Suggestion for capability check

Hi rabengraph,
thanks for your post and the detailed suggest / explanation. That helped a lot to get into the context.

I agree, the “edit_pages” capability is not the right cap in this place.
But i think “edit_post” is it neither. I had a look on the Roles and Capabilities page. I think if only the “upload_files” cap is used it should be the best solution.
The problem i have with “edit_post” is that Contributors can’t upload files – so they should also not be able to crop any file.

Is that OK for you?

Thanks for your reply!
Yes for me thats totally fine, thank you!
You could just check both “edit_post” and ‘upload_files’, then you have what you want I think. Note that (in case you re interested in caps) there is a difference between ‘edit_post’ and ‘edit_posts’. I think its a little smarter to use edit_post and pass the attachment_id as an argument, but edit_posts also kinda does the job well. Only FYI, there is a great article from Justin Tadlock about caps which I personally found very helpful, as the documentation about caps in the wp codex is not too detailed.
https://justintadlock.com/archives/2010/07/10/meta-capabilities-for-custom-post-types

When we say edit_post, we’re talking about a meta capability, not a primitive capability like edit_posts. Specifically, $post_type_object->caps->edit_post.

Even if you were checking against edit_posts, you wouldn’t target that cap either. You’d go with $post_type_object->caps->edit_posts.

Any post-related capability checks should use the actual capabilities registered to that post type.

I haven’t looked at the plugin in question, but I’m not sure you’d need any type of post cap checking. upload_files will probably be fine. But, I’d definitely check out how core WP handles cropping to see if they’re using any other cap checks.

@justin
Looks like \wp-admin\media.php do the job. They use the ‘edit_post’ cap which make sense in some way, wordpress handles images like any other post-type (in db).

But i think the ‘upload_files’ cap still is the right cap.
A contributor has the ‘edit_post’ cap but no ‘upload_files’ cap.
I tested the following: He can’t add files, see uploaded files or even choose a post thumbnail (cause he don’t see any uploaded files). Ironically he can remove a post thumb.

Will upload the fix tomorrow, with cap “upload_files” if there are no further objection or new information’s.

P.S. didn’t realized before, that the caps are stored in the post_type_object – always had problems with caps on custom post types – now this looks easier.

Finally committed – as usually it takes me a few days more.

Should be working now with cap “upload_files”