map_meta_cap here.
@@ -330,22 +282,6 @@ function map_meta_cap( $cap, $user_id, ...$args ) {
 				break;
 			}
 
-			// Handle templates and template parts.
-			if ( in_array( $post_type->name, array( 'wp_template', 'wp_template_part' ), true ) ) {
-				$terms = get_the_terms( $post, 'wp_theme' );
-
-				if ( ! is_wp_error( $terms ) && $terms ) {
-					// Can be handled with the template capabilities.
-					$template_cap = str_replace( 'wp', 'edit', $post_type->name );
-					$template_id = $terms[0]->name . '//' . $post->post_name;
-					return map_meta_cap( $template_cap, $user_id, $template_id );
-				} else {
-					// Template without a theme, fall back to edit_theme_options.
-					$caps[] = 'edit_theme_options';
-					break;
-				}
-			}
-
 			$caps[] = $post_type->cap->publish_posts;
 			break;
 		case 'edit_post_meta':
@@ -681,7 +617,8 @@ function map_meta_cap( $cap, $user_id, ...$args ) {
 			break;
 		case 'create_template':
 		case 'create_template_part':
-			$template = get_block_template( $args[0], 'wp' . substr( $cap, 6 ) );
+			$post_type = str_replace( 'create', 'wp', $cap );
+			$template = get_block_template( $args[0], $post_type );
 			if ( $template ) {
 				// Template can't be created because it already exists.
 				$caps[] = 'do_not_allow';
@@ -690,7 +627,13 @@ function map_meta_cap( $cap, $user_id, ...$args ) {
 
 				// Template ID needs to be valid to be created.
 				if ( 2 === count( $parts ) && '' !== $parts[0] && '' !== $parts[1] ) {
-					$caps[] = 'edit_theme_options';
+					$post_type_object = get_post_type_object( $post_type );
+					if ( $post_type_object ) {
+						$caps[] = $post_type_object->cap->create_posts;
+					} else {
+						// If the post type is not registered, there is no mechanism to create templates.
+						$caps[] = 'do_not_allow';
+					}
 				} else {
 					$caps[] = 'do_not_allow';
 				}
@@ -698,23 +641,48 @@ function map_meta_cap( $cap, $user_id, ...$args ) {
 			break;
 		case 'delete_template':
 		case 'delete_template_part':
-			$template = get_block_template( $args[0], 'wp' . substr( $cap, 6 ) );
+			$template = get_block_template( $args[0], str_replace( 'delete', 'wp', $cap ) );
 			if ( $template && ! $template->has_theme_file ) {
 				// Templates can only be deleted if they have no theme file.
-				$caps[] = 'edit_theme_options';
+				$caps = map_meta_cap( 'delete_post', $user_id, $template->wp_id );
 			} else {
 				$caps[] = 'do_not_allow';
 			}
 			break;
 		case 'edit_template':
 		case 'edit_template_part':
+			$post_type = str_replace( 'edit', 'wp', $cap );
+			$template = get_block_template( $args[0], $post_type );
+			if ( $template ) {
+				if ( $template->wp_id ) {
+					$caps = map_meta_cap( 'edit_post', $user_id, $template->wp_id );
+				} else {
+					$post_type_object = get_post_type_object( $post_type );
+					if ( $post_type_object ) {
+						// Editing a template from the theme means creating a new post.
+						$caps[] = $post_type_object->cap->create_posts;
+					} else {
+						// If the post type is not registered, there is no mechanism to edit templates.
+						$caps[] = 'do_not_allow';
+					}
+				}
+			} else {
+				// Template can't be edited if it doesn't exist.
+				$caps[] = 'do_not_allow';
+			}
+			break;
 		case 'read_template':
 		case 'read_template_part':
-			$template = get_block_template( $args[0], 'wp' . substr( $cap, 4 ) );
+			$template = get_block_template( $args[0], str_replace( 'read', 'wp', $cap ) );
 			if ( $template ) {
-				$caps[] = 'edit_theme_options';
+				if ( $template->wp_id ) {
+					$caps = map_meta_cap( 'read_post', $user_id, $template->wp_id );
+				} else {
+					// Reading a template directly from the theme.
+					$caps[] = 'edit_theme_options';
+				}
 			} else {
-				// Template can't be read or edited if it doesn't exist.
+				// Template can't be read if it doesn't exist.
 				$caps[] = 'do_not_allow';
 			}
 			break;