WordPress user roles vs the XML-RPC interface

Blogging platform WordPress (in it’s current version 2.3) allows for 5 user roles:

  • Administrator: Somebody who has access to all the administration features
  • Editor: Somebody who can publish posts, manage posts as well as manage other people’s posts, etc.
  • Author: Somebody who can publish and manage their own posts
  • Contributor: Somebody who can write and manage their posts but not publish posts
  • Subscriber: Somebody who can read comments/comment/receive news letters, etc.

Another feature is the XML-RPC-interface. With this, you can use an external editor to publish on your blog. Say you have a desktop program, or a webservice: as soon as you provide it with the url to the xmlrpc.php in your installation, a username and a password, that application can start posting on your blog right away. Increasingly useful, in these web 2.0 interconnected API-flooded times.

So far for the good news. The bad news being that these two features don’t combine well, at all…

The xmlrpc-implementation in WordPress is such that it can only accept posts from a user with the role of administrator or editor. For other users, it replies with a simple “Sorry, you don’t have sufficient rights to perform this action”. Thus, if you want to use some of the post restrictions of the other roles in combination with the xmlrpc, you’re out of luck!

Here’s an example of a not so nutty setup, where this leads to frustration:

  • Say you want replicate on your blog all the useful links you find around the web and post to del.icio.us.
  • The delicious site offers a feature for this, albeit a bare-bones one. You can set a time to publish, a blog category where the post is gonna end up, a blog number (in case you have more than one blog in your wordpress installation), a username and a password. This sets up sort of a CRON-job, so that every day at the designated time, your links are bundled into a post and sent to the xmlrpc.php of this wordpress-installation (see e.g. Michel or Eskimokaka for these kind of posts).
  • Being a tad paranoid never hurt anyone, so you set up a user especially for postings from del.icio.us (it’s not a very good idea to start giving away your administrator password on external sites).
  • You give this delicious-user on your blog the role of “contributor”, as you don’t want the posts from delicious to appear on the site right away. Why? So that you can still tinker with titles or tags or abolish a post if you encountered only one useful link on a given day…
  • All set to go. You post some useful links. Wait for a day. Look for a draft post from user “delicious”. Nothing.
  • Check google, wordpress codex, forums: all lead to the same conclusion: not possible. the del.icio.us user has to have at least editor-rights…
  • So the choice is either to abandon the external posting, or live with the fact that their postings end up on the site right away and have to be edited, tagged, bundled etc… later.

Bummer. The text on the WordPress-homepage “WordPress is what you use when you want to work with your blogging software, not fight it” got a sour smile from me tonight…

Anyone who knows a graceful workaround or wordpress-plugin for this problem?

4 gedachten over “WordPress user roles vs the XML-RPC interface

  1. Thanks Gerry, this put me on track to a good solution. Now I have a user with the role editor (so that he can post), but with your code bit I managed to circumvent the publishing so the post ends up in draft.
    The only inconvenience now is that a WordPress update will overwrite this solution…


Geef een reactie

Vul je gegevens in of klik op een icoon om in te loggen.

WordPress.com logo

Je reageert onder je WordPress.com account. Log uit /  Bijwerken )


Je reageert onder je Twitter account. Log uit /  Bijwerken )

Facebook foto

Je reageert onder je Facebook account. Log uit /  Bijwerken )

Verbinden met %s