Opened 16 years ago
Closed 11 years ago
#8234 closed enhancement (duplicate)
Users with upload_files capability should be able to edit and delete uploaded files without having the edit_post/delete_post capability
Reported by: | olethomas | Owned by: | |
---|---|---|---|
Milestone: | Priority: | low | |
Severity: | minor | Version: | 2.7 |
Component: | Upload | Keywords: | |
Focuses: | Cc: |
Description
Users with upload_files capability are able to upload files but can't edit/delete his/her own uploaded files without having the edit_post/delete_post capability. Users capable to upload files should also be capable to edit/delete their own uploaded files.
Change History (10)
#2
@
16 years ago
- Milestone changed from 2.7 to 2.8
- Type changed from defect to enhancement
This can be achieved by using a plugin. Currently the user capabilities system is not as granular. It may be included in the future, but not in 2.7 which is at beta 3 already.
#3
in reply to:
↑ 1
@
16 years ago
Replying to mrmist:
I believe this behaviour was introduced in [9686] to fix an issue where users could delete media they shouldn't be able to (I.E. belonging to others).
I wouldn't want that reverted completely.
Of course if the checks can be made more specific, then that's great. Though you'd have to watch out because if you are talking about deleting / editing media that's attached to a post then effectively you are editing a post and it should be checking for edit post ability.
When using Wordpress as a CMS some users only have the edit_pages and upload_files capability and not edit_post. These users can upload files and edit them via the upload utility in the "Add new page"-screen but are restricted from editing their own files via the Media-page. A check for both edit_pages and edit_post could solve the problem. Don't know if that would cause other problems.
#4
@
16 years ago
I guess it depends on a few factors -
If the media is not attached to anything, a user should be able to edit/delete their own media without restriction.
If the media is attached to something, the user should be able to edit/delete their own media if they would normally be able to edit the thing it's attached to.
At editor level or above, the restrictions need not apply.
I suspect the reason that it currently isn't coded to that degree is because of what azaozz mentioned - that level of granularity is not within WordPress core.
I believe this behaviour was introduced in [9686] to fix an issue where users could delete media they shouldn't be able to (I.E. belonging to others).
I wouldn't want that reverted completely.
Of course if the checks can be made more specific, then that's great. Though you'd have to watch out because if you are talking about deleting / editing media that's attached to a post then effectively you are editing a post and it should be checking for edit post ability.