[wp-hackers] User Capabilities

Michael E. Hancock mhancock at us.net
Wed Jul 6 16:12:20 GMT 2005

From: "Ryan Boren" <ryan at boren.nu>
Sent: Tuesday, July 05, 2005 6:27 PM
> I guess we need to answer some fundamental questions.  Do we allow
> editing of users and roles?  My sample implementation does not provide
> for this.  Roles can be manipulated only by plugins, and users don't
> have individually configurable capabilities.  Users have a role and
> that's it.  The UI for this would be very simple.  Instead of giving a
> user a level, you give them a role.  A dropdown will do.  If the default
> roles aren't to the site administrators taste, it's plugin time.  This
> hides lots of complexity.
> I can see possibly providing a Role provisioning UI and saving the roles
> in the DB.  I'd rather not have editing of user capabilities beyond
> assigning them a role.  If you have someone who doesn't quite fit the
> current roles, create a new role for them.

Expanding on the capability/role model described by Mr. Boren, couldn't the
use of database tables support both capabilities and roles?

This could be done with two new tables and an additional field in wp_users
called 'role'.

A table called "wp_capabilities" could define all the possible user
capabilities in WordPress such as edit_posts, publish_posts, edit_themes,
manage_links, edit_users, edit_profile, and login.  The table could contain
the 'standard' set of capabilities defined by the developers.  Additional
capabilities could be defined by plugin authors.

A second table called "wp_roles" could detail each and every role and the
various capabilities allowed to that role.  Any number of roles could be
included in the standard WordPress distribution, but users and plugin
authors could also define any roles they needed.  Roles could also be used
to restrict users to a given Category (or Categories).

The administrator role would always possess all capabilities; the inactive
role would possess no capabilities.  Theoretically, these two roles would be

An Options field could be created that defined the 'default'
newly-registered-user Role (currently Level 0 in 1.5)

Table details and sample data:

Table: "wp_capabilities"
Field1: capability_id
Field2: capability (unique)
Field3: capability_parent (not to sure why this field but it feels right)

Sample data for "wp_capabilities"
8,"democracy_ajax_create_poll",""  (example of what plugin author could add)
9,"democracy_ajax_delete_poll",""  (example of what plugin author could add)

Table: "wp_roles"
Field1: role_id
Field2: role
Field3: role_description
Field4: capability (or capability id)
Field5: cat_id

Sample data for "wp_roles"
0,"administrator","WordPress Administrator","edit_posts",""
1,"administrator","WordPress Administrator","publish_posts",""
2,"administrator","WordPress Administrator","edit_themes",""
3,"administrator","WordPress Administrator","manage_links",""
4,"administrator","WordPress Administrator","edit_users",""
5,"administrator","WordPress Administrator","edit_profile",""
6,"administrator","WordPress Administrator","login",""
7,"inactive","Inactive user","inactive",""
8,"writer","Can edit and publish","edit_posts",""
9,"writer","Can edit and publish","publish_posts",""
10,"writer","Can edit and publish","edit_profile",""
11,"writer","Can edit and publish","login",""
12,"political_writer","Edit/publish in Category 2","edit_posts","2"
13,"political_writer","Edit/publish in Category 2","publish_posts","2"
14,"political_writer","Edit/publish in Category 2","edit_profile",""
15,"political_writer","Edit/publish in Category 2","login",""
16,"level0","Backward capability for v1.5 Level 0","login",""
17,"level0","Backward capability for v1.5 Level 0","edit_profile",""
18,"Democracy Ajax Poll Administrator","democracy_ajax_create_poll",""
19,"Democracy Ajax Poll Administrator","democracy_ajax_delete_poll",""
20,"Democracy Ajax Poll Administrator","edit_profile",""
21,"Democracy Ajax Poll Administrator","login",""
22,"Democracy Ajax Poll Creator","democracy_ajax_create_poll",""
23,"Democracy Ajax Poll Creator","login",""

Of course, this is all so easy for me to say--I don't know beans about
implementing the code for this ;)

Thanks for taking the time to read this.

Michael E. Hancock
mhancock at us.net

More information about the wp-hackers mailing list