[wp-trac] [WordPress Trac] #21386: XML-RPC needs a user permission method
WordPress Trac
noreply at wordpress.org
Fri Sep 12 06:56:53 UTC 2014
#21386: XML-RPC needs a user permission method
--------------------------+-----------------------------
Reporter: markoheijnen | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Future Release
Component: XML-RPC | Version:
Severity: normal | Resolution:
Keywords: mobile | Focuses:
--------------------------+-----------------------------
Comment (by maxcutler):
Replying to [comment:16 markoheijnen]:
> I believe that getPostTypes is the right method since someone could
retrieve all the post types to build up a menu (always wishful thinking
for our mobile apps). I will create a ticket for the REST API to look into
this too. They return get_post_types() which also generates the same
problems.
`wp.getPostTypes` already filters based on caps. Combined with
`wp.getUser`(`s`) which can return an array of roles, a client can get a
pretty good approximation of what the user can do with regards to posts.
It's not perfect, since with some substantial cap logic a plugin/theme
could violate assumptions that a client is making, but for the 90% case
it's adequate. I don't know why the official apps haven't gone down this
road (likely cause they've never seriously adopted the 3.4/3.5
improvements), but I've used it with success for my own (as yet
unpublished) app.
I agree with nacin's comments here, and I don't think it's worth
modifications to XML-RPC at this point. For the REST API you can
reevaluate if you'd like.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/21386#comment:19>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list