Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

Editing Others Documents Issue #52

Closed
lordarach opened this Issue · 3 comments

3 participants

@lordarach

I have several departments set up for documents to be assigned using the taxonomy-permissions.php and managed with the Members plugin. Within each of those departments is a managing user and some editing users. I've been having issues with users being able to see that there are documents in other departments because in order to view and edit documents within their departments 'edit_others_documents' must be turned on which shows them everything. Fortunately, a user from one department can't view or edit documents in another department, but just the fact of seeing these extra documents is causing confusion. Is there a way that the 'edit_others_documents_in_department1' ability could be sufficient so that any user within a single department can see everyone else's documents within that department but no one else's from other departments?

@cojennin

Not sure this would be accomplishable by manipulation of capabilities. The issue being that the primary function of capabilities is to check whether or not a user has access to something (a post, a comment, a menu page, etc), not whether a user can or cannot see something.

Consider that one of the standard queries WordPress makes when viewing the admin Documents screen (in this case: wp-admin/edit.php?post_type=document) might look something like this:
SELECT SQL_CALC_FOUND_ROWS wp_posts.ID FROM wp_posts WHERE 1=1
AND wp_posts.post_type = 'document'
AND ( wp_posts.post_status = 'publish'
OR wp_posts.post_status = 'future'
OR wp_posts.post_status = 'draft'
OR wp_posts.post_status = 'pending'
OR ( wp_posts.post_author = 8 AND wp_posts.post_status = 'private' ) )
ORDER BY wp_posts.post_date DESC LIMIT 0, 20

Most of the AND's and OR's are concerned with the post_status (and the query is only selecting from the wp_posts table).

This is why authors, editors, admins can see all the content being worked on by everyone else. The best way to work around this might be to take a look at the parse_query filter. Maybe take a look at what capabilities the current user has and query based on that. I'll try messing around with this, but I think that's going to be your best bet.

@cojennin

Hrm, this appears to be a feature/issue a number of people would like to see implemented (related inquiry). I can't promise immediate results, but definitely going to spend some more time sussing out a possible solution.

@benbalter
Owner

Closing as stale, please feel free to reopen if this is still occurring.

@benbalter benbalter closed this
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.