[wp-hackers] User Capabilities

Owen Winkler ringmaster at midnightcircus.com
Fri Jul 8 21:27:23 GMT 2005

Ryan Boren wrote:
>>Can you set a cap to false to deny that cap?  I think that my patch
>>could enable this.  Just a thought, since it might be useful to grant
>>users capabilities by role, and then revoke a single permission.
> That's the intention, altough the implementation doesn't correctly check
> for this at the moment.  The idea is if the cap is not set in the user's
> cap list, then fall through to role checking.  If it is set and false,
> then the user does not have that cap and the role should not be checked.

With the patch I provided, if you set a capability for a user directly, 
it will override anything previously set via role.  The uksort() you see 
in there accomplishes aggregating role caps first, then user caps.

has_cap() doesn't return the value that's in the user caps list, but it 
should be pretty simple to do that now.

A couple of caveats that I thought of during lunch:  The WP_Roles and 
WP_Role classes don't return hierarchical caps, just flat caps for the 
request.  I can't think of a case where recursion would be useful 
anywhere other than the WP_User::has_cap(), but maybe there is.  Perhaps 
a $recursive argument should be added to all of those functions?  This 
might be useful for using the classes to tie caps to specific 
roles/users in an advanced admin plugin.


More information about the wp-hackers mailing list