[wp-trac] Re: [WordPress Trac] #2526: WP DB Backup plugin is using $user_level instead of capabilities

WordPress Trac wp-trac at lists.automattic.com
Sat Mar 25 04:27:41 GMT 2006


#2526: WP DB Backup plugin is using $user_level instead of capabilities
----------------------------+-----------------------------------------------
       Id:  2526            |      Status:  assigned                
Component:  Administration  |    Modified:  Sat Mar 25 04:27:41 2006
 Severity:  normal          |   Milestone:  2.1                     
 Priority:  normal          |     Version:  2.0.1                   
    Owner:  robmiller       |    Reporter:  markjaquith             
----------------------------+-----------------------------------------------
Comment (by markjaquith):

 The only problem with that is what if you don't have a role called
 "administrator"?  Then no one gets the capability.

 Remember that "administrator" isn't some magical role... it's just like
 any other role.  You can't count on every WP setup to have all the roles
 set up how they're set up when WP is first installed.  Because of that, I
 think that a good strategy for granting new capabilities is to piggyback
 onto an existing capability.  The one I usually use is "manage_options"
 because if you can manage options, you pretty much have supreme control of
 the blog.  So instead of giving it to the "administrator" role, give it to
 any user/role who has the "manage_options" capability.  Essentially you're
 just saying that because they've already been given so much trust, they're
 the best candidate to get this additional ability.

-- 
Ticket URL: <http://trac.wordpress.org/ticket/2526>
WordPress Trac <http://wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list