[wp-hackers] User Capabilities
robla at robla.net
Fri Jul 1 06:41:34 GMT 2005
Very cool! As far as the backwards compatibility mechanism goes, I was
thinking it might be smart to map things the other direction as well,
creating capabilities with names like "level1", "level2", etc, so that
chunks of code like this:
if ($user_level >= 6)
...can be replaced with this in a semi-automated fashion:
...or keeping with the natural language feel of things:
...and then, of course, give level 6 users the "level1" through "level6"
Regardless, I like the fact that this moves toward something that aligns
well with other applications out there, and moves it closer to full RBAC
without introducing a ton of complexity.
On Fri, 2005-07-01 at 00:34 -0500, Ryan Boren wrote:
> Here's a sample capabilities/rights/privileges implementation. It uses
> the role/capability model. A handful of default roles are specified,
> each with its own set of capabilities. I used the Textpattern roles as
> a starting point. The WP_Roles class holds the default roles. These
> are run through a filter in case plugins want to do wholesale role
> changes. WP_Roles instantiates each default role as a WP_Role object.
> A global $wp_roles object is created during WP init which holds all of
> the roles. Plugins can manipulate roles and their capabilities using a
> few add/remove methods.
> // Get the 'staff_writer' role.
> $staff = $wp_roles->get_role('staff_writer');
> // Don't let staff writers upload images.
> // Do let them edit pages
> // Add a new role.
> $wp_roles->add_role('ombudsman', array('edit_posts', 'publish_posts',
> A WP_User class takes a user id, gets the user_level, maps that to a
> role, and checks capabilities against that role. During WP init, a
> global $current_user object is instantiated for the currently logged in
> user. The function current_user_can() is a convenience wrapper around
> $current_user. It is used to check capabilities of the current user.
> if ( current_user_can('edit_posts') )
> // Do posty edity type stuff
> Right now roles map to user levels. User levels 8 through 10 are a
> Publisher, for example. This can be changed, of course. Leaving the
> database alone and doing some mapping is easier for now.
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
More information about the wp-hackers