[wp-trac] [WordPress Trac] #37580: Users who cannot set the Front page or Posts page should not be able to delete these pages
WordPress Trac
noreply at wordpress.org
Fri Aug 5 09:01:25 UTC 2016
#37580: Users who cannot set the Front page or Posts page should not be able to
delete these pages
-----------------------------+-----------------------------
Reporter: JakePT | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Role/Capability | Version: trunk
Severity: normal | Keywords:
Focuses: |
-----------------------------+-----------------------------
Setting the Posts page and Front page requires the manage_options
capability, so by default is restricted to Administrators (and/or Super
Administrators? I'm not terribly familiar with Multisite). However users
with the Editor role are able to delete these pages, as they have the
delete_pages, delete_published_pages and delete_others_pages capabilities.
The problems with this are that, firstly, it means they effectively have
the capability to change the values of these settings that should be for
users with manage_options to set, and secondly, it means editor users can
make a mistake that they cannot undo. A pretty major one as far as a
site's content is concerned. This can particularly be a problem for users
who are effectively the main administrators of their sites, but are
running on lower capabilities because that's how their web developer
supports the site.
Here's a support thread where someone's run into this issue:
https://wordpress.org/support/topic/restored-trashed-blog-page-now-
previously-published-blog-posts-not-viewable
--
Ticket URL: <https://core.trac.wordpress.org/ticket/37580>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list