DEVELOPMENT.md

@@ -280,7 +280,7 @@ Fictioneer customizes WordPress by using as many standard action and filter hook
 | `manage_pages_columns` | `fictioneer_remove_comments_column`
 | `manage_posts_columns` | `fictioneer_remove_comments_column`
 | `manage_users_columns` | `fictioneer_hide_users_columns`
-| `map_meta_cap` | `fictioneer_restrict_media_edit_delete`
+| `map_meta_cap` | `fictioneer_edit_others_files`
 | `navigation_markup_template` | `fictioneer_pagination_markup`
 | `nav_menu_link_attributes` | `fictioneer_add_menu_link_attributes`
 | `pre_comment_user_ip` | `__return_empty_string`

includes/functions/_roles.php

@@ -540,7 +540,7 @@ if ( ! current_user_can( 'manage_options' ) ) {
   }
   add_filter( 'pre_get_posts', 'fictioneer_edit_others_fictioneer_posts', 9999 );
 
-  // === EDIT_READ_OTHERS_FILES ================================================
+  // === READ_READ_OTHERS_FILES ================================================
 
   /**
    * Prevent users from seeing uploaded files of others
@@ -569,6 +569,51 @@ if ( ! current_user_can( 'manage_options' ) ) {
     add_action( 'pre_get_posts', 'fictioneer_read_others_files', 9999 );
   }
 
+  // === EDIT_READ_OTHERS_FILES ================================================
+
+  /**
+   * User cannot edit the files of others
+   *
+   * @since Fictioneer 5.6.0
+   *
+   * @param array  $caps     Primitive capabilities required of the user.
+   * @param string $cap      Capability being checked.
+   * @param int    $user_id  The user ID.
+   * @param array  $args     Adds context to the capability check, typically
+   *                         starting with an object ID.
+   *
+   * @return array The still allowed primitive capabilities of the user.
+   */
+
+  function fictioneer_edit_others_files( $caps, $cap, $user_id, $args ) {
+    // Skip unrelated capabilities
+    if ( $cap != 'edit_post' ) {
+      return $caps;
+    }
+
+    // if ( 'edit_post' != $cap && 'delete_post' != $cap ) {
+    //   return $caps;
+    // }
+
+    // Get the post in question.
+    $post = get_post( $args[0] );
+
+    // Check if an attachment and whether the user is the owner (author)
+    if (
+      empty( $post ) ||
+      $post->post_type != 'attachment' ||
+      $post->post_author == $user_id
+    ) {
+      return $caps;
+    }
+
+    // Disallow
+    return ['do_not_allow'];
+  }
+
+  if ( ! current_user_can( 'fcn_edit_others_files' ) ) {
+    add_filter( 'map_meta_cap', 'fictioneer_edit_others_files', 9999, 4 );
+  }
 
 
 

includes/functions/settings/_register_settings.php

@@ -635,13 +635,6 @@ define( 'FICTIONEER_OPTIONS', array(
 			'sanitize_callback' => 'fictioneer_sanitize_disable_widget_checkbox',
       'label' => __( 'Disable all widgets', 'fictioneer' ),
       'default' => false
-    ),
-    'fictioneer_restrict_media_access' => array(
-      'name' => 'fictioneer_restrict_media_access',
-			'group' => 'fictioneer-settings-general-group',
-			'sanitize_callback' => 'fictioneer_sanitize_checkbox',
-      'label' => __( 'Limit media file management by uploader', 'fictioneer' ),
-      'default' => false
     )
 	),
 	'integers' => array(

includes/functions/settings/_settings_page_general.php

@@ -769,14 +769,6 @@
                   </div>
                 </label>
 
-                <label for="fictioneer_restrict_media_access" class="label-wrapped-checkbox row">
-                  <input name="fictioneer_restrict_media_access" type="checkbox" id="fictioneer_restrict_media_access" <?php echo checked( 1, get_option( 'fictioneer_restrict_media_access' ), false ); ?> value="1">
-                  <div>
-                    <span><?php echo FICTIONEER_OPTIONS['booleans']['fictioneer_restrict_media_access']['label']; ?></span>
-                    <p class="sub-label"><?php _e( 'Users can only see and edit their own uploads in the media library unless they have the "edit_users" capability.', 'fictioneer' ) ?></p>
-                  </div>
-                </label>
-
                 <label for="fictioneer_disable_application_passwords" class="label-wrapped-checkbox row">
                   <input name="fictioneer_disable_application_passwords" type="checkbox" id="fictioneer_disable_application_passwords" <?php echo checked( 1, get_option( 'fictioneer_disable_application_passwords' ), false ); ?> value="1">
                   <div>

includes/functions/users/_privacy_security.php

@@ -107,53 +107,4 @@ if ( get_option( 'fictioneer_admin_restrict_private_data' ) && ! current_user_ca
 //   }
 // }
 
-// =============================================================================
-// RESTRICT MEDIA MANAGER
-// =============================================================================
-
-/**
- * Restrict edit and delete capabilities of media files
- *
- * @since Fictioneer 5.5.3
- *
- * @param array  $caps     Primitive capabilities required of the user.
- * @param string $cap      Capability being checked.
- * @param int    $user_id  The user ID.
- * @param array  $args     Adds context to the capability check, typically
- *                         starting with an object ID.
- *
- * @return array The still allowed primitive capabilities of the user.
- */
-
-function fictioneer_restrict_media_edit_delete( $caps, $cap, $user_id, $args ) {
-  // Skip unrelated capabilities
-  if ( 'edit_post' != $cap && 'delete_post' != $cap ) {
-    return $caps;
-  }
-
-  // Those who can edit posts of others, can also edit their files
-  if ( user_can( $user_id, 'edit_others_posts' ) ) {
-    return $caps;
-  }
-
-  // Get the post in question.
-  $post = get_post( $args[0] );
-
-  // Check if an attachment and whether the user is the owner (author)
-  if (
-    empty( $post ) ||
-    $post->post_type != 'attachment' ||
-    $post->post_author == $user_id
-  ) {
-    return $caps;
-  }
-
-  // Disallow
-  return ['do_not_allow'];
-}
-
-if ( get_option( 'fictioneer_restrict_media_access' ) ) {
-  add_filter( 'map_meta_cap', 'fictioneer_restrict_media_edit_delete', 10, 4 );
-}
-
 ?>