[wp-hackers] current_user_can() and roles ?
Frank Bueltge
frank at bueltge.de
Wed Jan 6 19:33:19 UTC 2010
Hello Otto,
right, i understand you.
The admin give other users a rolle, not rights and in my plugin it os:
the admin select the role and i will check only for this. Maybe i must
add a new capabilitie to the role, the select the admin. And then i
can check for the new object. A also then it is possiblt to add this
object to a new role "superman".
Thanks ! for reply and discuss
On Wed, Jan 6, 2010 at 8:25 PM, Otto <otto at ottodestruct.com> wrote:
> Capabilities never really change. New ones might be added, but it's
> unlikely that old ones will ever fully go away.
>
> So you really need to check actual capabilities based on what they're
> doing. If they're trying to change the plugin options, then you'd
> check "edit_options". And so on. That's the whole point of the
> role/capabilities system.
>
> I mean, what if I created a new role, called "superman", and gave them
> a bunch of capabilities? Your plugin would suddenly not work.
>
> Roles are *arbitrary*, you cannot rely on them existing. Capabilities
> are not arbitrary, they're hardcoded right into the core. New ones can
> be added for various purposes, but the existing ones ain't going
> anywhere.
>
> -Otto
>
>
>
> On Wed, Jan 6, 2010 at 1:05 PM, Frank Bueltge <frank at bueltge.de> wrote:
>> Thanks for your reply; i see this also! A in my plugin give the user
>> the rights on the option-field to the user-role, no own capabilitie. I
>> will only check, the loged in users have min. the role. I will not
>> check for a capabilies. Now i must check a capabilitie from this cole
>> and this is extra code and maybe dosnt work in feature when change WP
>> this capabilitie.
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>
More information about the wp-hackers
mailing list