[wp-trac] [WordPress Trac] #41332: Introduce dedicated capabilities for managing attachments
WordPress Trac
noreply at wordpress.org
Fri Jul 14 19:01:54 UTC 2017
#41332: Introduce dedicated capabilities for managing attachments
-------------------------+-----------------------------
Reporter: flixos90 | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Media | Version:
Severity: normal | Keywords: 2nd-opinion
Focuses: |
-------------------------+-----------------------------
The capabilities for attachments currently use the regular post
capabilities, so it is impossible to grant users specific attachment
capabilities without giving them the same post capabilities. While this is
fine for WordPress itself, it can be a pain for custom setups which need
specific users to have access to their attachments without them being able
to write a post.
It is rather easy to change that by setting the `capability_type` argument
for the `attachment` post type to `attachment` instead of `post`. To make
this change compatible we could do two things:
* For new setups, we could simply add the necessary capabilities to the
respective roles. Note that this won't work retroactively as it would
require a heavy migration none of us wants to invest their time for. :)
* For existing setups, the necessary capabilities could be granted to
users through a default filter for `'user_has_cap'`, so that it would
basically map back to posts. Custom setups could remove that filter to
invent their own handling of the attachment capabilities.
It might be a bit of a tough idea to have two different ways for this to
work, so if we are too wary of doing it, we could of course only do what I
described in the second point everywhere.
An alternative to the whole thing would be to not change anything but
introduce a filter for the attachment post type's `capability_type`
argument. Otherwise the value would need to be hacked on the already-
registered post object. This solution would clearly lay the responsibility
more on the plugin authors, which might make sense given the benefits do
not really matter for core itself.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/41332>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list