Prevent Users in the Revisor Role From Approving Their Own Revisions

PublishPress Revisions is the plugin that allows you to manage content changes in WordPress. The plugin provides a special role called “Revisor” that can submit and approve changes, but not create new content.

One PublishPress customer noticed that users in the “Revisor” role can approve their own changes. In this article, I'll explain how to prevent Revisors from approving their own revisions

About the Revisor Role

The Revisor role is not a default role that comes from WordPress. It’s a custom role from the PublishPress Revisions plugin. This role is specifically designed for checking content revisions.

Normally the Revisor role can not approve their own revisions. They can create revisions, but to approve all revisions they also need a higher role such as “Administrator”.

The one exception to this is that they can approve revisions but for a role with lower capabilities than Revisors. 

So it’s possible, but unusual, for a user in the Revisor role to approve changes.

So what happened in our customer's situation, where their Revisor role could approve their own revision?

The number one reason might come from a double role. If you have PublishPress Capabilities installed, you can add multiple roles to one user.  In this screenshot below, the Revisor role has another role as Author.

Multiple roles in WordPress

This screenshot below shows what a user in only the “Revisor” role will see when they edit their revision. This is the default scenario and they can not approve these changes.

Editing a revision in the Revisor role

And this next screenshot shows what they will see when they have both the “Revisor” and the “Author” roles. In this scenario, they can click the “Approve Revision” button and approve these changes. This capability is coming from the Author role.

Editing a revision in the Revisor and Author roles

Another possibility is the role has edit_published_post capability. The same capabilities are required to approve a revision or to edit the published post directly. Make sure their Revisor role does not have edit_published_posts / edit_published_pages added.

Leave a Reply

Your email address will not be published. Required fields are marked *