search

proudcity / wp-proudcity

The ProudCity WordPress platform
https://proudcity.com
Other
21 stars 9 forks source link

Check author permissions for Belmont #2491

Closed curtismchale closed 3 months ago

curtismchale commented 3 months ago

Zendesk 6822

Slack

curtismchale commented 3 months ago

Authors can edit posts, events, locations, job listings but can only publish posts due to how the capabilities are set.

curtismchale commented 3 months ago

image

You can see the list of capabilities they have in the screenshot above. The only publish capability they have relates to posts via publish_posts. I was incorrect in my GitHub comment, they do not have the ability to edit pages via the edit_pages capability. Though since they have the capability to edit events, locations, job listings it wouldn’t be unreasonable to give authors the ability to edit_pages as well. The edit_others_posts capability lets us do custom stuff if you don't own the post/page/event...so we could filter out editing of other posts, but we don't. That means if you have edit_posts you should be able to edit all posts.

If we want authors to be able to change pages then we need to add the edit_pages capability to all authors across our network of sites. We can do this with a deploy and the command wp cap add author edit_pages run in our release file for that deploy. I can test it by running a one off on Belmont to see if that fixes their issue and then we can roll it out.

@kevindherman

kevindherman commented 3 months ago

@curtismchale would this mean an author could create and edit any pages or just the ones they create (or have been assigned as author)?

curtismchale commented 3 months ago

@kevindherman create and edit any pages as I read the documentation.

kevindherman commented 3 months ago

@curtismchale unless there are controls for limiting the pages they can edit, I think we leave alone because at that point they should just be an editor.

I think the idea with author is to have guardrails for staff members. A common example is, "I don't want Bob to edit the homepage". However, Bob may need to edit some specific pages.

curtismchale commented 3 months ago

@kevindherman so this issue is done now if we're not going to change permissions correcta/

kevindherman commented 3 months ago

@curtismchale that makes sense for now.

I think we should revisit the three roles down the road so authors can add and edit their own pages but not others. If you could create an issue for the backlog to come back to that includes this documentation that would be great.