[wp-hackers] Breaking down the Edit_Pages capability
chris at placenamehere.com
Sat Jan 21 16:25:50 GMT 2006
While looking over the wp 2.0 roles and capabilities list I was struck
that one of the first user type I'd setup couldn't be done because I'd
want to have a user that could edit pages as a content admin, but not
have the facility to effect the overall site structure by adding new
pages. The posts capabilities are granular enough, but the Edit_pages
capability seems to wrap up both the ability to write new pages *and*
edit existing ones into the one flag.
Is there any particular reason for this setup or is it simply an
oversight that comes with the first implementation of roles? Is there a
discussion somewhere out there on the setup of the roles, why they were
picked as they were (list archives)? I saw at least one bug in track to
tweak capabilities (dealing with page ownership), is that the best
starting point for trying to get the edit pages split more?
Changes to WP core code aside, for those who know the roles system
well, what direction would be cleanest to take in the short term to
make this split on my own installs? Is it going to take creating a new
capability and then combing the code for where the old one was checked
and flipping a bunch of user checks on a few different pages, or is
there a cleaner direction? Can plugins reach this deep or only hacking?
Ultimately, I'd love to be able to lock down most everything besides
the 'body' content (delete page, page slug, page title, etc) but
realistically simply blocking the Write Page UI while allowing access
to Manage Pages along with a little cautionary comment made to my
client would be enough.
(And yes, I've seen the current roles plugin, but what I'm looking to
do is first split the capability)
[ Chris Casciano ]
[ chris at placenamehere.com ] [ http://placenamehere.com ]
More information about the wp-hackers