Archive for the ‘WordPress Capabilities’ Category
WordPress read capability in depth
Saturday, December 1st, 2012“Dashboard”-“Home”, “Dashboard”-“My Sites” (for multisite WP installation) and “Profile”-“Your Profile”.
Thus if you revoke ‘read’ capability from some user, she could not access to her profile then. Such user will get error message from WordPress just after login: “You do not have sufficient permissions to access this page”.
edit_theme_options capability for WordPress user
Friday, September 28th, 2012‘edit_theme_options’ capability seems to be self-explained. It’s primary purpose is to provide access to WordPress front-end theme options changing.
On practice, if you have ‘edit_theme_options’ capability, then you have access to the ‘Appearance’ menu at WordPress admin back-end and to its menu items: “Themes” (select a theme for your WordPress front-end) and “Menus” (edit menus supported by your selected theme). Customize theme header image, background color, etc. section and ‘Widgets’ menu items require ‘edit_theme_options’ capability also.
How it is realized? How often and at what places WordPress uses/checks this user capability – ‘edit_theme_options’ in order to decide give current user permission to edit theme options or prohibit access to such functionality? Let’s check this together. We will make a quick look into WordPress version 3.4.2 core source code and comment its related fragments.
update_core capability for WordPress user
Sunday, August 5th, 2012
Codex gives us nothing about update_core capability for WordPress user, except WordPress version of its appearing in the code – 3.0. I suppose according to its name, that
WordPress update_core
capability is used to decide, if user can update core WordPress file using built-in WordPress upgrade feature or not. What do you think?
Thoughts are just thoughts, while they are not confirmed by practice and strong experiment. Thus, I decided to check this obviouse guess, satisfy my curiosity and investigate, how and for what purpose WordPress uses update_core capability really. Result of my little investigation will be shown to you below.
Capabilities set for Custom Post Type
Sunday, June 10th, 2012Yes. Custom post type may have custom capabilities set defined and it could be fully different from the standard post capabilities set.
What variants do you have?
1st, – use plugin which can manage not just custom post types, but custom capabilities set for those custom post types too. Good example is Custom Post Types UI WordPress plugin. I used it myself long time at my personal Russian language site FiNovel.com. Inspite of little quant of “Works” reviews at WordPress plugins repository page, I confirm – it works.
edit_plugins WordPress user capability
Sunday, May 6th, 2012edit_plugins
capability, he get access to the “Editor” menu item at the “Plugins” submenu of administrator back-end system menu. Of course, user should have “activate_plugins” capability too, as without such capability he could not access top level “Plugins” menu item. That is correct for single-site WordPress installation only.For multi-site WordPress configuration:
1st, you should have super-admin privileges in order to be capable edit installed plugins files,
edit_files WordPress user capability
Friday, April 27th, 2012edit_files
WordPress user capability introduced into WordPress since version 2.0 is not used anymore. It is added into current WordPress database schema for backward compatibility purpose with old themes and plugins, but no one line of WordPress core code uses this capability to take real decision about user’s permissions, allow or prohibit some operation.Thus, I classified
edit_files
capability as deprecated and show it at User Role Editor plugin similar way as other deprecated capabilities like ‘level_1’, ‘level_2′, etc., that is hidden by default.To see deprecated capabilities list at User Role Editor turn on “Show deprecated capabilities’ checkbox at the top of role editor form.
delete_users WordPress user capability
Monday, April 2nd, 2012delete_users
capability. Is it enough? No. In order to delete user, you need to select it from user list. Thus, you should have some other user capability. Yes, it is 'list_users'
capability. Without such capability you can not access your blog users list (“Users->All Users” menu item) under single-site WordPress installation and can not apply “Delete” command to selected user. Continue reading to see more detailed description and (if you curious enough) look inside WordPress core source code to know where and how WordPress implements ‘delete_users’ security permission.