Support » Fixing WordPress » same level authors able to edit eachother’s posts

  • Hi,
    just installed wp 1.2 works great.
    So I have 5 authors all at level 1. They can all post but they can also all edit eachothers posts which I do not want. Is there a way to prevent this?

Viewing 15 replies - 1 through 15 (of 18 total)
  • Bump to the top….I think this would be a very useful feature and doesnt seem like it would be that difficult to implement.

    Even if there isnt a way to change the user permissions settings (which I understand are hard to mess with), could someone at least post a way to remove the “edit link” from people who are on the same level? I want the original author to be able edit his own post but no other authors, if he is on the same level as the other authors. The “Edit” page of each user works like this, so it seems like it might be an error, anyway.

    Thread Starter dylilama

    (@dylilama)

    Up as I”m still interested in this…

    and me too. to me it’s a bug, not a feature. but let’s hear..

    I thought it used to be the case that, a user can edit posts by users whose level are “lower” than him, not “the same” as him. Or am I mistaken? This is quite a serious problem for me now.

    Actually I liked this feature, myself and another author are level 9 and want to be able to edit each other’s posts because we trust each other, and we can catch typos etc. There is a third person at level 2. 🙂
    With 1.2.1 it seems this “bug” has been fixed, but shouldn’t there at least be a checkbox for allowing same level authors to edit??

    From the readme.html: “Any user whose level is higher than 1, can edit and delete the posts and change the level of lower users. Example: a level 2 user is not an admin, but can edit the posts of level 1 users, and up the level of a new user from 0 to 1.” sounds like this is a bug in 1.2.2…

    You can get the edit buttons to disappear by making the following edits to “template-functions-links.php” in “wp-includes”:
    Locate the function “edit_post_link”. Replace the whole thing with this:

    function edit_post_link($link = ‘Edit This’, $before = ”, $after = ”) {
    global $user_level,$post,$user_login;

    get_currentuserinfo();

    if ($user_level > 0) {
    $authordata = get_userdata($post->post_author);
    if ($user_level <= $authordata->user_level && $user_login != $authordata->user_login) {
    return;
    }
    } else {
    return;
    }

    $location = get_settings(‘siteurl’) . “/wp-admin/post.php?action=edit&post=$post->ID”;
    echo “$before $link $after”;
    }

    This makes it so that only the person who posted the post can edit their post, unless your a higher level. E.g. Admin see’s ‘Edit This’ for all posts, but level 1 user only see’s ‘Edit This’ for their own posts and level 2 users can see ‘Edit This’ for their own posts as well as all level 1 user’s posts.

    Oh, and this is secure. If you change the link, it won’t let you edit the post unless you’re logged in as the user.

    There are a variety of other conditions that allow a user at any level edit all other posts…

    for example change ## to any valide post in:
    sitename/wordpress/wp-admin/post.php?action=edit&post=##
    allows edit access some posts (haven’t figured out why some allow access and some don’t)

    We recently upgraded a blog to 1.2.2 and discovered this feature/bug. We have over a hundred first-level users on the blog, all students in a class blogging for credit, all able to edit each others’ posts. Obviously, this is not good. I guess I’ll try the “edit_post_link” hack described above, but I hate messing wp-includes. I’d like to go back to the old model, or at least have it so first-level users can’t edit anyone else’s posts.

    My situation is the same as the above poster’s. A class of about thirty students, writing on the blog as a crucial part of the class. This bug is a show-stopper. If someone has a real fix, I would be very grateful if they would share it.

    OK, I implemented the solution suggested by johnnyroxxor above. However, it didn’t work for me until I changed the final line from this:

    echo "$before $link $after";

    to this:

    echo "$before <a href=\"$location\">$link</a> $after";

    WIth this change, it does the job. Users only see an edit link if they wrote the post themselves, or if they’re a higher level than the author. Hope this helps someone!

    A little more info: It appears this bug has been identified, reported and fixed for version 1.5. Thanks to iceburn and 2fargon.

    I think I’ve solved the problem. In the file wp-admin/post.php line 219 you have to change this:

    if ($user_level < $authordata->user_level)

    to this:

    if ($user_level <= $authordata->user_level && $user_login != $authordata->user_login)

    Now, users in the same level only can edit their own posts. Thanks to all for feedback.

    in wp-admin/functions-post.cgi

    if you mess with ‘function user_can_edit_post’, you should be able to do whatever you want pretty eaisly. Just add or remove editing conditions

Viewing 15 replies - 1 through 15 (of 18 total)
  • The topic ‘same level authors able to edit eachother’s posts’ is closed to new replies.