[wp-hackers] User Capabilities
ringmaster at midnightcircus.com
Fri Jul 8 21:27:23 GMT 2005
Ryan Boren wrote:
>>Can you set a cap to false to deny that cap? I think that my patch
>>could enable this. Just a thought, since it might be useful to grant
>>users capabilities by role, and then revoke a single permission.
> That's the intention, altough the implementation doesn't correctly check
> for this at the moment. The idea is if the cap is not set in the user's
> cap list, then fall through to role checking. If it is set and false,
> then the user does not have that cap and the role should not be checked.
With the patch I provided, if you set a capability for a user directly,
it will override anything previously set via role. The uksort() you see
in there accomplishes aggregating role caps first, then user caps.
has_cap() doesn't return the value that's in the user caps list, but it
should be pretty simple to do that now.
A couple of caveats that I thought of during lunch: The WP_Roles and
WP_Role classes don't return hierarchical caps, just flat caps for the
request. I can't think of a case where recursion would be useful
anywhere other than the WP_User::has_cap(), but maybe there is. Perhaps
a $recursive argument should be added to all of those functions? This
might be useful for using the classes to tie caps to specific
roles/users in an advanced admin plugin.
More information about the wp-hackers