RE: Reject or accept non-draft entries in Wordpress

["Brian Smith" <brian@xxxxxxxxxxxxxx>]

Teo Hui Ming wrote:
> In Wordpress, different roles have different capabilities. In 
> particular, users with "Contributor" role can only submit 
> draft entries, but they cannot publish entries.
> 
> So, how a blog server should response in these two scenario:
> 1) when contributor submits an entry without app:draft 
> element (implied draft='no')
> 
> 2) when contributor submits an entry with an app:draft 
> element set to 'no'
> 
> The current Worpress's AtomPub implementation rejects the 
> request (in both 1 and 2) with 401 Unauthorized, by telling 
> the user that "you do not have the right to edit/publish new 
> posts." [1]
> 
> But.. instead of rejecting the request, since AtomPub server 
> may ignore app:draft element, does it make sense (and 
> user-friendlier) if Wordpress just process the request, 
> returns 201 Created, but with the app:draft set to 'yes' by 
> the server?

The specification doesn't prohibit that behavior. I think it would be better if WordPress also had something in the service document for that user which indicates that they can post only drafts, so that the blogging client can present this information in its user interface. For example, a blogging client like Windows Live Writer that has separate "Publish" and "Save Draft on Server" buttons can disable the "Publish" button.

Presumably, the <link rel="alternate" type="text/html"> would point to the preview page for drafts. In that case, the user would have to log in again, if the blogging client is a separate process from the web browser used for the preview. That is probably a bigger usability issue than automatically converting the post to a draft. If they are logged in, then the preview page will clearly show that the entry was converted to a draft instead of published.

- Brian