Summary:
activate_plugins
capability on the top of the mountain really gives user access to “Plugins” and “Installed Plugins” menu items of WordPress admin back-end menu system and lets him activate/deactivate plugins one by one or applying bulk action to the set of selected plugins.Let’s look together under the WordPress hood and see on examples of WordPress 3.3 core source code how it’s realized.
Searching of ‘activate_plugins’ string occurrences result in this files list: wp-admin/menu.php
, wp-admin/freedoms.php
, wp-admin/plugins.php
, wp-admin/includes/class-plugins-list-table.php
, wp-admin/includes/schema.php
.
Let’s begin?
wp-admin/menu.php gives us the confirmation for the WordPress Codex declaration above. To be more exact this code – allows access to Administrator menu item “Plugins” and “Installed Plugins” submenu item under menu “Plugins”:
155 156 157 | $menu[65] = array( sprintf( __('Plugins %s'), $count ), 'activate_plugins', 'plugins.php', '', 'menu-top menu-icon-plugins', 'menu-plugins', 'div' ); $submenu['plugins.php'][5] = array( __('Installed Plugins'), 'activate_plugins', 'plugins.php' ); |
wp-admin/freedoms.php contains the same link to plugins.php
and shows it to users with ‘activate_plugins’ capability only.
49 | $plugins_url = current_user_can( 'activate_plugins' ) ? admin_url( 'plugins.php' ) : 'http://wordpress.org/extend/plugins/'; |
Where to find this page? Its new feature introduced in WordPress 3.3. At the left corner of WordPress admin back-end menu bar you can see small WordPress logo. After click on it you will see submenu as on image below. Click ‘About WordPress’ and ‘Freedoms’ to achieve freedoms.php
resulting page.
wp-admin/plugins.php – this is WordPress plugins administration panel. And you can achieve it in that case only if you have activate_plugins
capability.
19 20 | if ( !current_user_can('activate_plugins') ) wp_die( __( 'You do not have sufficient permissions to manage plugins for this site.' ) ); |
For the multi-site WordPress installation you should have network superadmin rights additionally.
Further in the code WordPress checks activate_plugins
capability again before execute these actions:
– Activate plugins:
39 40 41 42 | switch ( $action ) { case 'activate': if ( ! current_user_can('activate_plugins') ) wp_die(__('You do not have sufficient permissions to activate plugins for this site.')); |
– Make bulk activation for current blog and bulk network wide activation on selected plugins:
68 69 70 71 | case 'activate-selected': case 'network-activate-selected': if ( ! current_user_can('activate_plugins') ) wp_die(__('You do not have sufficient permissions to activate plugins for this site.')); |
– Display error messages concerning plugins management:
129 130 131 | case 'error_scrape': if ( ! current_user_can('activate_plugins') ) wp_die(__('You do not have sufficient permissions to activate plugins for this site.')); |
– Deactivate plugins:
152 153 154 | case 'deactivate': if ( ! current_user_can('activate_plugins') ) wp_die(__('You do not have sufficient permissions to deactivate plugins for this site.')); |
– Deactivate selected plugins:
165 166 167 | case 'deactivate-selected': if ( ! current_user_can('activate_plugins') ) wp_die(__('You do not have sufficient permissions to deactivate plugins for this site.')); |
wp-admin/includes/class-wp-plugins-list-table.php is used to show plugins list in table format and override ajax_user_can()
method of parent WP_List_Table class in relation of plugins management:
33 34 35 36 37 38 39 40 41 42 | function ajax_user_can() { if ( is_multisite() ) { $menu_perms = get_site_option( 'menu_items', array() ); if ( empty( $menu_perms['plugins'] ) && ! is_super_admin() ) return false; } return current_user_can('activate_plugins'); } |
ajax_user_can()
method is used by wp-admin/admin_ajax.php
to check if current user has permission to execute operation via AJAX request.
wp-admin/includes/schema.php at line #580 inserts activate_plugins
capability into Administrator role during WordPress installation.
576 577 578 579 580 | // Add caps for Administrator role $role =& get_role('administrator'); $role->add_cap('switch_themes'); $role->add_cap('edit_themes'); $role->add_cap('activate_plugins'); |
Tags: user capability, User Role, WordPress