[wp-trac] Re: [WordPress Trac] #5858: "read" only user accounts are shown too much on the dashboard

WordPress Trac wp-trac at lists.automattic.com
Thu Feb 28 01:32:20 GMT 2008

#5858: "read" only user accounts are shown too much on the dashboard
 Reporter:  Viper007Bond           |        Owner:  mdawaffe
     Type:  defect                 |       Status:  assigned
 Priority:  normal                 |    Milestone:  2.5     
Component:  Administration         |      Version:  2.5     
 Severity:  normal                 |   Resolution:          
 Keywords:  has-patch 2nd-opinion  |  
Changes (by mdawaffe):

  * keywords:  needs-patch => has-patch 2nd-opinion
  * status:  new => assigned


 5858.diff adds some cap checks to the dashboard and the dashboard widgets.
 My philosophy:

  1. If the info is publicly accessible (e.g. via feeds), show the info.
  2. If not, show the info only to those with the appropriate cap.
  3. Don't show links that are not accessible to the logged in user.

 So, on the dashboard, a subscriber would be able to see:

  1. How many posts, but not how many pages or drafts.
  2. How many categories/tags.
  3. No links that point elsewhere in the admin section.

 A subscriber would be able to see the following dashboard widgets.

  1. Recent comments (available through feeds) but no links to moderation.
  2. Incoming links (available via google, technorati, ...).
  3. Primary feed (wordpress.org/development/feed).
  4. Secondary feed (the planet).
  5. Not the plugins widget.  It's publicly available info (so I'm going
 against my philosophy), but it may contain other stuff later like "install
 now" links or other things that are actions rather than just pieces of

 Dashboard widgets already have the {{{edit_dashboard}}} cap check for the
 little "Edit" links.

Ticket URL: <http://trac.wordpress.org/ticket/5858#comment:2>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list