[wp-hackers] Breaking down the Edit_Pages capability

Chris Casciano chris at placenamehere.com
Sat Jan 21 16:25:50 GMT 2006


While looking over the wp 2.0 roles and capabilities list I was struck 
that one of the first user type I'd setup couldn't be done because I'd 
want to have a user that could edit pages as a content admin, but not 
have the facility to effect the overall site structure by adding new 
pages. The posts capabilities are granular enough, but the Edit_pages 
capability seems to wrap up both the ability to write new pages *and* 
edit existing ones into the one flag.

Is there any particular reason for this setup or is it simply an 
oversight that comes with the first implementation of roles? Is there a 
discussion somewhere out there on the setup of the roles, why they were 
picked as they were (list archives)? I saw at least one bug in track to 
tweak capabilities (dealing with page ownership), is that the best 
starting point for trying to get the edit pages split more?

Changes to WP core code aside, for those who know the roles system 
well, what direction would be cleanest to take in the short term to 
make this split on my own installs? Is it going to take creating a new 
capability and then combing the code for where the old one was checked 
and flipping a bunch of user checks on a few different pages, or is 
there a cleaner direction? Can plugins reach this deep or only hacking?

Ultimately, I'd love to be able to lock down most everything besides 
the 'body' content (delete page, page slug, page title, etc) but 
realistically simply blocking the Write Page UI while allowing access 
to Manage Pages along with a little cautionary comment made to my 
client would be enough.

(And yes, I've seen the current roles plugin, but what I'm looking to 
do is first split the capability)

-- 
[ Chris Casciano ]
[ chris at placenamehere.com ] [ http://placenamehere.com ]



More information about the wp-hackers mailing list