I’ve created a “Second Administrator” role to avoid the worst case scenario happening on my WordPress site when I have casual web development contractors. However if I give them the ‘promote_users’ capability, can they promote a random user to an Admin and then circumvent the limitations in place? 2 Answers 2 Yes, if you assign … Read more
Upon dumping the \WP_User object, I’ve noticed that there are two properties, which are directly related to capabilities for a particular user. $user_object->caps $user_object->allcaps I’ve instantly noticed that there’s less array values for $user_object->caps than there are in $user_object->allcaps. Likely hence the naming convention here. I currently only observe ONE value under $user_object->caps. I also … Read more
Is it possible to specify two usergroups (e.g. admins and editors) into the admin menu capability field ? I tried the following but it doesnt work: add_submenu_page( ‘my-top-level-handle’, ‘Page title’, ‘Sub-menu title’, array(‘administrator’, ‘editor’), ‘my-submenu-handle’, ‘my_magic_function’ ); error message: Warning: Illegal offset type in isset or empty in C:\wamp\www\wordpress\wp-includes\capabilities.php on line 712 2 Answers 2 … Read more
I’m developing a plugin that uses custom capabilities. Some of those capabilities need to be added to all users who are super admins. Currently, I’m using this code: $supers = get_super_admins(); foreach ( $supers as $admin ) { $user = new WP_User( 0, $admin ); $user->add_cap( ‘my_cap’ ); $user->add_cap( ‘my_second_cap’ ); } However, I’m concerned … Read more
I have manually created a role called “event-planner”. I’ve assigned some capabilities to it and it works as expected. However, if I later set one of the capabilities from true to false (or viceversa), changes won’t reflect in WordPress. I think this is related to WordPress not updating the capabilities because if I delete the … Read more
I created an external script to import json data into a custom post type that uses wp-load.php. Everything works fine but after every update I get the message Notice: map_meta_cap was called incorrectly. The post type EXAMPLE is not registered, so it may not be reliable to check the capability “edit_post” against a post of … Read more
I’m defining a new user role called Proofreader and as the name says, users of this group should be able to read and also edit the posts and pages. But I do not want them to create new ones. With my custom post types I can set a capability create_post -> create_{cpt_name} and set it … Read more
This question relates to another question I asked recently (http://wordpress.stackexchange.com/questions/29009/how-to-assign-specific-users-the-capability-to-edit-specific-pages-posts-cus/), the answer to which got me most of the way there to what I was trying to do. However, rather than keep updating that question I thought it better to post a new one as I really consider it more of a new issue now. … Read more
I am trying to give my “authors” (who I have renamed “captains”) the ability to access the user profile of their team members and only their team members. The teams are defined by a user-meta box (this works better than a user taxonomy for the rest of the project). Authors have been given the edit_users … Read more
The official documentation only mentions edit_users, but in the source I found many places are using edit_user, what is the difference? Are there any conventions for singular and plural capabilities? e.g. edit_post vs edit_posts? 1 Answer 1 I found a few references to edit_user as a capability, one of which is this: // Allow user … Read more