[wp-trac] [WordPress Trac] #9674: Better support for custom post types

WordPress Trac wp-trac at lists.automattic.com
Wed Mar 3 23:03:27 UTC 2010 

#9674: Better support for custom post types
------------------------------------+---------------------------------------
 Reporter:  wnorris                 |        Owner:  ryan    
     Type:  task (blessed)          |       Status:  reopened
 Priority:  normal                  |    Milestone:  3.0     
Component:  Administration          |      Version:  2.9     
 Severity:  normal                  |   Resolution:          
 Keywords:  has-patch tested early  |  
------------------------------------+---------------------------------------

Comment(by ceenz):

 Replying to [comment:273 ryan]:
 > Replying to [comment:272 ceenz]:
 > > is current_user_can( 'edit_page', $post_ID ) now a duplication of
 > > current_user_can( 'edit_post', $post_ID ) now with all post types
 being treated the same way?
 >
 > No, each post type can have its own caps.  edit_page is distinct from
 edit_post.

 I bring this up to highlight the current limitation of Roles and
 Capabilities in WP.
 In the above example while pages and posts appear distinct they are just
 different content types. current_user_can( 'edit_post', $post_ID ) is just
 looking at the $post_ID an whether or not the current user has the right
 to edit that individual content instance.

 current_user_can( 'edit_posts' ) on the other hand is looking at whether
 or not the user has the privilege to edit content of the type 'post', as
 does 'edit_pages' etc.

 I believe that the current designation of user capabilities need to be
 changed so that all available 'content types' can be assigned as different
 capabilities and roles.

 I suggest that checking user capabilities such as 'edit_posts', and
 'edit_pages' be replaced with a singular function call such
 current_user_can( 'edit_type', $content_type_ID ).

 This can be repeated with other current user capabilities such as:
 edit_published_pages
 edit_published_posts

 EG: change to current_user_can( 'edit_published_type', $content_type_ID )

 delete_pages
 delete_posts

 EG: change to current_user_can( 'delete_type', $content_type_ID )

 publish_pages
 publish_posts

 EG: change to current_user_can( 'publish_type', $content_type_ID )



 These changes would also mean that when a custom content type is created /
 managed / deleted (etc) the user permissions for that type would also have
 to be set / managed / deleted (etc).

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/9674#comment:274>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list