[Plugin: Members] Editing published posts

  • tomdaquino

    (@tomdaquino)


    11 years, 11 months ago

    I’m using the Members plugin and I need a capability that allows users to edit their own published posts but not anyone else’s published posts. Is this possible?

    If I add the edit_published_posts capability to a role, members of that role can edit anyone’s published posts. If I include the edit_posts capability for the role and don’t include the edit_published_posts capability, members of the role can only edit their own posts but if their post is published, they cannot edit it.

    Am I missing something?

    Thanks,
    Tom

    http://wordpress.org/extend/plugins/members/

Viewing 2 replies - 1 through 2 (of 2 total)
  • Thread Starter tomdaquino

    (@tomdaquino)

    11 years, 11 months ago

    Ok, some clarification is in order. It seems as though I am running into a bug that exposes a bit of a security hole but I’m not exactly sure where the bug is coming from (i.e. which plugin has introduced it).

    I’m using the Gravity Forms plugin to create posts from a form.
    I’m using the Gravity Forms + Edit Post plugin to allow posters to edit their posts through a form.

    If I enter the URL for editing a post through the form and provide a post ID for a post that does not belong to me, I am able to see and make changes to the post through the edit post form.

    If I use the standard wp-admin edit post page and provide the ID of a post that does not belong to me, I get a message indicating that I am not allowed to edit the post. So maybe the issue is that the Gravity Forms + Edit Post plugin is somehow bypassing the role permissions established for my user.

    Any thoughts would be much appreciated.

    -Tom

    Thread Starter tomdaquino

    (@tomdaquino)

    11 years, 11 months ago

    Since I last posted this, I have learned that the Gravity Forms Update Post plugin requires filters to limit what users can do while editing posts so the issue I mentioned above really has nothing to do with the Members plugin.

    Thanks,
    Tom

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘[Plugin: Members] Editing published posts’ is closed to new replies.