[wp-hackers] User Capabilities
ryan at boren.nu
Sat Jul 9 17:00:05 GMT 2005
On Fri, 2005-07-08 at 16:34 -0500, Ryan Boren wrote:
> > > I've attached new files to try with changes that look to me like they
> > > work. It builds a complete list of caps when WP_User is created by
> > > reading the user roles recursively. Apply my patch over Ryan's and
> > > replace the capabilities.php file with this new one. You'll need to
> > > delete the options table row that contains the roles and run the upgrade
> > > to see the recursive roles work.
> > >
> > > Hint: echo $current_user->caps from admin-footer.php.
> > I'll give it a try when I get home.
> I'm not sure about having roles reference other roles. If a privilege
> is removed for one role, the privilege is lost to higher roles as well.
> If manage_links is removed for the Managing Editor, the Publisher loses
> that priv as well unless it is separately added to the Publisher role.
> I think each role should be self contained.
> Also, if we expand the role caps into the user caps it is possible for
> the user caps to get saved to the DB in this expanded state. The user
> caps will no longer reference a role and no longer reflect changes made
> to the role.
Perhaps WP_User should have separate arrays for individual capabilities
and roles. Your merge code could be used to create a third array that
would contain the full operating set of capabilities. This array would
be checked by has_cap() but would be not be persisted. Any time the
role or capability arrays change the merge would be rerun.
Adding some dedicated role management methods to WP_User might be handy.
add_role(), remove_role(), and maybe a set_role() shortcut used by the
default UI for changing a user's role (assuming they only have one).
remove_role() could enforce a "you can't delete the last role" rule.
More information about the wp-hackers