WordPress.org

Support

Support » Plugins and Hacks » [Resolved] Capabilities for managing UGC posts

[Resolved] Capabilities for managing UGC posts

  • Matthew Spencer
    Member

    @mattheweternal

    In “Manage UGC Posts,” users with the author role are able to make private posts public. The listing of posts is not limited to UGC posts, but all private posts on the site. Typically editing private posts is restricted to the editor and administrator roles.

    This can be problematic when a user is not the post’s author and can make public other’s posts because it bypasses the capabilities of their role. Since the author role does not have access to private posts in the “All Posts” listing, they probably should not in the Manage UGC listing.

    Restricting the functionality to the editor and administrator roles could be accomplished by changing the checks for current_user_can from edit_posts to edit_others_posts. Or perhaps this could be a user configurable option in the Frontend Uploader Settings or with an apply_filters hook.

    http://wordpress.org/plugins/frontend-uploader/

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Author Rinat Khaziev
    Participant

    @rinatkhaziev

    I added fu_manage_permissions filter in 0.5.8, checkout FAQ for details: http://wordpress.org/plugins/frontend-uploader/faq/

    Matthew Spencer
    Member

    @mattheweternal

    Thank you Rinat! Not sure how I missed that.

    Plugin Author Rinat Khaziev
    Participant

    @rinatkhaziev

    I just released it 🙂

    Matthew Spencer
    Member

    @mattheweternal

    I have added the add_filter function into my theme’s functions.php, but I am not able to alter the capabilities.

    I think apply_filters is getting called in the plugin before the add_filter in the theme functions can get to it.

    In testing, I dropped the add_filter function into frontend-uploader.php just before and after this line:

    $this->manage_permissions = apply_filters( 'fu_manage_permissions', 'edit_posts' );

    Before it worked, after it failed.

    Is there a way to get around this issue?

    Plugin Author Rinat Khaziev
    Participant

    @rinatkhaziev

    Hey Matthew,

    Thanks for the catch, you are correct, I attached the filter on plugins_loaded (which fires too early – before theme init). I released a bug fix, it should take care of it.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘[Resolved] Capabilities for managing UGC posts’ is closed to new replies.