WordPress.org

Ready to get started?Download WordPress

Forums

Media upload permissions issue (5 posts)

  1. Jeff Sterup
    Member
    Posted 3 years ago #

    I have given my contributor role the file_upload capability. That role can now upload files, which is good and the purpose of me doing this. There is one issue though. When this capability is given they can also edit others media by going to the Media Library tab in the pop up from a post edit screen. They click show and then can edit the title or other meta info and click save all changes. How do I get rid of this functionality? How do I limit the media that this role can see in the media library to their own files?

  2. Chip Bennett
    Theme Review Admin
    Posted 3 years ago #

    Try using the Role Scoper Plugin?

  3. Jeff Sterup
    Member
    Posted 3 years ago #

    I'm using capablity manager plugin which does basically the same thing as role scoper. The problem is with the upload_files capability (which is the minimum capablity I can give the role for file uploads). I think this may be a wordpress flaw. The user should not be able to edit others file meta with this capability but they can if they follow the steps I described.

  4. Chip Bennett
    Theme Review Admin
    Posted 3 years ago #

    Are there other, more specific capabilities that can be used to accomplish what you're trying to accomplish?

    Have you taken a look at the myriad Plugins that enable file-uploading? Maybe they would give you an idea?

  5. Jeff Sterup
    Member
    Posted 3 years ago #

    The upload_files capability is the lowest capability that I can find for uploading files. Not sure which plugin you are referring too that allows uploads. I did come up with a solution to the problem. Here is what I've got so far.

    I added a filter to the pre_get_posts hook and filtered media that the current user isnt the author of by adding to the WP_Query object. Here is a snippet.

    add_filter('pre_get_posts',  'restrict_media');
    
    //$arg is the WP_Query object
    function restrict_media($arg) {
    	global $user_ID;
    	if ($arg->query['post_type'] == 'attachment' && is_admin()) {
    		$arg->query['author'] = $user_ID;
    		$arg->query_vars['author'] = $user_ID;
    	}
    	return $arg;
    
    }

Topic Closed

This topic has been closed to new replies.

About this Topic