[wp-trac] [WordPress Trac] #38276: "Is thing public" API

WordPress Trac noreply at wordpress.org
Tue Oct 11 13:55:25 UTC 2016 

#38276: "Is thing public" API
-----------------------------+------------------------------
 Reporter:  jdgrimes         |       Owner:
     Type:  feature request  |      Status:  new
 Priority:  normal           |   Milestone:  Awaiting Review
Component:  Role/Capability  |     Version:  trunk
 Severity:  normal           |  Resolution:
 Keywords:                   |     Focuses:
-----------------------------+------------------------------

Comment (by jdgrimes):

 Taking a look at [https://codex.wordpress.org/Roles_and_Capabilities the
 list of core capabilities], I have confirmed that `read` is pretty unique.
 The only other caps that would really relate at all to read and not just
 create/update/delete actions would be `list_users` and perhaps the
 `manage_*` caps.

 That is just useful information to consider in determining the ultimate
 scope of this ticket. The most narrow scope would be to create an
 `is_post_public()` function, that only works for posts and returns a
 boolean value. The broadest scope would be to create an
 `is_thing_accessible()` function, that works for all types of objects and
 determines whether the object is accessible to a particular user, not just
 whether the object is public. In between the two extremes would be the
 `is_post_accessible()` and `is_thing_public()` functions.

 The fact that only the posts really have a `read` capability might
 indicate that while a broader API is useful, in terms of core it isn't
 really needed. However, we could also look at that conversely: if we are
 going to do an `is_thing_public()` API as opposed to just an
 `is_post_pubic()` API, it makes sense to go full-blown
 `is_thing_accessible()`. Because for non-post objects, there is no
 `current_user_can( 'read_other_object' )` to fall back to for providing
 more granular accessibility checking for logged-in users, like there would
 be the `read_post` cap for posts. In other words, we'd be able to do a
 basic check as to whether something is public, but we wouldn't be able to
 check whether a particular user could still view that non-public thing.
 Unless of course we add more read-type caps to capability API for other
 objects. But honestly I don't know that we want to encourage that.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/38276#comment:5>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list