WordPress.org

Make WordPress Core

Opened 4 years ago

Last modified 4 months ago

#17253 reopened feature request

Author role should be able to make/edit pages (a.k.a. let's get with the times)

Reported by: jane Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version: 3.1
Component: Role/Capability Keywords: has-patch
Focuses: Cc:

Description

More and more sites are using WordPress to run the whole site, not just a blog. Pages are quickly eclipsing blog posts as the default content type, and we should start moving to address this. Currently authors have no rights to pages. Someone with higher rights can set the author as someone with the author role, but the author can't actually get to it. This is super lame, because the "just create and manage your own stuff" role doesn't apply to a major form of content.

I understand this will have implications re backwards compatibility, but we've talked about revisiting the roles system at some point, so I wanted this ticket to be on record. We have to make roles more reasonable for CMS use.

Attachments (5)

17253.diff (745 bytes) - added by knutsp 4 months ago.
Patch to add capabilities for authors vs. pages
capabilities.php (27.9 KB) - added by knutsp 4 months ago.
Test that new authors get new capabilities
capabilities.2.php (27.9 KB) - added by knutsp 4 months ago.
Test that new authors get new capabilities
test-author-capabilities.diff (811 bytes) - added by knutsp 4 months ago.
Test that new authors get new capabilities
17253-2.diff (3.4 KB) - added by knutsp 4 months ago.
Patch to add capabilities for authors vs. pages, including tests

Download all attachments as: .zip

Change History (20)

comment:1 @jane4 years ago

  • Milestone changed from Awaiting Review to Future Release

Bump... I forgot we never got to this.

comment:2 @bootsz3 years ago

  • Cc sbutze@… added

+1

comment:3 @chriscct74 months ago

  • Keywords dev-feedback added

Any of the other devs have thoughts on this?

comment:4 follow-up: @helen4 months ago

I am not sure that this is really doable at this point. What would then separate an author from an editor? Surprisingly, there's not much activity here, so should we really bother?

comment:5 @voldemortensen4 months ago

+1 for closing. If some is important enough to create pages on a site, they should also be competent enough to be trusted with the other caps that come with being promoted to editor. i.e. moderate_comments and unfiltered_html.

comment:6 follow-up: @johnbillion4 months ago

  • Milestone Future Release deleted
  • Resolution set to wontfix
  • Status changed from new to closed

Yeah the gain here is very little, and we'd run into issues with sites which need strict control over which users can access what when suddenly authors can edit pages.

comment:7 in reply to: ↑ 4 @knutsp4 months ago

Replying to helen:

I am not sure that this is really doable at this point. What would then separate an author from an editor?

Remember: An editor may edit and publish any content, at least any post or page, even those not created by the actual editor. An author may only create, edit and publish own content. Even if authors are made able to create, edit and publish own pages, they will not have the ability to touch others pages. That's a huge difference.

comment:8 in reply to: ↑ 6 @knutsp4 months ago

  • Resolution wontfix deleted
  • Status changed from closed to reopened

Replying to johnbillion:

we'd run into issues with sites which need strict control over which users can access what when suddenly authors can edit pages.

That will not happen. Since authors will not have authored any pages they will not be able to edit any, until they create one themselves.

edit_others_pages, edit_private_pages, delete_others_pages, read_private_pages, delete_private_pages caps should still be off for authors, while edit_pages, publish_pages, edit_published_pages, delete_pages, delete_published_pages caps should be on, the way it is for posts.

I have client's sites where I have made these changes using a caps/role manager plugin, to let the site admin avoid upgrading authors to editors, while letting them mange their own pages. There is no sudden access for the authors to edit anything else.

I'm for this change.

As I feel this ticket was closed on reasons not addressing what this ticket actually suggests, I would like it to stay open until reconsidered.

comment:9 @johnbillion4 months ago

  • Keywords needs-patch needs-unit-tests added; dev-feedback removed
  • Milestone set to Awaiting Review

Fair point. Willing to consider it. Needs a patch and tests.

@knutsp4 months ago

Patch to add capabilities for authors vs. pages

comment:10 @knutsp4 months ago

  • Keywords has-patch added; needs-patch removed

@johnbillion: Thank you.

Will it be sufficient just to extend tests/user/capabilities.php with checks that show a new author user gets the right caps added, or do we need further testing on an author manipulating actual pages?

@knutsp4 months ago

Test that new authors get new capabilities

@knutsp4 months ago

Test that new authors get new capabilities

comment:11 @knutsp4 months ago

Disregard the first capabilities.php.

Is this (capabilities-2.php) even close to be sufficient testing?

comment:12 @johnbillion4 months ago

Those cap checks are fine. You should be able to extend the existing test_user_author() method though, rather than introducing a new method. I've just opened #32394 after seeing the state of these tests, so there'll be some overlap there.

Also you can create a patch file for the unit test files in the same way you create a normal patch (no need to upload the whole modified file).

comment:13 follow-up: @johnbillion4 months ago

You'll need to update the author assertions in test_page_meta_caps() too.

@knutsp4 months ago

Test that new authors get new capabilities

comment:14 @knutsp4 months ago

  • Keywords needs-unit-tests removed

Ok.

@knutsp4 months ago

Patch to add capabilities for authors vs. pages, including tests

comment:15 in reply to: ↑ 13 @knutsp4 months ago

Replying to johnbillion:

You'll need to update the author assertions in test_page_meta_caps() too.

Done.

Note to self: An author can publish any non-private post, and after this also any non-private page. Private posts/pages may be used to hide them from non-admins/non-editors.

Note: See TracTickets for help on using tickets.