[wp-trac] Re: [WordPress Trac] #5858: "read" only user accounts are
shown too much on the dashboard
WordPress Trac
wp-trac at lists.automattic.com
Thu Feb 28 01:32:20 GMT 2008
#5858: "read" only user accounts are shown too much on the dashboard
-----------------------------------+----------------------------------------
Reporter: Viper007Bond | Owner: mdawaffe
Type: defect | Status: assigned
Priority: normal | Milestone: 2.5
Component: Administration | Version: 2.5
Severity: normal | Resolution:
Keywords: has-patch 2nd-opinion |
-----------------------------------+----------------------------------------
Changes (by mdawaffe):
* keywords: needs-patch => has-patch 2nd-opinion
* status: new => assigned
Comment:
5858.diff adds some cap checks to the dashboard and the dashboard widgets.
My philosophy:
1. If the info is publicly accessible (e.g. via feeds), show the info.
2. If not, show the info only to those with the appropriate cap.
3. Don't show links that are not accessible to the logged in user.
So, on the dashboard, a subscriber would be able to see:
1. How many posts, but not how many pages or drafts.
2. How many categories/tags.
3. No links that point elsewhere in the admin section.
A subscriber would be able to see the following dashboard widgets.
1. Recent comments (available through feeds) but no links to moderation.
2. Incoming links (available via google, technorati, ...).
3. Primary feed (wordpress.org/development/feed).
4. Secondary feed (the planet).
5. Not the plugins widget. It's publicly available info (so I'm going
against my philosophy), but it may contain other stuff later like "install
now" links or other things that are actions rather than just pieces of
information.
Dashboard widgets already have the {{{edit_dashboard}}} cap check for the
little "Edit" links.
--
Ticket URL: <http://trac.wordpress.org/ticket/5858#comment:2>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list