Skip to content

Self-Hosted Sites: Subscribers can login to the app #16299

Description

@thehenrybyrd

Expected behavior

I expected that Subscribers could not login to the WordPress app, as they can't manage sites.

Actual behavior

With a self-hosted site, the Subscriber user is able to log in to the app, access the Blog Posts menu, and create a post. Though the post will not get uploaded to the site, the user is able to view the comments published on the site through My Site > Comments.

Steps to reproduce the behavior

  1. Create a Subscriber user on a self-hosted WordPress site
  2. Log in as the Subscriber user to the app with the "Enter your existing site address" login option
  3. Once logged in, the user will see Stats, Blog Posts, Media, Comments, Settings, View Site, and View Admin options.
  4. Tap the floating button to create a new blog post.
  5. Tapping the "PUBLISH" button to upload the post, an error will occur and says the post can't be uploaded.
  6. Go to My Site > Comment will see the list of comments published on the site.

IMG_70A7DF162201-1

Subscribers should either be unable to login, or should have access only to Reader.

Tested on iPhone SE, iOS 14.4.2, WPiOS 17.1

Reported by @reginabally in wordpress-mobile/WordPress-Android#14455

Metadata

Metadata

Assignees

No one assigned

    Labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions