[wp-xmlrpc] Re: [wp-hackers] XMLRPC rework

Joseph Scott joseph at randomnetworks.com
Tue Sep 4 04:47:27 GMT 2007


On Sep 2, 2007, at 8:39 AM, Daniel Jalkut wrote:

> On Aug 31, 2007, at 2:51 PM, Joseph Scott wrote:
>
>> When returning post data I'd suggest limiting it to anyone that  
>> can edit the post (the post author and anyone with editor and  
>> administrator role).  This would make any of the methods that  
>> return post data do the same sort of checks that mw_editPost  
>> does.  Is there any reason why a user who can't edit a post should  
>> still be able to get the post data via XML-RPC?
>
> I'm not too familiar with the roles in WP, but I can imagine a  
> collaborative environment where it makes sense to be able to fetch  
> posts which you can't edit, in order to have context for editing/ 
> submitting posts of one's own.
>
> So the user should be able to fetch any post from XML-RPC that they  
> would be able to browse in "Manage Posts" from wp-admin.


That seems reasonable.


--
Joseph Scott
http://joseph.randomnetworks.com/




More information about the wp-xmlrpc mailing list