2. July 2011
von Blackbam

You may have noticed that understanding and extending roles and capabilities in WordPress can be a bit confusing as a start. On the one hand there are the default roles: (Super Admin), Administrator, Editor, Author, Contributor, Subscriber, and they all have more or less rights (=capabilities) to do actions on a WordPress website, with descending rights as they are ordered here.

 

These roles do not exist since the early days of WordPress. They are mapped onto the traditional WordPress role system, which is a user level system from 0-10, while 10 is the highest level (all rights) and 0 is the lowest level (fewest rights). This interrelationship is shown on the following table from the Codex:

 

 

Each of the user levels has a certain amount of capabilities. These capabilities exactly define what a WordPress user is allowed to do on the website. The capability "edit_posts", for example, allows a user to edit his own published posts, the capability "add_users" allows a user to add new users to the system, and so on.

 

Important things to know about roles and capabilities

The default system may be enough for blog systems, but not when it comes to WordPress as a CMS. The following things are important to know:

 

  • It is possible to create custom roles and custom capabilities (as they are registered default with custom post types)
  • One user can have more than one of the default roles, a user could be an "administrator", "editor" and something like a custom "job_publisher" at the same time, for example. These roles are stored in the user-meta table for every user, in the field Table Prefix + capabilities.
  • You can make a semantic rule, that users on your website only are allowed to have one role at the same time, if you want to have a simplified role handling

How to extend the default role system then?

You can search for functions and information how to do that in the Function Reference or using Google. I recommend the great and well-known Members Plugin by Justin Tadlock, which will make managing these things quite easy using the WordPress backend. Just check it out. It is described as follows:

 

"Members is a plugin that extends your control over your blog. It's a user, role, and content management plugin that was created to make WordPress a more powerful CMS.

 

The foundation of the plugin is its extensive role and capability management system. This is the backbone of all the current features and planned future features."

 

How can we easily get roles and work with roles in Plugins and Themes now?

The following functions proved to be really useful, as they work almost anywhere you call them inside WordPress.

 

Returns the current users' roles on every page inside WordPress as an array
function getUserRolesAdminEdit() {
 
 $current_user = wp_get_current_user();
 
 $currentuserid = $current_user->ID;
 
 if(isset($_REQUEST['user_id']) && $_REQUEST['user_id']!="") {
  $currentuserid = $_REQUEST['user_id'];
 }
 
 $userroles = array('subscriber');
 
 $user = new WP_User( $currentuserid );
 
 if ( !empty( $user->roles ) && is_array( $user->roles ) ) {
  $userroles=$user->roles;
 }
 
 return $userroles;
}

 

...or the current users' role as a string, if you are sure there is only one per user
function getUserRoleAdminEdit() {
 
 $current_user = wp_get_current_user();
 
 $currentuserid = $current_user->ID;
 
 if(isset($_REQUEST['user_id']) && $_REQUEST['user_id']!="") {
  $currentuserid = $_REQUEST['user_id'];
 }
 
 $userrole = 'subscriber';
 
 $user = new WP_User( $currentuserid );
 
 if ( !empty( $user->roles ) && is_array( $user->roles ) ) {
  // only change this if one user can have more than one role, which is not expected
  $userrole=$user->roles[0];
 }
 
 return $userrole;
}

 

The following function always returns the correct user ID, which can be useful especially for admin pages
function getUserIdAdminEdit() {
 
 $current_user = wp_get_current_user();
 
 $currentuserid = $current_user->ID;
 
 if(isset($_REQUEST['user_id']) && $_REQUEST['user_id']!="") {
  $currentuserid = $_REQUEST['user_id'];
 }
 
 return $currentuserid;
}
Share

Dieser Eintrag wurde am 2. July 2011 um 17:17 in der Kategorie WordPress, WP Scripts veröffentlicht. You can book the comments for this article RSS 2.0. Feedback, discussion, commendation and critics are welcome: Write a comment or trackback.


Tags: , , , ,

No comments yet

Kommentare abonnieren (RSS) or URL Trackback

Leave a comment: