[wp-hackers] User Capabilities

Rob Lanphier robla at robla.net
Fri Jul 1 06:41:34 GMT 2005

Very cool!  As far as the backwards compatibility mechanism goes, I was
thinking it might be smart to map things the other direction as well,
creating capabilities with names like "level1", "level2", etc, so that
chunks of code like this:

if ($user_level >= 6)

...can be replaced with this in a semi-automated fashion:

if ($current_user_can('level6')

...or keeping with the natural language feel of things:

...and then, of course, give level 6 users the "level1" through "level6"

Regardless, I like the fact that this moves toward something that aligns
well with other applications out there, and moves it closer to full RBAC
without introducing a ton of complexity.


On Fri, 2005-07-01 at 00:34 -0500, Ryan Boren wrote:
> Here's a sample capabilities/rights/privileges implementation.  It uses
> the role/capability model.  A handful of default roles are specified,
> each with its own set of capabilities.  I used the Textpattern roles as
> a starting point.  The WP_Roles class holds the default roles.  These
> are run through a filter in case plugins want to do wholesale role
> changes.  WP_Roles instantiates each default role as a WP_Role object.
> A global $wp_roles object is created during WP init which holds all of
> the roles.  Plugins can manipulate roles and their capabilities using a
> few add/remove methods.
> // Get the 'staff_writer' role.
> $staff = $wp_roles->get_role('staff_writer');
> // Don't let staff writers upload images.
> $staff->remove_cap('upload_image');
> // Do let them edit pages
> $staff->add_cap('edit_pages');
> // Add a new role.
> $wp_roles->add_role('ombudsman', array('edit_posts', 'publish_posts',
> 'edit_published_posts'));
> A WP_User class takes a user id, gets the user_level, maps that to a
> role, and checks capabilities against that role.  During WP init, a
> global $current_user object is instantiated for the currently logged in
> user.  The function current_user_can() is a convenience wrapper around
> $current_user.  It  is used to check capabilities of the current user.
> if ( current_user_can('edit_posts') )
>    // Do posty edity type stuff
> Right now roles map to user levels.  User levels 8 through 10 are a
> Publisher, for example.  This can be changed, of course.  Leaving the
> database alone and doing some mapping is easier for now.
> Ryan
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers

More information about the wp-hackers mailing list