edit_plugins capabilty
edit_plugins capability, he get access to the “Editor” menu item at the “Plugins” submenu of administrator back-end system menu. Of course, user should have “activate_plugins” capability too, as without such capability he could not access top level “Plugins” menu item. That is correct for single-site WordPress installation only.For multi-site WordPress configuration:
1st, you should have super-admin privileges in order to be capable edit installed plugins files,
2nd, you need
manage_network_plugins capability to see “Plugins” menu item,and, finally, you need
edit_plugins capability to see “Editor” menu item under it.Additional information could be find at WordPress Codex.
If you wish to look inside WordPress PHP source code and know more about how edit_plugins capability works, continue reading ;).
WordPress uses edit_plugins capability in these PHP files:
- /wp-includes/capabilities.php;
- /wp-admin/menu.php;
- /wp-admin/plugin-editor.php;
- /wp-admin/network/menu.php;
- /wp-admin/includes/class-wp-plugins-list-table.php;
- /wp-admin/includes/schema.php;
/wp-includes/capabilities.php:
function map_meta_cap() allows to disable file editor, and this way absolutely block edit_plugins capability.
1134 1135 1136 1137 1138 1139 1140 | case 'edit_files': case 'edit_plugins': case 'edit_themes': if ( defined('DISALLOW_FILE_EDIT') && DISALLOW_FILE_EDIT ) { $caps[] = 'do_not_allow'; break; } |
/wp-admin/menu.php:
Line #163 defines “Editor” menu item, which you can use to make quick change to selected plugin source code. But I don’t recommend you to work this way. In case you make even small mistake during editing, you can crash the whole site as maximum and show visitors some critical security related information to your visitors with PHP error message together as minimum. It’s very critical, so I advice you to make any changes using test environment, e.g. your WordPress site copy. And transfer updated files to your main site just after testing is finished successfully.
156 157 158 159 160 161 162 163 164 | $menu[65] = array( sprintf( __('Plugins %s'), $count ), 'activate_plugins', 'plugins.php', '', 'menu-top menu-icon-plugins', 'menu-plugins', 'div' ); $submenu['plugins.php'][5] = array( __('Installed Plugins'), 'activate_plugins', 'plugins.php' ); if ( ! is_multisite() ) { /* translators: add new plugin */ $submenu['plugins.php'][10] = array( _x('Add New', 'plugin'), 'install_plugins', 'plugin-install.php' ); $submenu['plugins.php'][15] = array( _x('Editor', 'plugin editor'), 'edit_plugins', 'plugin-editor.php' ); } |
/wp-admin/plugin-editor.php:
Plugins editor code duplicates edit_plugins capability checking.
17 18 | if ( !current_user_can('edit_plugins') ) wp_die( __('You do not have sufficient permissions to edit plugins for this site.') ); |
/wp-admin/network/menu.php:
Line #42 defines “Editor” menu item, which you can use to make quick change to selected plugin source code at network center of your multi-site WordPress installation.
42 | $submenu['plugins.php'][15] = array( _x('Editor', 'plugin editor'), 'edit_plugins', 'plugin-editor.php' ); |
/wp-admin/includes/class-wp-plugins-list-table.php: “Edit” action link appears under plugin in case you work with single-site WordPress installation, have edit_plugins capability and plugin’s installation directory is writable.
371 372 | if ( ( ! is_multisite() || $screen->is_network ) && current_user_can('edit_plugins') && is_writable(WP_PLUGIN_DIR . '/' . $plugin_file) ) $actions['edit'] = '<a href="plugin-editor.php?file=' . $plugin_file . '" title="' . esc_attr__('Open this file in the Plugin Editor') . '" class="edit">' . __('Edit') . '</a>'; |
/wp-admin/includes/schema.php:
tells us, that edit_plugins capability was added to WordPress since version 2.0.
558 559 560 561 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586 587 588 589 | /** * Create the roles for WordPress 2.0 * * @since 2.0.0 */ function populate_roles_160() { // Add roles // Dummy gettext calls to get strings in the catalog. /* translators: user role */ _x('Administrator', 'User role'); /* translators: user role */ _x('Editor', 'User role'); /* translators: user role */ _x('Author', 'User role'); /* translators: user role */ _x('Contributor', 'User role'); /* translators: user role */ _x('Subscriber', 'User role'); add_role('administrator', 'Administrator'); add_role('editor', 'Editor'); add_role('author', 'Author'); add_role('contributor', 'Contributor'); add_role('subscriber', 'Subscriber'); // Add caps for Administrator role $role =& get_role('administrator'); $role->add_cap('switch_themes'); $role->add_cap('edit_themes'); $role->add_cap('activate_plugins'); $role->add_cap('edit_plugins'); |
Tags: capability, user capability, WordPress
