[wp-xmlrpc] Re: [wp-hackers] XMLRPC rework
Joseph Scott
joseph at randomnetworks.com
Tue Sep 4 04:47:27 GMT 2007
On Sep 2, 2007, at 8:39 AM, Daniel Jalkut wrote:
> On Aug 31, 2007, at 2:51 PM, Joseph Scott wrote:
>
>> When returning post data I'd suggest limiting it to anyone that
>> can edit the post (the post author and anyone with editor and
>> administrator role). This would make any of the methods that
>> return post data do the same sort of checks that mw_editPost
>> does. Is there any reason why a user who can't edit a post should
>> still be able to get the post data via XML-RPC?
>
> I'm not too familiar with the roles in WP, but I can imagine a
> collaborative environment where it makes sense to be able to fetch
> posts which you can't edit, in order to have context for editing/
> submitting posts of one's own.
>
> So the user should be able to fetch any post from XML-RPC that they
> would be able to browse in "Manage Posts" from wp-admin.
That seems reasonable.
--
Joseph Scott
http://joseph.randomnetworks.com/
More information about the wp-hackers
mailing list