[wp-trac] [WordPress Trac] #60375: Site Transfer Protocol
WordPress Trac
noreply at wordpress.org
Sat Feb 24 12:44:11 UTC 2024
#60375: Site Transfer Protocol
-------------------------+------------------------------
Reporter: zieladam | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Import | Version:
Severity: normal | Resolution:
Keywords: | Focuses:
-------------------------+------------------------------
Comment (by zieladam):
About site-to-site sync, I want to surface a future access control problem
to discuss. Imagine syncing a WordPress site into a mobile app where a
collaborator of that site is logged in. Is it possible to build an access
control layer that limits the sync to only the data that subscriber is
supposed to read and modify?
My gut feeling is: no. The sync needs to be restricted to site admins.
Let's discuss the two synchronization angles here:
* Writing the data. WordPress uses use-case oriented capabilities. Sync
would use database rows and columns. The two models don’t work together.
This can theoretically be solved, though, by implementing row– and column–
level write restrictions.
* Reading the data. From the database perspective, WordPress demands full
access even if it limits what the users may read. To render the site,
WordPress uses site options, post meta, plugin tables, and so on.
I don’t think reading permissions can be solved. I just don’t see a way to
run a WordPress site using just the subset of data subscribers have access
to. If anyone can think of a solution, let's discuss.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/60375#comment:15>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list