How to change WordPress User Role capabilities

User Roles

User Roles


Every WordPress blog owner knows that WordPress 2.8 and higher user standard roles are: Administrator, Editor, Author, Contributor, Subscriber.
What is the difference? What the “Author” can do but “Contributor” can not? Comprehensive information about it can be found here, at WordPress.org
But where all that data are stored? How to change the role if you really need it? Interested? Read this article and you will get some answers on that questions. Recently I met with the following problem at the multi-authored blog. User with role “Author” can upload images to the blog server, but can not use it in his/her posts. Any HTML tags are immediately removed from post text after “Author” saves his draft or post. The same user with role “Editor” stores post with all HTML tags he includes in it with success. The problem is that WordPress automatically applies HTML filters to all author’s content if he has not “unfiltered_html” capability in his role. The “Author” role has not such capability in WordPress by default. So if you wish to give your authors the ability to include images or other media staff into their posts, you are in the right place.
First of all, user roles data are stored in the MySQL database table which is named ‘wp_options’ by default. You need to have one of MySQL client software (MyPHPAdmin, MySQLyog, etc.) to connect to your blog MySQL database and go ahead with text of this post further.
This SQL command help you find the record containing information about WordPress user roles:

SELECT * FROM wp_options WHERE option_name="wp_user_roles"

As the result we can see that user roles data is stored in the option_value field as the text string of the special format. To be exact, it is a format which can be used to read from and write to the PHP array.

a:5:{
s:13:"administrator";a:2:{s:4:"name";s:13:"Administrator";s:12:"capabilities";a:54:{s:13:"switch_themes";b:1;s:11:"edit_themes";b:1;s:16:"activate_plugins";b:1;s:12:"edit_plugins";b:1;s:10:"edit_users";b:1;s:10:"edit_files";b:1;s:14:"manage_options";b:1;s:17:"moderate_comments";b:1;s:17:"manage_categories";b:1;s:12:"manage_links";b:1;s:12:"upload_files";b:1;s:6:"import";b:1;s:15:"unfiltered_html";b:1;s:10:"edit_posts";b:1;s:17:"edit_others_posts";b:1;s:20:"edit_published_posts";b:1;s:13:"publish_posts";b:1;s:10:"edit_pages";b:1;s:4:"read";b:1;s:8:"level_10";b:1;s:7:"level_9";b:1;s:7:"level_8";b:1;s:7:"level_7";b:1;s:7:"level_6";b:1;s:7:"level_5";b:1;s:7:"level_4";b:1;s:7:"level_3";b:1;s:7:"level_2";b:1;s:7:"level_1";b:1;s:7:"level_0";b:1;s:17:"edit_others_pages";b:1;s:20:"edit_published_pages";b:1;s:13:"publish_pages";b:1;s:12:"delete_pages";b:1;s:19:"delete_others_pages";b:1;s:22:"delete_published_pages";b:1;s:12:"delete_posts";b:1;s:19:"delete_others_posts";b:1;s:22:"delete_published_posts";b:1;s:20:"delete_private_posts";b:1;s:18:"edit_private_posts";b:1;s:18:"read_private_posts";b:1;s:20:"delete_private_pages";b:1;s:18:"edit_private_pages";b:1;s:18:"read_private_pages";b:1;s:12:"delete_users";b:1;s:12:"create_users";b:1;s:17:"unfiltered_upload";b:1;s:14:"edit_dashboard";b:1;s:14:"update_plugins";b:1;s:14:"delete_plugins";b:1;s:15:"install_plugins";b:1;s:13:"update_themes";b:1;s:14:"install_themes";b:1;}}
s:6:"editor";a:2:{s:4:"name";s:6:"Editor";s:12:"capabilities";a:34:{s:17:"moderate_comments";b:1;s:17:"manage_categories";b:1;s:12:"manage_links";b:1;s:12:"upload_files";b:1;s:15:"unfiltered_html";b:1;s:10:"edit_posts";b:1;s:17:"edit_others_posts";b:1;s:20:"edit_published_posts";b:1;s:13:"publish_posts";b:1;s:10:"edit_pages";b:1;s:4:"read";b:1;s:7:"level_7";b:1;s:7:"level_6";b:1;s:7:"level_5";b:1;s:7:"level_4";b:1;s:7:"level_3";b:1;s:7:"level_2";b:1;s:7:"level_1";b:1;s:7:"level_0";b:1;s:17:"edit_others_pages";b:1;s:20:"edit_published_pages";b:1;s:13:"publish_pages";b:1;s:12:"delete_pages";b:1;s:19:"delete_others_pages";b:1;s:22:"delete_published_pages";b:1;s:12:"delete_posts";b:1;s:19:"delete_others_posts";b:1;s:22:"delete_published_posts";b:1;s:20:"delete_private_posts";b:1;s:18:"edit_private_posts";b:1;s:18:"read_private_posts";b:1;s:20:"delete_private_pages";b:1;s:18:"edit_private_pages";b:1;s:18:"read_private_pages";b:1;}}
s:6:"author";a:2:{s:4:"name";s:6:"Author";s:12:"capabilities";a:10:{s:12:"upload_files";b:1;s:10:"edit_posts";b:1;s:20:"edit_published_posts";b:1;s:13:"publish_posts";b:1;s:4:"read";b:1;s:7:"level_2";b:1;s:7:"level_1";b:1;s:7:"level_0";b:1;s:12:"delete_posts";b:1;s:22:"delete_published_posts";b:1;}}
s:11:"contributor";a:2:{s:4:"name";s:11:"Contributor";s:12:"capabilities";a:5:{s:10:"edit_posts";b:1;s:4:"read";b:1;s:7:"level_1";b:1;s:7:"level_0";b:1;s:12:"delete_posts";b:1;}}
s:10:"subscriber";a:2:{s:4:"name";s:10:"Subscriber";s:12:"capabilities";a:2:{s:4:"read";b:1;s:7:"level_0";b:1;}}}

Here we see that:

  • a:number:{ is the begin of array and “number” is the number of array elements. For example “a:5:{” at the begin of the string means that roles array consists of 5 element. Remember that WordPress has exactly 5 roles.
  • s:number:"string"; – “s” is the type of string element, number is the quant of chars in the string. E.g. s:6:"author";
  • b:1; – means the Boolean element with value “1” or “True”
  • That’s almost all. We can see that capabilities are stored inside roles in the “Name-Boolean value” format. Now we should to find the “unfiltered_html” capability in the “Editor” role, copy the sequence s:15:"unfiltered_html";b:1; from there and paste it into the “Author” role, just after s:12:"upload_files";b:1; capability. To finish the role change we have to increase to 1 the quant of elements in the “Author” role array. By default the “Author” role has 10 capabilities or in this special format a:10:{s:12:"upload_files". To finish the role update we need to change 10 to 11, and finally have this a:11:{s:12:"upload_files" inside the “Author” role.
    What is left? Just update MySQL table wp_options to store your changes. Use this SQL command for that:

     UPDATE `wp_options` 
    SET option_value='changed value here' WHERE option_id=NN;

    Do not forget to replace ‘changed value here’ with modified user roles data from the previous query and ‘NN’ on the wp_options table record Id from the same query.
    Warning! Make a backup of wp_options table first. Just after making the fresh backup go ahead with any update SQL command.

    Congratulations, we changed WordPress user role without change the line of PHP code.

    I got the information about WordPress user roles storage mechanism from this file wp-admin\includes\schema.php

    If you wish to change user role capabilities for the WordPress MU blog please read “How to change WordPress MU user role capabilities” post.

    If material shown above is little difficult for you or you have new ideas about user role capabilities valid list more often than 1 time a year consider to use my “User Role Editor” WordPress plugin.
    It offers user interface to make the correction of the user role data easy and convenient way.
    Thank you.

    Tags: ,

  • Pingback: Плагин Редактор Ролей Пользователей WordPress | ShinePHP.com - русское зеркало()

  • http://shinephp.com Vladimir Garagulya

    1st, I tried to insert image into post as contributor and it is shown with lightbox effect successfully. But not from the 1st try :). Check if your contributor user fill the “Link URL” parameter when insert image from media library to the post. Lightbox plugin automatically insert rel=”lightbox” attribute to the link then and image could be open with special effect. If image is inserted without link – lightbox effect doesn’t work. Is it your case?

  • Dolendro

    I have a multiuser site. I’m using this plugin for roles and capabilites part, this is a great plugin. I want to create a capability for listing the users for a same roles and lower roles. I don’t have any idea how to do this one. I don’t want to listing the upper roles when a lower roles login. Please help.

  • http://shinephp.com Vladimir Garagulya

    Give me more details please about your purpose. From where do you wish to exclude users with higher roles? Is it standard WordPress users list at admin menu?
    We know what role is higher from built-in WordPress roles, but how to sort (higher/lower) custom created roles if you have such at your blog?
    Generally it is a programming task. It’s not enough just to add new capability.

  • Rockdizmusic

    I was changing a few options on the User’s rolls and I decided to reset all the options. I’m the admin of my blog and now I can’t check my wordpress updates, nor do i have permission to access “wp-admin/widgets.php”
    is there a fix?? 

    please contact me at the following address:
    rockdizmuisc [at] hotmail.com

  • http://shinephp.com Vladimir Garagulya

    You need to use MySQL access to your blog. Extract roles from your blog according this post recomendation. Extract roles from fresh test WordPress installation. Compare Administrator role capabilities. Replace your blog administrator role with one from test installation. That should help.

  • wahidaus

    Hi Vladimir,

    Thanks for this nice plugin. I have got a question on “Adding a new capability”.

    I would like to add up a part from my theme for others to see it. If I enable Manage options then it brings up that part but then all others options appears with it.

    For your better understanding I have added the screenshot from the WP CMS.

    I would appreciate if you could help.

  • http://shinephp.com Vladimir Garagulya

    Hi Wahidaus,

    Could you be more exact, please, what you wish to achieve? What menu item(s) do you wish to hide/show to the users?
    Is ‘Photos’ a custom post type or this submenu is added by some active image gallery plugin? What plugin do you use in that case?

  • Alex

    Hi Vladimir,

    This is a great plug-in thank you for sharing it. I have a question about access to the Media Library.  I would like one type or user to be able to upload and view all the media but another group is just able to upload and view media they have uploaded.  Is that possible?

    Thanks,

    AM

  • http://shinephp.com Vladimir Garagulya

    Hi Alex,

    Excuse me for delay with answer. I was busy and your question has not trivial decision at my level of expertise. I think, it’s impossible except of modifying core WordPress code. If you agree to restore such changes manually after each WordPress update, you can make something like this:
    Open file wp-admin/includes/wp-media-list-wp-table.php and open it at line #172
    $post_owner = ( get_current_user_id() == $post->post_author ) ? 'self' : 'other';
    Insert just after that row this code:
    if ($post_owner=='other' && !current_user_can(view_all_media')) {
    continue;
    }

    Save your changes. This way, if user has no ‘view_all_media’ capability he will see his media only.

    Regards,
    Vladimir.

  • Omje

    Trully, this tutorials is very helpful for me..
    I tried it in my online store wich have wp 3.3.1 & plugin wp e-commerce 3.8.8.3
    Extremly, I tried to apply this tutorial to change user “Subscriber” from its limited capabilities to “Subscriber” with full capabilities which have in “Administrator”s user
    Thanks for this great tuts.. :)

  • http://shinephp.com Vladimir Garagulya

    Thanks for sharing that.

  • Wp-Wiz

    Thank you so much for you efforts. This is a great plugin and a time saver.
    I would thank you a million times if I could.