[wp-hackers] Roles/Capabilities added, but only active on next page load after activation?

Tobias Bäthge wp-hackers at tablepress.org
Mon Dec 10 18:16:45 UTC 2012


I have investigated this some more now.

> P.S. You will only be able to observe this on the very first
> activation of the plugin, as the cap is already added on subsequent
> activations. Thus, when testing, the cap should be removed again
> before activating the plugin.

That's actually only partially true. The real issue is that
WP_Role->add_cap() and WP_Role->remove_cap() do not refresh the
current set of capabilities that a user has, i.e. WP_User->allcaps for
the $current_user is not updated.
I have created another demo plugin that illustrates this:

As you can see in the output of the plugin, it takes a
WP_User->get_role_caps() for the capability to be usable in the same
page load that added the cap. Without this, the capability would only
be usable on the next page load, as WP_User->allcaps is then created
freshly from the user meta.

Should we maybe update the current set of capabilities of a WP_User,
when caps are added/removed to/from a WP_Role?

Another plugin that shows the same behavior as described in my initial
mail is Justin Tadlock's "Members" plugin, by the way. After
activating the plugin, it takes another page load to actually see the
admin menu entries. The core of the issue is the same in that plugin.

Kind Regards,

More information about the wp-hackers mailing list