[wp-hackers] Capabilities and Plugins
mark.wordpress at txfx.net
Sun Mar 5 15:25:25 GMT 2006
On Mar 5, 2006, at 9:34 AM, David House wrote:
> Mark Jaquith and I discussed this last night on #wordpress-dev and
> thought it might be nice to assign some special status to
> administrator (or possibly have some hidden role, 'superrole', 'root'
> or something) that acts as a sink for all possible caps, along with a
> get_superrole() function. This would make it nice and easy to tell
> which caps are available, and might allow easier administration if
> special privs are needed.
I think I've changed my mind on this. :-)
> On the other hand, that might be overkill if we allow some method of
> registering caps without tying them down to a specific role.
Precisely why I changed my mind.
> Actually, now I think about it, it doesn't make any sense to have a
> cap which isn't tied to a role.
I think it makes less sense to presume to guess which roles a the WP
operator wants to have this new capability.
> If plugins don't want any existing
> roles to have their cap, just create a new role and assign the cap to
> that. Then Role Manager picks up that cap (if I remember the code
> correctly). Or am I missing something?
Should work, but it seems silly to create a role only as a container
of a capability. Why not just create a mechanism by which plugin
authors can register their capability, and then let people add that
capability to an existing role?
In the plugin, you could do something like register_cap
('some_cool_thing'); register_cap() would look at an existing array
in the options table (a namespaced option, just like the one that
holds roles) and if it doesn't exist, it adds it. Then there could
be a function like get_all_caps() that would return an array of all
the default WP capabilities, plus all capabilities stored in that
If we used the same option that Owen is using now, we could probably
even rig it so that older versions of his plugin would continue to work.
And because there'd be a universal method of adding/getting
capabilities, plugin authors could just use current_user_can
('my_cap') for their logic checks, and then in their installation
instructions say "Add the "my_cap" capability to the users or roles
to want to be able to use this plugin" and they could link to a codex
page that has a list of role manager plugins.
How's that sound?
More information about the wp-hackers