[wp-hackers] User Capabilities
Ryan Boren
ryan at boren.nu
Fri Jul 1 05:34:35 GMT 2005
Here's a sample capabilities/rights/privileges implementation. It uses
the role/capability model. A handful of default roles are specified,
each with its own set of capabilities. I used the Textpattern roles as
a starting point. The WP_Roles class holds the default roles. These
are run through a filter in case plugins want to do wholesale role
changes. WP_Roles instantiates each default role as a WP_Role object.
A global $wp_roles object is created during WP init which holds all of
the roles. Plugins can manipulate roles and their capabilities using a
few add/remove methods.
// Get the 'staff_writer' role.
$staff = $wp_roles->get_role('staff_writer');
// Don't let staff writers upload images.
$staff->remove_cap('upload_image');
// Do let them edit pages
$staff->add_cap('edit_pages');
// Add a new role.
$wp_roles->add_role('ombudsman', array('edit_posts', 'publish_posts',
'edit_published_posts'));
A WP_User class takes a user id, gets the user_level, maps that to a
role, and checks capabilities against that role. During WP init, a
global $current_user object is instantiated for the currently logged in
user. The function current_user_can() is a convenience wrapper around
$current_user. It is used to check capabilities of the current user.
if ( current_user_can('edit_posts') )
// Do posty edity type stuff
Right now roles map to user levels. User levels 8 through 10 are a
Publisher, for example. This can be changed, of course. Leaving the
database alone and doing some mapping is easier for now.
Ryan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: capabilities.php
Type: application/x-php
Size: 5966 bytes
Desc: not available
Url : http://comox.textdrive.com/pipermail/wp-hackers/attachments/20050701/f2c761ff/capabilities.bin
More information about the wp-hackers
mailing list