Support » Plugin: Crop-Thumbnails » Suggestion for capability check

  • Resolved simon


    The plugin works great for me thanks!
    Nevertheless I just come up with a suggestion to modify the capability check the plugin runs when a user attempts to crop an image. The plugin actually checks for “upload_files” and “edit_pages”.
    This is a little inconvenient, as like the way it works now, a user with the role AUTHOR cannot crop images by default, (unless you add the edit_pages capability to the author role which is not an option in most cases). So the author is for example not able to crop the images he uploaded and attached to his self written and published blog post.

    I would suggest to not check for edit_pages, but to use the meta cap “edit_post” like so in your ‘isUserPermitted’-method.
    current_user_can( 'edit_post', $attachment_id );
    Like this, every user that can edit an attachment, would then also be able to crop it with your fantastic plugin.

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Author Volkmar Kantor


    Hi rabengraph,
    thanks for your post and the detailed suggest / explanation. That helped a lot to get into the context.

    I agree, the “edit_pages” capability is not the right cap in this place.
    But i think “edit_post” is it neither. I had a look on the Roles and Capabilities page. I think if only the “upload_files” cap is used it should be the best solution.
    The problem i have with “edit_post” is that Contributors can’t upload files – so they should also not be able to crop any file.

    Is that OK for you?



    Thanks for your reply!
    Yes for me thats totally fine, thank you!
    You could just check both “edit_post” and ‘upload_files’, then you have what you want I think. Note that (in case you re interested in caps) there is a difference between ‘edit_post’ and ‘edit_posts’. I think its a little smarter to use edit_post and pass the attachment_id as an argument, but edit_posts also kinda does the job well. Only FYI, there is a great article from Justin Tadlock about caps which I personally found very helpful, as the documentation about caps in the wp codex is not too detailed.

    When we say edit_post, we’re talking about a meta capability, not a primitive capability like edit_posts. Specifically, $post_type_object->caps->edit_post.

    Even if you were checking against edit_posts, you wouldn’t target that cap either. You’d go with $post_type_object->caps->edit_posts.

    Any post-related capability checks should use the actual capabilities registered to that post type.

    I haven’t looked at the plugin in question, but I’m not sure you’d need any type of post cap checking. upload_files will probably be fine. But, I’d definitely check out how core WP handles cropping to see if they’re using any other cap checks.

    Plugin Author Volkmar Kantor


    Looks like \wp-admin\media.php do the job. They use the ‘edit_post’ cap which make sense in some way, wordpress handles images like any other post-type (in db).

    But i think the ‘upload_files’ cap still is the right cap.
    A contributor has the ‘edit_post’ cap but no ‘upload_files’ cap.
    I tested the following: He can’t add files, see uploaded files or even choose a post thumbnail (cause he don’t see any uploaded files). Ironically he can remove a post thumb.

    Will upload the fix tomorrow, with cap “upload_files” if there are no further objection or new information’s.

    P.S. didn’t realized before, that the caps are stored in the post_type_object – always had problems with caps on custom post types – now this looks easier.

    Plugin Author Volkmar Kantor


    Finally committed – as usually it takes me a few days more.

    Should be working now with cap “upload_files”

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Suggestion for capability check’ is closed to new replies.