[wp-hackers] Managing User Levels and Capabilities
David House
dave at xmouse.ithium.net
Wed Jul 7 16:59:12 UTC 2004
This is how I would have the system set up:
The interface lists all current users. When you click through to edit them, your
are presented with a series of radio buttons, with captions 0 through 10, and
custom. Under custom there would be a list of checkboxes, each corresponding to
the permission to perform a specific action, eg: edit active plugins, view
templates, edit posts etc.
The database would be simple to set up. Add a field, 'user_permissions', to
wp_users. This contains a space seperated list of permissions, eg:
'edit-active-plugins view-templates edit-posts'
We would then need another table, maybe wp_permissions, which contains three
fields: permission_id, permission_nicename and permission_name. Sample record:
permission_id: 3
permission_nicename: edit-active plugins
permission_name: Can edit active plugins list
Then a function like this:
function doesuserhavepermission($permission, $user) {
global $wpdb;
$userperms = $wpdb->get_var('SELECT user_permissions FROM ' . $wpdb->users . '
WHERE ID = ' . $user);
$perm = $wpdb->get_var('SELECT permission_nicename FROM ' . $wpdb->permissions
. ' WHERE permission_name = ' . $permission);
if (stristr($userperms, $perm)) != FALSE) {
return true;
return false;
}
You then check like this:
if (doesuserhavepermission('Can edit active plugins list', 'admin')) {
do_something();
}
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
More information about the hackers
mailing list