[wp-trac] [WordPress Trac] #12498: wp permissions (was: wp_write_post permissions)

WordPress Trac wp-trac at lists.automattic.com
Wed Mar 3 23:33:19 UTC 2010 

#12498: wp permissions
--------------------------+-------------------------------------------------
 Reporter:  ceenz         |       Owner:             
     Type:  defect (bug)  |      Status:  new        
 Priority:  normal        |   Milestone:  3.0        
Component:  Post Types    |     Version:  3.0        
 Severity:  normal        |    Keywords:  needs-patch
--------------------------+-------------------------------------------------

Comment(by ceenz):

 Discussion carried on from #9674.
 I bring this up to highlight the current limitation of Roles and
 Capabilities in WP. In the above example while pages and posts appear
 distinct they are just different content types. current_user_can(
 'edit_post', $post_ID ) is just looking at the $post_ID an whether or not
 the current user has the right to edit that individual content instance.

 current_user_can( 'edit_posts' ) on the other hand is looking at whether
 or not the user has the privilege to edit content of the type 'post', as
 does 'edit_pages' etc.

 I believe that the current designation of user capabilities need to be
 changed so that all available 'content types' can be assigned as different
 capabilities and roles.

 I suggest that checking user capabilities such as 'edit_posts', and
 'edit_pages' be replaced with a singular function call such
 current_user_can( 'edit_type', $content_type_ID ).

 This can be repeated with other current user capabilities such as:
 edit_published_pages edit_published_posts

 EG: change to current_user_can( 'edit_published_type', $content_type_ID )

 delete_pages delete_posts

 EG: change to current_user_can( 'delete_type', $content_type_ID )

 publish_pages publish_posts

 EG: change to current_user_can( 'publish_type', $content_type_ID )

 These changes would also mean that when a custom content type is created /
 managed / deleted (etc) the user permissions for that type would also have
 to be set / managed / deleted (etc).

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/12498#comment:2>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list