WordPress.org

Make WordPress Core

Opened 7 years ago

Closed 7 years ago

#4458 closed defect (bug) (fixed)

users who no longer have the ability to save posts get their posts "stolen" if the post is edited.

Reported by: markjaquith Owned by: markjaquith
Milestone: 2.3 Priority: high
Severity: major Version: 2.2
Component: Administration Keywords: needs-patch
Focuses: Cc:

Description

  1. User A is an Author, and published a post ("Post A").
  2. User A is downgraded to "Subscriber"
  3. User B edits "Post A"
  4. Result: User A is no longer listed as the author of "Post A"

This is due to the fact that authors who currently lack the ability to save posts are not listed in the author dropdown box. We need to list the current author in that dropdown, regardless of capabilities, and ensure they are kept as the author on the backend.

This particularly comes to light when importing from another CMS, in which case all authors are created as Subscribers. Any editing of their posts will cause them to lose authorship.

Calling this one major, because mis-attributed posts are a big deal for professional publishers of content.

Change History (5)

comment:1 robmil7 years ago

Surely the author role is more of a permissions thing than a semantic thing? I don't see why administrators/editors shouldn't be able to set any user to be the author of a post, regardless of that user's role.

comment:2 markjaquith7 years ago

Sure, but it's going to be rarely that they'll want to do so. The most important thing is that we're non-destructive.

comment:3 Nazgul7 years ago

  • Keywords needs-patch added
  • Milestone changed from 2.3 (trunk) to 2.4 (future)

comment:4 markjaquith7 years ago

  • Milestone changed from 2.4 (next) to 2.3
  • Owner changed from anonymous to markjaquith
  • Status changed from new to assigned

Have a patch for this one.

comment:5 markjaquith7 years ago

  • Resolution set to fixed
  • Status changed from assigned to closed

(In [6049]) Always put the author of the post in the authors dropdown, even if they have since been demoted to a role without post-saving capabilities. fixes #4458

Note: See TracTickets for help on using tickets.