[wp-trac] [WordPress Trac] #33306: Only Query for author ID if user is member of blog

WordPress Trac noreply at wordpress.org
Fri Sep 4 21:31:46 UTC 2015


#33306: Only Query for author ID if user is member of blog
-------------------------+-------------------------------------
 Reporter:  sboisvert    |       Owner:
     Type:  enhancement  |      Status:  new
 Priority:  normal       |   Milestone:  Awaiting Review
Component:  Query        |     Version:  4.3
 Severity:  normal       |  Resolution:
 Keywords:               |     Focuses:  multisite, performance
-------------------------+-------------------------------------

Comment (by boonebgorges):

 > The edge cases I'm imagining are very edgy. I could see trying something
 funky with a custom post type, subscribers or a custom role, and
 post_author that also relies on the private flag, but then you're pretty
 far out there.

 Can we talk through this a little bit? I do see some possible
 complications:
 - We should not be literally checking for `current_user_can( 'edit_posts'
 )` - the check needs to be post-type specific.
 - A `WP_Query` can query for multiple post types, and it's possible that a
 user only have the `edit_posts` cap of some of those post types. In this
 case, I think we say: if a user has 'edit_posts' in at least one of the
 post types, add the `post_status` clause for each post type.

 I'm having a hard time concocting a concrete case like the "far out" one
 that you sketched. But, just to be clear, in this case the worst that will
 happen is that certain users with changed roles will not see their legacy
 content, right?

--
Ticket URL: <https://core.trac.wordpress.org/ticket/33306#comment:6>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list