Hi rabengraph,
thanks for your post and the detailed suggest / explanation. That helped a lot to get into the context.
I agree, the “edit_pages” capability is not the right cap in this place.
But i think “edit_post” is it neither. I had a look on the Roles and Capabilities page. I think if only the “upload_files” cap is used it should be the best solution.
The problem i have with “edit_post” is that Contributors can’t upload files – so they should also not be able to crop any file.
Is that OK for you?
Thread Starter
simon
(@rabengraph)
Thanks for your reply!
Yes for me thats totally fine, thank you!
You could just check both “edit_post” and ‘upload_files’, then you have what you want I think. Note that (in case you re interested in caps) there is a difference between ‘edit_post’ and ‘edit_posts’. I think its a little smarter to use edit_post and pass the attachment_id as an argument, but edit_posts also kinda does the job well. Only FYI, there is a great article from Justin Tadlock about caps which I personally found very helpful, as the documentation about caps in the wp codex is not too detailed.
http://justintadlock.com/archives/2010/07/10/meta-capabilities-for-custom-post-types
When we say edit_post, we’re talking about a meta capability, not a primitive capability like edit_posts. Specifically, $post_type_object->caps->edit_post.
Even if you were checking against edit_posts, you wouldn’t target that cap either. You’d go with $post_type_object->caps->edit_posts.
Any post-related capability checks should use the actual capabilities registered to that post type.
I haven’t looked at the plugin in question, but I’m not sure you’d need any type of post cap checking. upload_files will probably be fine. But, I’d definitely check out how core WP handles cropping to see if they’re using any other cap checks.
@justin
Looks like \wp-admin\media.php do the job. They use the ‘edit_post’ cap which make sense in some way, wordpress handles images like any other post-type (in db).
But i think the ‘upload_files’ cap still is the right cap.
A contributor has the ‘edit_post’ cap but no ‘upload_files’ cap.
I tested the following: He can’t add files, see uploaded files or even choose a post thumbnail (cause he don’t see any uploaded files). Ironically he can remove a post thumb.
Will upload the fix tomorrow, with cap “upload_files” if there are no further objection or new information’s.
P.S. didn’t realized before, that the caps are stored in the post_type_object – always had problems with caps on custom post types – now this looks easier.
Finally committed – as usually it takes me a few days more.
Should be working now with cap “upload_files”
