[wp-hackers] XMLRPC rework

Daniel Jalkut jalkut at red-sweater.com
Sun Sep 2 14:39:36 GMT 2007


On Aug 31, 2007, at 2:51 PM, Joseph Scott wrote:

> When returning post data I'd suggest limiting it to anyone that can  
> edit the post (the post author and anyone with editor and  
> administrator role).  This would make any of the methods that return  
> post data do the same sort of checks that mw_editPost does.  Is  
> there any reason why a user who can't edit a post should still be  
> able to get the post data via XML-RPC?

I'm not too familiar with the roles in WP, but I can imagine a  
collaborative environment where it makes sense to be able to fetch  
posts which you can't edit, in order to have context for editing/ 
submitting posts of one's own.

So the user should be able to fetch any post from XML-RPC that they  
would be able to browse in "Manage Posts" from wp-admin.

Daniel


More information about the wp-hackers mailing list