Opened 5 years ago
Last modified 3 years ago
#8234 new enhancement
Users with upload_files capability should be able to edit and delete uploaded files without having the edit_post/delete_post capability
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Priority: | low | Milestone: | Future Release |
| Component: | Upload | Version: | 2.7 |
| Severity: | minor | Keywords: | needs-patch |
| Cc: |
Description
Users with upload_files capability are able to upload files but can't edit/delete his/her own uploaded files without having the edit_post/delete_post capability. Users capable to upload files should also be capable to edit/delete their own uploaded files.
Change History (9)
- Milestone changed from 2.7 to 2.8
- Type changed from defect to enhancement
This can be achieved by using a plugin. Currently the user capabilities system is not as granular. It may be included in the future, but not in 2.7 which is at beta 3 already.
Replying to mrmist:
I believe this behaviour was introduced in [9686] to fix an issue where users could delete media they shouldn't be able to (I.E. belonging to others).
I wouldn't want that reverted completely.
Of course if the checks can be made more specific, then that's great. Though you'd have to watch out because if you are talking about deleting / editing media that's attached to a post then effectively you are editing a post and it should be checking for edit post ability.
When using Wordpress as a CMS some users only have the edit_pages and upload_files capability and not edit_post. These users can upload files and edit them via the upload utility in the "Add new page"-screen but are restricted from editing their own files via the Media-page. A check for both edit_pages and edit_post could solve the problem. Don't know if that would cause other problems.
I guess it depends on a few factors -
If the media is not attached to anything, a user should be able to edit/delete their own media without restriction.
If the media is attached to something, the user should be able to edit/delete their own media if they would normally be able to edit the thing it's attached to.
At editor level or above, the restrictions need not apply.
I suspect the reason that it currently isn't coded to that degree is because of what azaozz mentioned - that level of granularity is not within WordPress core.
- Keywords needs-patch added
- Priority changed from normal to low
- Severity changed from normal to minor
- Keywords 2nd-opinion added
- Milestone changed from Future Release to 2.9
- Keywords 2nd-opinion removed
I believe this behaviour was introduced in [9686] to fix an issue where users could delete media they shouldn't be able to (I.E. belonging to others).
I wouldn't want that reverted completely.
Of course if the checks can be made more specific, then that's great. Though you'd have to watch out because if you are talking about deleting / editing media that's attached to a post then effectively you are editing a post and it should be checking for edit post ability.