[wp-hackers] User Capabilities
Ryan Boren
ryan at boren.nu
Fri Jul 1 15:52:17 GMT 2005
On Fri, 2005-07-01 at 11:37 -0400, Owen Winkler wrote:
> Ryan Boren wrote:
> > A more useful and understandable model would be to limit roles to
> > categories. A user would have a role and a list of categories to which
> > that role's post edit/create/publish capabilities would apply. A
> > Managing Editor, for example, would have capabilities on all categories,
> > whereas a Copy Editor might have capabilities on only one or two
> > categories. So, a Managing Editor could edit any user's posts and a
> > Copy Editor could edit other users' posts only within a set of
> > categories.
>
> Are category permissions something you would consider for the core?
> Some sites don't use categories, and with the recent focus on
> keywords/tags, this might become more prevalent. Of course, using
> categories this way might shift thinking toward using categories
> primarily for security, and keyword plugins instead of traditional
> categories.
Categories for such sites could strictly be a workflow device.
Personally, I say forget about per-category capabilities and keep it
simple. I offered per-category capabilities as a compromise for those
wanting to maintain some sort of capability partitioning.
> What are your thoughts on plugin access to these permissions? Will the
> permission structure allow for:
>
> if( apply_filters('perm_edit_posts', current_user_can('edit_posts'),
> $post->ID) ) {...}
>
> Or will filters only be applied in advance? The difference being that
> filters applied as above might allow plugins to grant/deny editing
> permissions to individual posts based on custom criteria, whereas a
> up-front filter would not.
>
> Just a thought.
I'd like plugins to have all of the information available to
WP_User::has_cap() including post ids and any additional information
passed along. So, we should probably apply the filter in has_cap(). We
should pass a reference to the user object along with the other args so
that the ID and user data is available to the plugin.
Ryan
More information about the wp-hackers
mailing list