PublishPress Can Now Restrict File Uploads for Users
This week’s PublishPress release squeezes some bugs from the main plugin.
You can download version 1.16.3 of PublishPress from inside your WordPress site, or from WordPress.org. Here are the key fixes:
- We increased the speed of PublishPress by stopping some queries from running when they weren’t needed. The queries are related to the icons and colors of custom statuses.
- We fixed some license key activation and upgrade problems if you also had UpStream, our WordPress project management plugin installed. UpStream uses the same framework for licenses.
- We fixed the wrong URLs for assets on Windows machines. This was causing problems with localhost development.
But, we’ve also released a key update for the Permissions add-on …
How to customize the Upload_files capability
In the Permissions add-on, you can now customize the “upload_files” capability.
We’ve mentioned before that WordPress is not very accurate when naming capabilities. For example, the “Edit Posts” capability controls access to almost all key WordPress screens! So, you won’t be surprised to hear that “upload_files” is more powerful than it sounds.
If users don’t have the “upload_files” capability, they completely lose access to the Media Library. They can’t upload files or even browse media on your site.
On the “Permissions” screen in PublishPress, you can enable or disable this capability for each user role.
If users do not have the “upload_files” capability, they won’t see the “Add Media” button on any Posts, Pages or other content.
They will also lose access to the “Media” link in the WordPress admin menu.
And finally, if they try to drag-and-drop files onto the editing screen, they’ll see this message: “Sorry, you are not allowed to upload files.” The Media Library will not show them any of the uploaded images.