Skip to content

Capabilities and permissions

Octa Editor never grants access of its own. Every surface checks WordPress capabilities, so a user or an API account can only do what its role already allows.

Surface Gate
Editor panel Only appears for users who may edit the current record.
Bulk import page Requires the page capability, edit_posts by default (filter octa_editor_bulk_cap).
REST API Each route runs a contextual capability check for posts or terms.
Abilities (MCP) Read abilities are public, save-document is off by default (filter octa_editor_ability_mcp_public).
Settings tab Requires manage_options.
Media alt column Requires the capability to edit the attachment.

Setting a publish status (publish, future, private) requires the caller’s publish capability. Without it, the status is downgraded and a octa_status_adjusted warning is returned rather than failing the whole write.

Listing and search never leak the existence of records the caller can’t reach.

  • A caller without edit_others_posts only sees its own records.
  • Each object is filtered again per item with an edit_post style check.

The same rule applies to the REST list endpoints and to the bulk page’s pattern search. There is no way to probe for records you are not allowed to access.

Limit which content types Octa Editor touches with octa_editor_allowed_post_types and octa_editor_allowed_taxonomies, and which the bulk importer accepts with octa_editor_bulk_post_types and octa_editor_bulk_taxonomies. See Hooks and filters.