Community Forums › Forums › Archived Forums › General Discussion › How to Allow Contributors to Upload New Images but Not Touch the Existing Ones?
- This topic has 10 replies, 2 voices, and was last updated 10 years, 3 months ago by Fabio.
-
AuthorPosts
-
December 8, 2013 at 11:17 pm #77780FabioParticipant
Hi there,
I know this is more of a generic WordPress question, but I always get better help here than on the WP forum, so I thought I'd ask. Also, sometimes Genesis has their very own plugins and solutions, so well... here's the question:How to allow contributors to upload new media but not touch the existing ones?
I want them to only be able to upload images inside their articles but without being able to browse the media gallery.Ideally without plugins. But I'll consider them if necessary.
Thanks
Looking forward your suggestions.Fabio
December 8, 2013 at 11:39 pm #77783SummerMemberYou're not already using a roles/capabilities plugin to manage different user level permissions?
I'm pretty sure that you can manage that with Members, but they'd be able to see other images they had previously uploaded because those images would be owned by them.
WordPress / Genesis Site Design & Troubleshooting: A Touch of Summer | @SummerWebDesign
Slice of SciFi | Writers, After DarkDecember 8, 2013 at 11:44 pm #77784FabioParticipantHey Summer, thanks for your reply!
No, I'm not using any plugin to manage user permissions, but I guess I'll give this Members a try. I just hoped I could avoid a plugin, but I guess using it is the safest option...Any other suggestions are always welcome.
Thanks
FabioDecember 8, 2013 at 11:54 pm #77785SummerMemberIt's written by Justin Tadlock, so on sites where I have contributors that don't need to publish posts live, it's invaluable, especially in creating roles that have a variety of capabilities.
Between Members for user roles that have logins, and the Co-Authors Plus/Genesis Co-Authors Plus to create content authors that don't need logins, it's a perfect WordPress solution for me 🙂
WordPress / Genesis Site Design & Troubleshooting: A Touch of Summer | @SummerWebDesign
Slice of SciFi | Writers, After DarkDecember 8, 2013 at 11:57 pm #77786FabioParticipantHmmm... this is interesting.
What do you mean by "content authors that don't need logins"?December 9, 2013 at 12:15 am #77787SummerMemberSometimes I have contributors that don't need or don't want to learn/use WordPress just to submit their articles. For what I do on sliceofscifi.com and dragonpage.com, it's like guest posts on steroids. On both sites I have published authors or contributors who aren't tech savvy and who just want to send me columns or reviews, and have no interest or time to login and create the posts themselves. So I create guest author roles that gives them bylines and when they email me the material, I post them, but the posts show up with their names on them.
Co-Authors Plus was a great first step in getting the behavior that I wanted, and Genesis Co-Authors Plus was an awesome helper because it gave me author boxes on those non-user roles (even if I did have to modify the plugin... which reminds me, I really need to put that snippet on a gist).
So that gives me a way to create content with their appropriate authors attributed, and without giving them an account. No account means no weak password that might get compromised if they move on or don't contribute anything for a long stretch of time.
Those two plugins also work wonders in setting up second profiles for existing accounts, so that their Author profile can have an author box while their regular posts won't (for instance, news & wire reports won't have author boxes, but original content like columns and reviews will), and also for converting accounts from people who've left or moved on... I can keep their posts as being authored by them while still being able to get rid of their logins... that part's a lot more involved and requires a lot of manual work, but for getting rid of accounts on some of my sites that haven't been used literally in a few years, that's invaluable to me.
Wonder if I should write up a tutorial on how I used those two plugins and my mods to create a solution I'd been waiting years for WordPress to come up with...
WordPress / Genesis Site Design & Troubleshooting: A Touch of Summer | @SummerWebDesign
Slice of SciFi | Writers, After DarkDecember 9, 2013 at 12:24 am #77788FabioParticipantCool,
I guess I don't have enough experience with contributors to realize that soon or later they will move on, I'll need to cancel their accounts and keep their author box (whether on articles or author's archive). Thanks, that gives me some perspective.But why is it dangerous to have a contributor account with a weak password? Contributors can't post anything anyways and can't access anything important, the most they can do is creating drafts... so what's the problem?
Thanks!
December 9, 2013 at 12:38 am #77789SummerMemberIn the past, a lot of those accounts were Editors and Authors, who could post live because I really don't have time to babysit content on ALL the Slice of SciFi family sites I design and manage 🙂
I use the term "contributor" to describe them as people who give me content, not what WP role they have.
There have been exploits in the past for people to increase their permission levels once they gain access, leveraging vulnerabilities in unmaintained plugins, or people sneaking in from exploiting access other sites and do something with your folder permissions or databases to give themselves higher level access to do more damage. There was one exploit where they could create a hidden admin, and unless you edited the database, you'd never see the user account to delete it, and they'd go to town generating spam directed at 10,000 other websites. Yes I had to clean one of those up a couple years ago.
Just because you are maintaining your site doesn't mean you can't be side-stepped or backdoored by someone attacking a vulnerability in a site owned by someone else on the same shared server that's still running WP 2.9, especially on a machine that's still running PHP 5.2
WordPress / Genesis Site Design & Troubleshooting: A Touch of Summer | @SummerWebDesign
Slice of SciFi | Writers, After DarkDecember 9, 2013 at 12:49 am #77790FabioParticipanthmm.. ok... that was a refreshing read 🙂
I didn't know this about shared servers. Is the same true for VPS?December 9, 2013 at 1:00 am #77791SummerMemberHaha, sorry about that. Decades of being a Unix systems admin in a previous life/career and having had to either lock down servers or rebuild ones that had been compromised makes me a little hyper aware about potential security problems 🙂
As for virtual machines, I don't believe someone could hack their way from one instance to another, but if they do something to abuse the resources on the box, yes, that could affect all the other virtual machines on the physical server. It's not impossible to have one instance go rogue and lock up an entire box, requiring a hard reboot. It happened on one of my setups a couple weeks ago, but since I'm not the admin for the box I don't know what ultimately caused the lock up.
WordPress / Genesis Site Design & Troubleshooting: A Touch of Summer | @SummerWebDesign
Slice of SciFi | Writers, After DarkDecember 9, 2013 at 1:06 am #77792FabioParticipantI guess nothing is impossible for those who believe!
-
AuthorPosts
- The forum ‘General Discussion’ is closed to new topics and replies.