[wp-trac] [WordPress Trac] #37580: Users who cannot set the Front page or Posts page should not be able to delete these pages

WordPress Trac noreply at wordpress.org
Fri Aug 5 09:01:25 UTC 2016


#37580: Users who cannot set the Front page or Posts page should not be able to
delete these pages
-----------------------------+-----------------------------
 Reporter:  JakePT           |      Owner:
     Type:  enhancement      |     Status:  new
 Priority:  normal           |  Milestone:  Awaiting Review
Component:  Role/Capability  |    Version:  trunk
 Severity:  normal           |   Keywords:
  Focuses:                   |
-----------------------------+-----------------------------
 Setting the Posts page and Front page requires the manage_options
 capability, so by default is restricted to Administrators (and/or Super
 Administrators? I'm not terribly familiar with Multisite). However users
 with the Editor role are able to delete these pages, as they have the
 delete_pages, delete_published_pages and delete_others_pages capabilities.

 The problems with this are that, firstly, it means they effectively have
 the capability to change the values of these settings that should be for
 users with manage_options to set, and secondly, it means editor users can
 make a mistake that they cannot undo. A pretty major one as far as a
 site's content is concerned. This can particularly be a problem for users
 who are effectively the main administrators of their sites, but are
 running on lower capabilities because that's how their web developer
 supports the site.

 Here's a support thread where someone's run into this issue:
 https://wordpress.org/support/topic/restored-trashed-blog-page-now-
 previously-published-blog-posts-not-viewable

--
Ticket URL: <https://core.trac.wordpress.org/ticket/37580>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list