[wp-hackers] User Capabilities

Ryan Boren ryan at boren.nu
Fri Jul 1 05:34:35 GMT 2005

Here's a sample capabilities/rights/privileges implementation.  It uses
the role/capability model.  A handful of default roles are specified,
each with its own set of capabilities.  I used the Textpattern roles as
a starting point.  The WP_Roles class holds the default roles.  These
are run through a filter in case plugins want to do wholesale role
changes.  WP_Roles instantiates each default role as a WP_Role object.
A global $wp_roles object is created during WP init which holds all of
the roles.  Plugins can manipulate roles and their capabilities using a
few add/remove methods.

// Get the 'staff_writer' role.
$staff = $wp_roles->get_role('staff_writer');

// Don't let staff writers upload images.

// Do let them edit pages

// Add a new role.
$wp_roles->add_role('ombudsman', array('edit_posts', 'publish_posts',

A WP_User class takes a user id, gets the user_level, maps that to a
role, and checks capabilities against that role.  During WP init, a
global $current_user object is instantiated for the currently logged in
user.  The function current_user_can() is a convenience wrapper around
$current_user.  It  is used to check capabilities of the current user.

if ( current_user_can('edit_posts') )
   // Do posty edity type stuff

Right now roles map to user levels.  User levels 8 through 10 are a
Publisher, for example.  This can be changed, of course.  Leaving the
database alone and doing some mapping is easier for now.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: capabilities.php
Type: application/x-php
Size: 5966 bytes
Desc: not available
Url : http://comox.textdrive.com/pipermail/wp-hackers/attachments/20050701/f2c761ff/capabilities.bin

More information about the wp-hackers mailing list