[wp-hackers] Capabilities and Plugins

Mark Jaquith mark.wordpress at txfx.net
Sun Mar 5 15:25:25 GMT 2006


On Mar 5, 2006, at 9:34 AM, David House wrote:

> Mark Jaquith and I discussed this last night on #wordpress-dev and
> thought it might be nice to assign some special status to
> administrator (or possibly have some hidden role, 'superrole', 'root'
> or something) that acts as a sink for all possible caps, along with a
> get_superrole() function. This would make it nice and easy to tell
> which caps are available, and might allow easier administration if
> special privs are needed.

I think I've changed my mind on this. :-)

> On the other hand, that might be overkill if we allow some method of
> registering caps without tying them down to a specific role.

Precisely why I changed my mind.

> Actually, now I think about it, it doesn't make any sense to have a
> cap which isn't tied to a role.

I think it makes less sense to presume to guess which roles a the WP  
operator wants to have this new capability.

> If plugins don't want any existing
> roles to have their cap, just create a new role and assign the cap to
> that. Then Role Manager picks up that cap (if I remember the code
> correctly). Or am I missing something?

Should work, but it seems silly to create a role only as a container  
of a capability.  Why not just create a mechanism by which plugin  
authors can register their capability, and then let people add that  
capability to an existing role?

In the plugin, you could do something like register_cap 
('some_cool_thing'); register_cap() would look at an existing array  
in the options table (a namespaced option, just like the one that  
holds roles) and if it doesn't exist, it adds it.  Then there could  
be a function like get_all_caps() that would return an array of all  
the default WP capabilities, plus all capabilities stored in that  
option.

If we used the same option that Owen is using now, we could probably  
even rig it so that older versions of his plugin would continue to work.

And because there'd be a universal method of adding/getting  
capabilities, plugin authors could just use current_user_can 
('my_cap') for their logic checks, and then in their installation  
instructions say "Add the "my_cap" capability to the users or roles  
to want to be able to use this plugin" and they could link to a codex  
page that has a list of role manager plugins.

How's that sound?

--
Mark Jaquith
http://txfx.net/




More information about the wp-hackers mailing list