WordPress.org

Ready to get started?Download WordPress

Forums

Frontend Uploader
[resolved] Capabilities for managing UGC posts (6 posts)

  1. Matthew Spencer
    Member
    Posted 12 months ago #

    In “Manage UGC Posts,” users with the author role are able to make private posts public. The listing of posts is not limited to UGC posts, but all private posts on the site. Typically editing private posts is restricted to the editor and administrator roles.

    This can be problematic when a user is not the post’s author and can make public other’s posts because it bypasses the capabilities of their role. Since the author role does not have access to private posts in the “All Posts” listing, they probably should not in the Manage UGC listing.

    Restricting the functionality to the editor and administrator roles could be accomplished by changing the checks for current_user_can from edit_posts to edit_others_posts. Or perhaps this could be a user configurable option in the Frontend Uploader Settings or with an apply_filters hook.

    http://wordpress.org/plugins/frontend-uploader/

  2. Rinat Khaziev
    Member
    Plugin Author

    Posted 12 months ago #

    I added fu_manage_permissions filter in 0.5.8, checkout FAQ for details: http://wordpress.org/plugins/frontend-uploader/faq/

  3. Matthew Spencer
    Member
    Posted 12 months ago #

    Thank you Rinat! Not sure how I missed that.

  4. Rinat Khaziev
    Member
    Plugin Author

    Posted 12 months ago #

    I just released it :)

  5. Matthew Spencer
    Member
    Posted 12 months ago #

    I have added the add_filter function into my theme’s functions.php, but I am not able to alter the capabilities.

    I think apply_filters is getting called in the plugin before the add_filter in the theme functions can get to it.

    In testing, I dropped the add_filter function into frontend-uploader.php just before and after this line:

    $this->manage_permissions = apply_filters( 'fu_manage_permissions', 'edit_posts' );

    Before it worked, after it failed.

    Is there a way to get around this issue?

  6. Rinat Khaziev
    Member
    Plugin Author

    Posted 12 months ago #

    Hey Matthew,

    Thanks for the catch, you are correct, I attached the filter on plugins_loaded (which fires too early - before theme init). I released a bug fix, it should take care of it.

Reply

You must log in to post.

About this Plugin

About this Topic