PublishPress Revisions is the plugin that allows you to manage content changes in WordPress. The plugin provides a special role called “Revisor” that can submit and approve changes, but not create new content.
One PublishPress customer noticed that users in the “Revisor” role can approve their own changes. In this article, I'll explain how to prevent Revisors from approving their own revisions.
About the Revisor Role
Normally the Revisor role can not approve their own revisions. They can create revisions, but to approve all revisions they also need a higher role such as “Administrator”.
The one exception to this is that they can approve revisions but for a role with lower capabilities than Revisors.
So it’s possible, but unusual, for a user in the Revisor role to approve changes.
So what happened in our customer's situation, where their Revisor role could approve their own revision?
The number one reason might come from a double role. If you have PublishPress Capabilities installed, you can add multiple roles to one user. In this screenshot below, the Revisor role has another role as Author.
This screenshot below shows what a user in only the “Revisor” role will see when they edit their revision. This is the default scenario and they can not approve these changes.
And this next screenshot shows what they will see when they have both the “Revisor” and the “Author” roles. In this scenario, they can click the “Approve Revision” button and approve these changes. This capability is coming from the Author role.
Another possibility is the role has edit_published_post capability. The same capabilities are required to approve a revision or to edit the published post directly. Make sure their Revisor role does not have edit_published_posts / edit_published_pages added.