[wp-trac] [WordPress Trac] #19834: More Robust Capabilities for Attachments

WordPress Trac wp-trac at lists.automattic.com
Thu Jul 26 05:50:08 UTC 2012 

#19834: More Robust Capabilities for Attachments
-----------------------------+------------------------------
 Reporter:  walkinonwat3r    |       Owner:
     Type:  feature request  |      Status:  new
 Priority:  normal           |   Milestone:  Awaiting Review
Component:  Media            |     Version:
 Severity:  normal           |  Resolution:
 Keywords:  needs-patch      |
-----------------------------+------------------------------
Changes (by mikeschinkel):

 * cc: mikeschinkel@… (added)


Comment:

 Replying to [comment:15 azaozz]:
 > That's where more granular permissions come in effect: you may want to
 give the photo guy permission to only edit "unattached" attachments, or
 only edit attachment meta, tags, etc.

 The current system works well for basic blogging but breaks down when
 requirements get really complex. I could envision literally thousands of
 capabilities that might be needed for a given scenario which would be
 overwhelming to manage.

 Here's a potential solution: add a special capability called
 `'in_context'` which would determine if a user "can" based on hooks rather
 than a matching of roles to capabilities?  Here's what
 `current_user_can()` might look like:

 {{{
 function current_user_can( $capability  ) {
   $current_user = wp_get_current_user();

   if ( 'in_context' == $capability )
     return apply_filters( 'current_user_can_in_context', false,
 $current_user );

   if ( empty( $current_user ) )
     return false;

   $args = array_slice( func_get_args(), 1 );
   $args = array_merge( array( $capability ), $args );

   return call_user_func_array( array( $current_user, 'has_cap' ), $args );
 }
 }}}

 Then for areas in core where you don't want to define a specific role you
 could wrap with an `if (current_user_can('in_context')) { // do
 something... }`, i.e.:

 {{{
 add_action( 'current_user_can_in_context',
 'my_current_user_can_in_context', 10, 2 );
 function my_current_user_can_in_context( $user_can, $current_user ) {
   global $pagenow;
   return is_admin() && 'upload.php' == $pagenow &&
     in_array( 'photo_editor', $current_user->roles );
 }
 if (current_user_can('in_context') ) {
   echo 'Yes you can!';
 }
 }}}

 This would allow people to write hooks for all those weird special cases
 and still keep the list of core capabilities relatively clean.

 Anyway, it's just an idea.  It might have a lot problems I hadn't
 considered but if not, maybe it's a solution?

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/19834#comment:16>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list