[wp-hackers] User Capabilities

Owen Winkler ringmaster at midnightcircus.com
Sun Jul 10 18:39:17 GMT 2005

Ryan Boren wrote:

>For plugin back compat, we'll need to add some code that sets an
>"equivalent user level" whenever we change a user's role.
What do you think about adding a param to add_role() that specifies an 
equivalent user level?  Not WP_User::set_role(), but WP_Roles::add_role().

The default set of roles would already have built-in equivalent user 
levels (via "level_x" caps).  A role itself defines its level, and any 
future roles that anyone might define will automatically (if added 
through this API rather than direct database additions) be backwards 
compatible, since the system will add the appropriate "level_x" caps 

Like this:

$wp_roles->add_role('foo', array('eat_pie'=>true),'Foo',3);


function add_role($role, $capabilities, $display_name, $user_level = 0) {
    for($z=0;$z<=$user_level;$z++) $capabilities["level_{$z}"] = true;  
//New line
    $this->roles[$role] = array('name' => $display_name,
'capabilities' => $capabilities);
    update_option($this->role_key, $this->roles);
    $this->role_objects[$role] = new WP_Role($role, $capabilities);
    $this->role_names[$role] = $display_name;

When the system updates a user's role, the WP_User class would filter 
through allcaps (after the role change) looking for the highest 
"level_x" and then use that to set the user_level for backwards 

Something like:

function level_reduction($max, $item) {
    if(preg_match('/^level_(10|[0-9])$/i', $item, $matches)) {
        $level = intval($matches[1]);
        return max($max, $level);
    } else {
        return $max;
function update_user_level_from_caps() {
    global $table_prefix;
    $this->data->user_level = array_reduce(array_keys($this->allcaps), 
array(&$this, 'level_reduction'), 0);
    update_usermeta($this->id, $table_prefix.'user_level', 

This would help avoid a hard-coded switch statement that converts 
default roles into user levels, which wouldn't accomodate custom role 
schemes.  It also doesn't really discourage people from using the old 
user_level permissions, because everything would still work pretty well 
that way.

Grr.  This backwards compatibility thing is a bear.  It's almost not 
worth the trouble.

Similarly - I'm just noting this now - capabilities.php probably 
shouldn't be using translate_level_to_role() from upgrade_functions.php, 
since the roles in the switch might not exist in a custom role scheme.  
In what case would get_role() be used with a numeric argument anyway?


More information about the wp-hackers mailing list