In “Manage UGC Posts,” users with the author role are able to make private posts public. The listing of posts is not limited to UGC posts, but all private posts on the site. Typically editing private posts is restricted to the editor and administrator roles.
This can be problematic when a user is not the post’s author and can make public other’s posts because it bypasses the capabilities of their role. Since the author role does not have access to private posts in the “All Posts” listing, they probably should not in the Manage UGC listing.
Restricting the functionality to the editor and administrator roles could be accomplished by changing the checks for
edit_others_posts. Or perhaps this could be a user configurable option in the Frontend Uploader Settings or with an
- The topic ‘Capabilities for managing UGC posts’ is closed to new replies.