[wp-trac] Re: [WordPress Trac] #2775: Ability for all users to add
users of lesser cabable roles
WordPress Trac
wp-trac at lists.automattic.com
Wed Jun 14 01:09:34 GMT 2006
#2775: Ability for all users to add users of lesser cabable roles
----------------------------+-----------------------------------------------
Id: 2775 | Status: new
Component: Administration | Modified: Wed Jun 14 01:09:33 2006
Severity: enhancement | Milestone:
Priority: normal | Version: 2.1
Owner: doit-cu | Reporter: doit-cu
----------------------------+-----------------------------------------------
Comment (by ringmaster):
The new ideas we discussed sounded good.
Essentially, a new associative array would be formed that contains target
information (what user is being edited, what role they're being set to,
what action is being performed, etc) and standardized array keys (like
"action", "target_user", etc.) and passed with calls to current_user_can()
like:
{{{current_user_can('edit_user', array('target_user'=>$target_user_id,
...))}}}
A new hook will be added to the end of get_meta_cap() that will forward
all of this data on to registered plugins. The plugins can then implement
completely new security models, even ones based on the old level
hierarchy.
This will also have the advantage of allowing the filtering of other caps
for meta caps, which really enhances the capabilities of... er...
capabilities.
Without a plugin, capability functionality will remain unchanged, but it's
a great boon for WP as a CMS, and it should only be a few lines of change.
Plugins should be sure to filter for only the meta caps they need,
otherwise some circular logic could be introduced (by calling
current_user_can() with a meta cap from inside the hook sink for
get_meta_cap).
--
Ticket URL: <http://trac.wordpress.org/ticket/2775>
WordPress Trac <http://wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list