[wp-trac] [WordPress Trac] #12498: wp permissions (was: wp_write_post permissions)
WordPress Trac
wp-trac at lists.automattic.com
Wed Mar 3 23:33:19 UTC 2010
#12498: wp permissions
--------------------------+-------------------------------------------------
Reporter: ceenz | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: 3.0
Component: Post Types | Version: 3.0
Severity: normal | Keywords: needs-patch
--------------------------+-------------------------------------------------
Comment(by ceenz):
Discussion carried on from #9674.
I bring this up to highlight the current limitation of Roles and
Capabilities in WP. In the above example while pages and posts appear
distinct they are just different content types. current_user_can(
'edit_post', $post_ID ) is just looking at the $post_ID an whether or not
the current user has the right to edit that individual content instance.
current_user_can( 'edit_posts' ) on the other hand is looking at whether
or not the user has the privilege to edit content of the type 'post', as
does 'edit_pages' etc.
I believe that the current designation of user capabilities need to be
changed so that all available 'content types' can be assigned as different
capabilities and roles.
I suggest that checking user capabilities such as 'edit_posts', and
'edit_pages' be replaced with a singular function call such
current_user_can( 'edit_type', $content_type_ID ).
This can be repeated with other current user capabilities such as:
edit_published_pages edit_published_posts
EG: change to current_user_can( 'edit_published_type', $content_type_ID )
delete_pages delete_posts
EG: change to current_user_can( 'delete_type', $content_type_ID )
publish_pages publish_posts
EG: change to current_user_can( 'publish_type', $content_type_ID )
These changes would also mean that when a custom content type is created /
managed / deleted (etc) the user permissions for that type would also have
to be set / managed / deleted (etc).
--
Ticket URL: <http://core.trac.wordpress.org/ticket/12498#comment:2>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list