[wp-hackers] User Roles & Capabilities - How come add and edit aren't separate?

Andrew Nacin wp at andrewnacin.com
Mon Aug 30 00:30:45 UTC 2010


On Sun, Aug 29, 2010 at 7:22 PM, ErisDS <erisds at gmail.com> wrote:

> Hopefully this is a quick question: does anyone know why the capabilities
> aren't divided into edit_posts and add_posts or edit_pages and add_pages?
> The capability "edit_posts"/"edit_pages" also permits a user to add new
> ones. Is it not a reasonable use case that users should be able to add but
> not edit, or edit but not add?
>

I've worked around this by literally denying access to specific screens
based on the $current_screen object, $pagenow, etc., according to specific
use cases. The distinction isn't too useful for regular post types but I've
seen some custom post type use cases where it makes some sense.

It's also tough to decide how it would be handled. When do we make the
switch from requiring add_posts to requiring edit_posts? Someone with only
add_posts will find themselves suddenly losing their post on save, or
publish? Or can they always see it? (In order to see it, they'll need
edit_posts to see that screen, right?) The converse is probably also easier
-- someone having the ability to edit_posts but not add_posts... But at that
point, they can't edit anything unless assigned to them, because they don't
have the capabilities to edit others' posts.

It seems like a sensible breakdown but then the implementation gets very
foggy.


More information about the wp-hackers mailing list