[wp-trac] Re: [WordPress Trac] #8234: Users with upload_files
capability
should be able to edit and delete uploaded files without having
the edit_post/delete_post capability
WordPress Trac
wp-trac at lists.automattic.com
Mon Nov 17 13:17:57 GMT 2008
#8234: Users with upload_files capability should be able to edit and delete
uploaded files without having the edit_post/delete_post capability
-------------------------+--------------------------------------------------
Reporter: olethomas | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: 2.8
Component: Upload | Version: 2.7
Severity: normal | Resolution:
Keywords: |
-------------------------+--------------------------------------------------
Comment (by olethomas):
Replying to [comment:1 mrmist]:
> I believe this behaviour was introduced in [9686] to fix an issue where
users could delete media they shouldn't be able to (I.E. belonging to
others).
>
> I wouldn't want that reverted completely.
>
> Of course if the checks can be made more specific, then that's great.
Though you'd have to watch out because if you are talking about deleting /
editing media that's attached to a post then effectively you are editing a
post and it should be checking for edit post ability.
When using Wordpress as a CMS some users only have the edit_pages and
upload_files capability and not edit_post. These users can upload files
and edit them via the upload utility in the "Add new page"-screen but are
restricted from editing their own files via the Media-page. A check for
both edit_pages and edit_post could solve the problem. Don't know if that
would cause other problems.
--
Ticket URL: <http://trac.wordpress.org/ticket/8234#comment:3>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list