WordPress.org

Ready to get started?Download WordPress

Forums

Users CAN edit each others posts by default? (16 posts)

  1. dherren
    Member
    Posted 10 years ago #

    I can't believe that this is the default, so something is obviously wrong with my configuration.
    Again, for the blog for my high school spanish students, the Edit this link appears on all posts, even if the current user isn't the owner of the post. It's only been two days, but they're already sabotaging each other's posts and adding and deleting stuff.
    This isn't the way it's supposed to work, is it?

  2. lawtai
    Member
    Posted 10 years ago #

    heh I actually think that is how it's supposed to work. Not sure if there are ways to change it though.

  3. Mark (podz)
    Support Maven
    Posted 10 years ago #

    With the right to blog on your setup also comes the responsibility.
    All equal users, or equal users can edit posts as far as I know.
    Me ? I'd ban them for a while .. not ideal I know.

  4. dherren
    Member
    Posted 10 years ago #

    If other users can comment on posts, why was the design decision made to allow users to edit each others posts? Why have users at all if it's just a free for all?
    I would say this is a pretty serious flaw. Is this a common feature of other blog software?
    How hard would it be to tweak the code to prevent this so only the original poster can edit?

  5. Mark (podz)
    Support Maven
    Posted 10 years ago #

    WordPress is a "personal publishing platform" and is not - as yet - suited for or aimed at multi-user environments.
    Some people do use it in that way, but obviously with varying user levels and it does have it's limitations.
    I would agree it was a flaw if WP was promoted as suited for the type of use you need, but it isn't. That may happen in the future, but it's not here now.
    I don't code, so I have no idea about your query, sorry.

  6. Beel
    Member
    Posted 10 years ago #

    It is not a free-for-all unless you allow users who behave as such. Users I would allow to post would perhaps correct spelling or grammatical errors, not "trash" "delete" or "sabotage" the posts of others, would be banned if they did, and, if I were their teacher, their grades would reflect such behavior.
    Users can be given varying levels which in some cases, I imagine, might reflect somewhat their level of maturity and upbringing.
    Back with 1.0.2 I tweaked the code to prevent the editing of others' posts on, of all things, a church blog! It wasn't hard and I doubt if it would be much different with 1.2.
    You might also request an option to turn on/off the editing of others' posts

  7. clay
    Member
    Posted 10 years ago #

    They can edit other posts because of the way the permissions levels work.
    The permissions of cumalative in relation to the users permission to do things on the blog- and not in relation to other users.
    If you think of something like a bucket of apples
    What you WANT is to put a bucket of apples in front of each student- 9 students? 9 buckets of apples and they can only eat apples from their own bucket.
    However WordPress is 1 bucket in front of all 9 students

  8. dherren
    Member
    Posted 9 years ago #

    > Back with 1.0.2 I tweaked the code to prevent the editing of others' posts on, of all things, a church blog! It wasn't hard and I doubt if it would be much different with 1.2.
    Do you recall in which file you made the majority of the changes? I'll give it a shot, but anything that could help get me started would be great.

  9. dherren
    Member
    Posted 9 years ago #

    > WordPress is a "personal publishing platform" and is not - as yet - suited for or aimed at multi-user environments.
    before anything, I want to thank everyone for their replies, and podz in particular for his assistance.
    I'm afraid I have to take issue with at least my interpretation of "personal publishing platform" and the implication that WP isn't aimed at multi-user environments. If that were the case, then why have multiple users implemented? Why have multiple user levels? To quote from the About... pages:
    > Multiple authors � WordPress’ highly advanced user system allows up to 10 levels of users, with different levels having different (and configurable) privileges with regard to publishing, editing, options, and other users.
    My read of that is that it's a claim to multi-user and should therefore implement the most basic multi-user feature of all--protection from other users.
    Now all of this sounds like I'm complaining, and I don't want that to be the tenor--I'm basically very happy with this and grateful for the excellent work the authors have done. All of my comments are intended (if poorly expressed) as part of a dialog and a desire to make the tool even better and more flexible.
    Again, thanks one and all

  10. dherren
    Member
    Posted 9 years ago #

    Hey, one more thing... How do you turn on the parsing of comments by markdown? On my default install they aren't parsed but my backticks show up as code entries here.

  11. whiteR
    Member
    Posted 9 years ago #

    User Level 1 can view posts by others but cannot edit or delete them - these options do not appear on their edit page.
    See:
    http://wiki.wordpress.org/User%20Levels

  12. TechGnome
    Moderator
    Posted 9 years ago #

    *sigh*
    dherren - the way it is set up is that users can edit the posts of other users of EQUAL OR LESSER level. Example: A user of level 2 can edit the posts of other Level 2 users, as well as level 1 users. But they can't (or shouldn't) be able to edit say a level 3 user's posts. And as such there is "security" in "regard to publishing, editing, options, and other users."
    It isn't a free for all. It could be if you want it to be, but no one wants that.
    What you seem to want is one bucket with 9 apples, where each person gets one apple, and only their apple.
    TG

  13. Anonymous
    Unregistered
    Posted 9 years ago #

    hello all,
    i think it should be an absolute must for the next update to wp that users of the same level cannot edit other users posts. i want to make a guestblog, with many users of level 1 and i dont want them to edit each others posts. did anybody fo this yet via a mod or some other custome code modification? this would be awesome.
    regards

  14. Anonymous
    Unregistered
    Posted 9 years ago #

    hello all,
    i posted the lkast post as well (time to register i guess) and actually i was quite pissed that wp allows anybody of the same level to edit each others post. i found that not suiting my needs at all. i searched the web forever, and finally came across this post, which helped to do what i wanted. strangely i found it here in this forum, but the guy posted it under an unlikey subject. anyways, here is the link
    http://wordpress.org/support/3/10090
    now wordpress is awesome for me again. thanks to the authors, thanks to davejay to make this little mod and publish it.
    later,

  15. johnnyroxxor
    Member
    Posted 9 years ago #

    I have to agree with dherren. You do not implement multiple user levels and let them edit the same level. The levels below them, yes, but not the same level. That doesn't make sense. The article listed above is very helpful, and just a side point. If you were really meant to be able to edit anyone's post that is of the same level, why can't you edit it(another users post while you are same level) in the WordPress panel, but you can on the mainpage. Its not consistent.

  16. johnnyroxxor
    Member
    Posted 9 years ago #

    You can get the edit buttons to disappear by making the following edits to "template-functions-links.php" in "wp-includes":
    Locate the function "edit_post_link". Replace the whole thing with this:

    function edit_post_link($link = 'Edit This', $before = '', $after = '') {
    global $user_level,$post,$user_login;

    get_currentuserinfo();

    if ($user_level > 0) {
    $authordata = get_userdata($post->post_author);
    if ($user_level <= $authordata->user_level && $user_login != $authordata->user_login) {
    return;
    }
    } else {
    return;
    }

    $location = get_settings('siteurl') . "/wp-admin/post.php?action=edit&post=$post->ID";
    echo "$before $link $after";
    }

    This makes it so that only the person who posted the post can edit their post, unless your a higher level. E.g. Admin see's 'Edit This' for all posts, but level 1 user only see's 'Edit This' for their own posts and level 2 users can see 'Edit This' for their own posts as well as all level 1 user's posts.

    Oh, and this is secure. If you change the link, it won't let you edit the post unless you're logged in as the user.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags

No tags yet.