[wp-trac] [WordPress Trac] #40340: "Attach to existing content" modal shows posts and pages of other users
WordPress Trac
noreply at wordpress.org
Tue Apr 4 16:22:10 UTC 2017
#40340: "Attach to existing content" modal shows posts and pages of other users
-----------------------------+------------------------------
Reporter: menakas | Owner:
Type: defect (bug) | Status: reopened
Priority: normal | Milestone: Awaiting Review
Component: Role/Capability | Version: 4.7.3
Severity: normal | Resolution:
Keywords: has-screenshots | Focuses: ui
-----------------------------+------------------------------
Comment (by menakas):
Firstly, at the very least, I would expect the private posts of other
users to not be displayed. As of now, other users' private posts are also
displayed.
Secondly, should we let implementation concerns affect the interface
design/behavior?
Thirdly, whether user has permissions to attach an image/media or not has
been checked for each image; so why not check for posts too?
Fourth,
a) an editor can attach an image to any public post, so pick all posts and
pages that are not private.
b) an author can attach an image to his posts only, so we can use the
query arg `'author'`
to be current user's id. Perhaps, using `current_user_can` for each post
is not necessary?
--
Ticket URL: <https://core.trac.wordpress.org/ticket/40340#comment:5>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list