edit_plugins WordPress user capability

edit_plugins WordPress user capabilty

edit_plugins capabilty

This capability is self-explained and self-documented. It does that what it has in its name, really. If user has edit_plugins capability, he get access to the “Editor” menu item at the “Plugins” submenu of administrator back-end system menu. Of course, user should have “activate_plugins” capability too, as without such capability he could not access top level “Plugins” menu item. That is correct for single-site WordPress installation only.
For multi-site WordPress configuration:
1st, you should have super-admin privileges in order to be capable edit installed plugins files,
2nd, you need manage_network_plugins capability to see “Plugins” menu item,
and, finally, you need edit_plugins capability to see “Editor” menu item under it.
Additional information could be find at WordPress Codex.

If you wish to look inside WordPress PHP source code and know more about how edit_plugins capability works, continue reading ;).

WordPress uses edit_plugins capability in these PHP files:

/wp-includes/capabilities.php:
function map_meta_cap() allows to disable file editor, and this way absolutely block edit_plugins capability.

1134
1135
1136
1137
1138
1139
1140
	case 'edit_files':
	case 'edit_plugins':
	case 'edit_themes':
		if ( defined('DISALLOW_FILE_EDIT') && DISALLOW_FILE_EDIT ) {
			$caps[] = 'do_not_allow';
			break;
		}

/wp-admin/menu.php:
Line #163 defines “Editor” menu item, which you can use to make quick change to selected plugin source code. But I don’t recommend you to work this way. In case you make even small mistake during editing, you can crash the whole site as maximum and show visitors some critical security related information to your visitors with PHP error message together as minimum. It’s very critical, so I advice you to make any changes using test environment, e.g. your WordPress site copy. And transfer updated files to your main site just after testing is finished successfully.

156
157
158
159
160
161
162
163
164
	$menu[65] = array( sprintf( __('Plugins %s'), $count ), 'activate_plugins', 'plugins.php', '', 'menu-top menu-icon-plugins', 'menu-plugins', 'div' );
 
	$submenu['plugins.php'][5]  = array( __('Installed Plugins'), 'activate_plugins', 'plugins.php' );
 
		if ( ! is_multisite() ) {
			/* translators: add new plugin */
			$submenu['plugins.php'][10] = array( _x('Add New', 'plugin'), 'install_plugins', 'plugin-install.php' );
			$submenu['plugins.php'][15] = array( _x('Editor', 'plugin editor'), 'edit_plugins', 'plugin-editor.php' );
		}

/wp-admin/plugin-editor.php:
Plugins editor code duplicates edit_plugins capability checking.

17
18
  if ( !current_user_can('edit_plugins') )
	wp_die( __('You do not have sufficient permissions to edit plugins for this site.') );

/wp-admin/network/menu.php:
Line #42 defines “Editor” menu item, which you can use to make quick change to selected plugin source code at network center of your multi-site WordPress installation.

42
  $submenu['plugins.php'][15] = array( _x('Editor', 'plugin editor'), 'edit_plugins', 'plugin-editor.php' );

/wp-admin/includes/class-wp-plugins-list-table.php: “Edit” action link appears under plugin in case you work with single-site WordPress installation, have edit_plugins capability and plugin’s installation directory is writable.

371
372
  if ( ( ! is_multisite() || $screen->is_network ) && current_user_can('edit_plugins') && is_writable(WP_PLUGIN_DIR . '/' . $plugin_file) )
	$actions['edit'] = '<a href="plugin-editor.php?file=' . $plugin_file . '" title="' . esc_attr__('Open this file in the Plugin Editor') . '" class="edit">' . __('Edit') . '</a>';

/wp-admin/includes/schema.php:
tells us, that edit_plugins capability was added to WordPress since version 2.0.

558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
 /**
 * Create the roles for WordPress 2.0
 *
 * @since 2.0.0
 */
function populate_roles_160() {
	// Add roles
 
	// Dummy gettext calls to get strings in the catalog.
	/* translators: user role */
	_x('Administrator', 'User role');
	/* translators: user role */
	_x('Editor', 'User role');
	/* translators: user role */
	_x('Author', 'User role');
	/* translators: user role */
	_x('Contributor', 'User role');
	/* translators: user role */
	_x('Subscriber', 'User role');
 
	add_role('administrator', 'Administrator');
	add_role('editor', 'Editor');
	add_role('author', 'Author');
	add_role('contributor', 'Contributor');
	add_role('subscriber', 'Subscriber');
 
	// Add caps for Administrator role
	$role =& get_role('administrator');
	$role->add_cap('switch_themes');
	$role->add_cap('edit_themes');
	$role->add_cap('activate_plugins');
	$role->add_cap('edit_plugins');

Tags: , ,