[wp-trac] [WordPress Trac] #17255: More statuses (like draft and/or private) for media files

WordPress Trac noreply at wordpress.org
Tue Sep 27 22:05:03 UTC 2016 

#17255: More statuses (like draft and/or private) for media files
--------------------------+-----------------------------
 Reporter:  jane          |       Owner:
     Type:  defect (bug)  |      Status:  new
 Priority:  normal        |   Milestone:  Future Release
Component:  Media         |     Version:  3.1
 Severity:  normal        |  Resolution:
 Keywords:  needs-patch   |     Focuses:
--------------------------+-----------------------------

Comment (by joemcgill):

 It seems that are several use cases to consider here.

 The one that has been covered most clearly thus far (and the most obvious)
 is how to limit visibility to the actual media files on the fileserver. I
 agree with @aaroncampbell that we don't want to load WP each time a
 browser requests a media asset and I also agree with reservations about
 custom .htaccess solutions. Something like @johnbillion + @pento describes
 is probably the right way to go here if we want to limit visibility to the
 actual files, but I'm not convinced this is a requirement for most
 WordPress sites, so it may be ok to leave this as plugin material.

 Another use case to consider, which I believe we can address, is how we
 expose post/meta data about an attachment whenever the attachment has a
 post status of 'private' or 'draft' (either directly, or by inheriting
 post status from its parent). We currently seem to be inconsistent about
 what information we make private and what is public. For example,
 attachments that are attached to private posts still show up in the media
 library for authors who are not able to read the post the attachment is
 attached to. We addressed some related UI issues in #37186, but that
 didn't address the root issue. I wonder if inheriting some capabilities
 from the post parent would be worth pursuing, as it could fix issues like
 #36370.

 Similar concerns have also come up with the REST API project when deciding
 what data should be protected whenever an attachment attached to a private
 post is set as the featured image of a public post.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/17255#comment:20>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list