[wp-xmlrpc] Re: [wp-hackers] XMLRPC rework
jalkut at red-sweater.com
Sun Sep 2 14:39:36 GMT 2007
On Aug 31, 2007, at 2:51 PM, Joseph Scott wrote:
> When returning post data I'd suggest limiting it to anyone that can
> edit the post (the post author and anyone with editor and
> administrator role). This would make any of the methods that return
> post data do the same sort of checks that mw_editPost does. Is
> there any reason why a user who can't edit a post should still be
> able to get the post data via XML-RPC?
I'm not too familiar with the roles in WP, but I can imagine a
collaborative environment where it makes sense to be able to fetch
posts which you can't edit, in order to have context for editing/
submitting posts of one's own.
So the user should be able to fetch any post from XML-RPC that they
would be able to browse in "Manage Posts" from wp-admin.
More information about the wp-xmlrpc