[wp-trac] [WordPress Trac] #19834: More Robust Capabilities for Attachments

WordPress Trac wp-trac at lists.automattic.com
Sun Jan 15 20:02:03 UTC 2012 

#19834: More Robust Capabilities for Attachments
-----------------------------+------------------------------
 Reporter:  walkinonwat3r    |       Owner:
     Type:  feature request  |      Status:  new
 Priority:  normal           |   Milestone:  Awaiting Review
Component:  Media            |     Version:
 Severity:  normal           |  Resolution:
 Keywords:  needs-patch      |
-----------------------------+------------------------------

Comment (by DrewAPicture):

 Replying to [comment:6 azaozz]:
 > Replying to [comment:5 DrewAPicture]:
 > > ...Often, you'll have a photo editor or media person adding media to
 already-existing content. They don't need the ability to edit the written
 content but they DO need the ability to upload media and edit that media's
 metadata. And currently, you have to have the edit_posts cap to do that.
 >
 > Not sure this can be achieved without some kind of (advanced) plugin.
 How would a user insert media in a post without being able to edit that
 post?

 In the case I outlined, thumbnails / post images are automatically pulled
 from the post gallery, so the photo people upload the media with all
 associated EXIF data and that's all they have to do. But once they hit
 upload, they can't edit any of the associated metadata for that media
 without giving them `edit_posts`. ''That's'' the problem.

 > Right. We are looking at that from different angles: from user
 trust/security point of view all of these require a "trusted user".
 Further granularity of permissions for different post types seems best
 handled by a plugin (as it is currently).

 This isn't about "further granularity", it's about "should already be
 there but isn't granularity". Users with the `upload_files` cap can upload
 files but not edit them without the `edit_posts` cap. If you're uploading
 to the Media Library outside of post edit, Post and Page permissions
 should have no bearing on whether you have the ability to edit the media
 you just uploaded (see: @walkinonwat3r's comment:ticket:19817:2). It would
 be akin to allowing users to submit posts for review but not allowing them
 to edit their posts after they click submit.

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/19834#comment:7>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list