[wp-trac] [WordPress Trac] #17255: More statuses (like draft and/or private) for media files
WordPress Trac
noreply at wordpress.org
Wed Jul 5 21:48:46 UTC 2017
#17255: More statuses (like draft and/or private) for media files
--------------------------+-----------------------------
Reporter: jane | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Future Release
Component: Media | Version: 3.1
Severity: normal | Resolution:
Keywords: needs-patch | Focuses:
--------------------------+-----------------------------
Comment (by dougal):
This was discussed on Slack today. My two-cents:
A user who uploads an image (or whatever media) to a private post might
have a reasonable expectation that the image itself would be private, too.
If UserA makes PrivatePostA with AttachmentA, then UserB probably should
not have access to that media from the Media Library.
If UserA (or another user with sufficient capabilities) then creates
PublicPostA, and uses AttachmentA as its Featured Image, it then should
become okay for that attachment to become public in some way. Either by
flagging it public in the posts table, or by creating a duplicate of the
media as a separate attachment, AttachmentA2, as a child of PublicPostA.
Personally, I favor the idea of duplication, because I just feel like we
should reenforce the idea that any child object of a private post should
also be private.
As far as the media URL itself goes (as opposed to the attachment
post/meta in the database), I think it's reasonable to leave that as-is
(with no attempt to protect direct access, even if the related attachment
is private). If extra protections are desired at the media URL level, that
needs to be left to the server or in plugin territory.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/17255#comment:24>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list