SlideShare a Scribd company logo

WordPress Capabilities Magic

M
mannieschumpert

How to effectively utilize roles and capabilities in WordPress eludes many developers. Working with them can seem tricky and rigid, but it doesn’t have to be. This presentation will have a brief overview of roles and capabilities in WordPress and how a developer can create their own. We will then move into a discussion of the user_has_cap and map_meta_cap filters, which enable developers to precisely manipulate capabilities without having to write anything to the database.

TechnologyBusiness
1 of 30
Download to read offline
Mannie Schumpert WordPress Developer (Not actually a magician) @mannieschumpert mannieschumpert.com
Roles Summary Subscriber read Contributor create posts, edit and delete own posts Author create posts, edit and delete own posts, and publish own posts Editor manage all content Administrator manage everything
Subscriber Contributor Author Editor Administrator Capability Levels by Role
“What if these don’t suit my needs?”
Roll Your Own add_role add_cap
add_role('video_editor',  'Video  Editor',  $caps  ); $caps  =  array(                  'edit_videos'  =>  true,          ); Add Role
Add Capabilities to Existing Roles $role  =  get_role(  'editor'  );   $role-­‐>add_cap(  'pull_rabbit_out_of_hat'  );
The Problem with add_role & add_cap
The Activation Hook register_activation_hook(  __FILE__,  'wordcampchs_activate'  )  );   ! function  wordcampchs_activate(){     $caps  =  array(         'edit_videos'  =>  true,       );     add_role('video_editor',  'Video  Editor',  $caps  );   }
The Magic Filters
user_has_cap map_meta_cap The Magic Filters
“Wait, what are filters?”
filter(  $data,  $info  ); What Are Filters? (pseudo code)
user_has_cap The Magic Filters “Does the user have this capability? Ok, do this other stuff.”
//  If  you  can  edit  pages,  you  can  edit  widgets       add_filter(  'user_has_cap',   function(  $caps  )  {          if  (  !  empty(  $caps['edit_pages']  )  )                  $caps['edit_theme_options']  =  true;          return  $caps;   }  ); Give Editors Widget Capability
Subscriber Contributor Author Editor Administrator Capability Levels by Role
Subscriber Contributor Author Editor Administrator
add_filter('user_has_cap',   function(  $caps  ){     if  (!  empty(  $caps['edit_pages']  )  )  {       $caps['gravityforms_delete_entries']  =  true;       $caps['gravityforms_edit_entries']  =  true;       $caps['gravityforms_edit_entry_notes']  =  true;       $caps['gravityforms_view_entries']  =  true;       $caps['gravityforms_view_entry_notes']  =  true;                  }     return  $caps;   }); Let Editors View Gravity Forms Entries
map_meta_cap The Magic Filters
map_meta_cap /**    *  Filter  a  user's  capabilities  depending  on  specific  context  and/or  privilege.    *    *  @since  2.8.0    *    *  @param  array    $caps        Returns  the  user's  actual  capabilities.    *  @param  string  $cap          Capability  name.    *  @param  int        $user_id  The  user  ID.    *  @param  array    $args        Adds  the  context  to  the  cap.  Typically  the  object  ID.    */   return  apply_filters(  'map_meta_cap',  $caps,  $cap,  $user_id,  $args  );
add_filter('map_meta_cap',  'prevent_user_edit',  10,  4  );   ! function  prevent_user_edit(  $caps,  $cap,  $user_id,  $args  ){         $protected_user  =  1;  //  ID  of  user  not  editable     !   //  Don't  block  caps  if  current  user  =  protected  user     if  (  $user_id  ===  $protected_user  )       return  $caps;         $blocked_caps  =  array(       'delete_user',       'edit_user'       );     if  (  in_array(  $cap,  $blocked_caps  )  &&  $args[0]  ===  $protected_user  )       $caps[]  =  'do_not_allow';         return  $caps;   } Prevent User Edit
NO
add_filter('map_meta_cap',  'prevent_users_edit',  10,  4  );   ! function  prevent_users_edit(  $caps,  $cap,  $user_id,  $args  ){         $protected_users  =  array(1,4,19);  //  IDs  of  users  not  editable     $allowed_editor  =  1;  //  ID  of  user  who  can  edit         if  (  $user_id  ===  $allowed_editor  )  //  Don't  block  caps  if  allowed  editor       return  $caps;         $blocked_caps  =  array(       'delete_user',       'edit_user'       );     if  (  in_array(  $cap,  $blocked_caps  )  &&  in_array(  $args[0],   $protected_user  )  )       $caps[]  =  'do_not_allow';         return  $caps;   } Prevent Editing of an Array of Users
DO NOT ALLOW
The Possibilities are Endless • let a particular user role only edit one taxonomy • let users of one role edit any other users of the same role • remove Tools capabilities from all but the primary admin • prevent some Super Admins from adding sites on a multisite network
Appendix A Codex: http://codex.wordpress.org/Roles_and_Capabilities http://codex.wordpress.org/Plugin_API/Filter_Reference/ user_has_cap http://codex.wordpress.org/Function_Reference/ map_meta_cap Core: map_meta_cap - /wp-includes/capabilities.php Line 1317
Appendix B Videos: “Current User Can Watch This Talk” - Andrew Nacin http://wordpress.tv/2013/08/10/andrew-nacin-current-user- can-watch-this-talk/ Code Snippets from Andrew Nacin’s “Current User Can Watch This Talk” https://gist.github.com/mannieschumpert/8886289
Appendix C Article: WordPress Capabilities Magic with map_meta_cap http://mannieschumpert.com/blog/wordpress-capabilities- magic-with-map_meta_cap/

Recommended

WordCamp Montreal 2015: Combining Custom Post Types, Fields, and Meta Boxes t...
WordCamp Montreal 2015: Combining Custom Post Types, Fields, and Meta Boxes t...WordCamp Montreal 2015: Combining Custom Post Types, Fields, and Meta Boxes t...
WordCamp Montreal 2015: Combining Custom Post Types, Fields, and Meta Boxes t...
allilevine
 
Drupal Development (Part 2)
Drupal Development (Part 2)Drupal Development (Part 2)
Drupal Development (Part 2)
Jeff Eaton
 
Coding for Scale and Sanity
Coding for Scale and SanityCoding for Scale and Sanity
Coding for Scale and Sanity
JimKellerES
 
Dependency Management with RequireJS
Dependency Management with RequireJSDependency Management with RequireJS
Dependency Management with RequireJSAaronius
 
Drupal Step-by-Step: How We Built Our Training Site, Part 1
Drupal Step-by-Step: How We Built Our Training Site, Part 1Drupal Step-by-Step: How We Built Our Training Site, Part 1
Drupal Step-by-Step: How We Built Our Training Site, Part 1Acquia
 
Virtual Madness @ Etsy
Virtual Madness @ EtsyVirtual Madness @ Etsy
Virtual Madness @ Etsy
Nishan Subedi
 
Sins Against Drupal 2
Sins Against Drupal 2Sins Against Drupal 2
Sins Against Drupal 2
Aaron Crosman
 
Drupal sins 2016 10-06
Drupal sins 2016 10-06Drupal sins 2016 10-06
Drupal sins 2016 10-06
Aaron Crosman
 

Recommended

WordCamp Montreal 2015: Combining Custom Post Types, Fields, and Meta Boxes t...
WordCamp Montreal 2015: Combining Custom Post Types, Fields, and Meta Boxes t...WordCamp Montreal 2015: Combining Custom Post Types, Fields, and Meta Boxes t...
WordCamp Montreal 2015: Combining Custom Post Types, Fields, and Meta Boxes t...
allilevine
 
Drupal Development (Part 2)
Drupal Development (Part 2)Drupal Development (Part 2)
Drupal Development (Part 2)
Jeff Eaton
 
Coding for Scale and Sanity
Coding for Scale and SanityCoding for Scale and Sanity
Coding for Scale and Sanity
JimKellerES
 
Dependency Management with RequireJS
Dependency Management with RequireJSDependency Management with RequireJS
Dependency Management with RequireJSAaronius
 
Drupal Step-by-Step: How We Built Our Training Site, Part 1
Drupal Step-by-Step: How We Built Our Training Site, Part 1Drupal Step-by-Step: How We Built Our Training Site, Part 1
Drupal Step-by-Step: How We Built Our Training Site, Part 1Acquia
 
Virtual Madness @ Etsy
Virtual Madness @ EtsyVirtual Madness @ Etsy
Virtual Madness @ Etsy
Nishan Subedi
 
Sins Against Drupal 2
Sins Against Drupal 2Sins Against Drupal 2
Sins Against Drupal 2
Aaron Crosman
 
Drupal sins 2016 10-06
Drupal sins 2016 10-06Drupal sins 2016 10-06
Drupal sins 2016 10-06
Aaron Crosman
 
50 Laravel Tricks in 50 Minutes
50 Laravel Tricks in 50 Minutes50 Laravel Tricks in 50 Minutes
50 Laravel Tricks in 50 Minutes
Azim Kurt
 
Your Entity, Your Code
Your Entity, Your CodeYour Entity, Your Code
Your Entity, Your Code
Marco Vito Moscaritolo
 
Анатолий Поляков - Drupal.ajax framework from a to z
Анатолий Поляков - Drupal.ajax framework from a to zАнатолий Поляков - Drupal.ajax framework from a to z
Анатолий Поляков - Drupal.ajax framework from a to z
LEDC 2016
 
Ajax nested form and ajax upload in rails
Ajax nested form and ajax upload in railsAjax nested form and ajax upload in rails
Ajax nested form and ajax upload in rails
Tse-Ching Ho
 
Symfony2 Building on Alpha / Beta technology
Symfony2 Building on Alpha / Beta technologySymfony2 Building on Alpha / Beta technology
Symfony2 Building on Alpha / Beta technology
Daniel Knell
 
Dig Deeper into WordPress - WD Meetup Cairo
Dig Deeper into WordPress - WD Meetup CairoDig Deeper into WordPress - WD Meetup Cairo
Dig Deeper into WordPress - WD Meetup Cairo
Mohamed Mosaad
 
Система рендеринга в Magento
Система рендеринга в MagentoСистема рендеринга в Magento
Система рендеринга в MagentoMagecom Ukraine
 
Introduction to Web Components
Introduction to Web ComponentsIntroduction to Web Components
Introduction to Web Components
Felix Arntz
 
Bag Of Tricks From Iusethis
Bag Of Tricks From IusethisBag Of Tricks From Iusethis
Bag Of Tricks From Iusethis
Marcus Ramberg
 
Your code sucks, let's fix it - DPC UnCon
Your code sucks, let's fix it - DPC UnConYour code sucks, let's fix it - DPC UnCon
Your code sucks, let's fix it - DPC UnCon
Rafael Dohms
 
TDC 2015 - Metaprogramação na prática
TDC 2015 - Metaprogramação na práticaTDC 2015 - Metaprogramação na prática
TDC 2015 - Metaprogramação na prática
Guilherme Carreiro
 
WordPress Theme Design and Development Workshop - Day 3
WordPress Theme Design and Development Workshop - Day 3WordPress Theme Design and Development Workshop - Day 3
WordPress Theme Design and Development Workshop - Day 3
Mizanur Rahaman Mizan
 
날로 먹는 Django admin 활용
날로 먹는 Django admin 활용날로 먹는 Django admin 활용
날로 먹는 Django admin 활용
KyeongMook "Kay" Cha
 
WordPress plugin #3
WordPress plugin #3WordPress plugin #3
WordPress plugin #3
giwoolee
 
Quality code by design
Quality code by designQuality code by design
Quality code by design
WP Developers Club
 
Paying off technical debt with PHPSpec
Paying off technical debt with PHPSpecPaying off technical debt with PHPSpec
Paying off technical debt with PHPSpec
Lewis Wright
 
jQuery UI Widgets, Drag and Drop, Drupal 7 Javascript
jQuery UI Widgets, Drag and Drop, Drupal 7 JavascriptjQuery UI Widgets, Drag and Drop, Drupal 7 Javascript
jQuery UI Widgets, Drag and Drop, Drupal 7 Javascript
Darren Mothersele
 
Drupal & javascript
Drupal & javascriptDrupal & javascript
Drupal & javascript
Almog Baku
 
Building secured wordpress themes and plugins
Building secured wordpress themes and pluginsBuilding secured wordpress themes and plugins
Building secured wordpress themes and plugins
Tikaram Bhandari
 
Keeping It Simple
Keeping It SimpleKeeping It Simple
Keeping It Simple
Stephanie Leary
 
Calidad y productividad en la docencia de la educación superior
Calidad y productividad en la docencia de la educación superiorCalidad y productividad en la docencia de la educación superior
Calidad y productividad en la docencia de la educación superior
orlandomontes1979
 
Steven McDonnells Alan Kerins Project Experience
Steven McDonnells Alan Kerins Project ExperienceSteven McDonnells Alan Kerins Project Experience
Steven McDonnells Alan Kerins Project Experience
Servisource Recruitment
 

More Related Content

What's hot

50 Laravel Tricks in 50 Minutes
50 Laravel Tricks in 50 Minutes50 Laravel Tricks in 50 Minutes
50 Laravel Tricks in 50 Minutes
Azim Kurt
 
Your Entity, Your Code
Your Entity, Your CodeYour Entity, Your Code
Your Entity, Your Code
Marco Vito Moscaritolo
 
Анатолий Поляков - Drupal.ajax framework from a to z
Анатолий Поляков - Drupal.ajax framework from a to zАнатолий Поляков - Drupal.ajax framework from a to z
Анатолий Поляков - Drupal.ajax framework from a to z
LEDC 2016
 
Ajax nested form and ajax upload in rails
Ajax nested form and ajax upload in railsAjax nested form and ajax upload in rails
Ajax nested form and ajax upload in rails
Tse-Ching Ho
 
Symfony2 Building on Alpha / Beta technology
Symfony2 Building on Alpha / Beta technologySymfony2 Building on Alpha / Beta technology
Symfony2 Building on Alpha / Beta technology
Daniel Knell
 
Dig Deeper into WordPress - WD Meetup Cairo
Dig Deeper into WordPress - WD Meetup CairoDig Deeper into WordPress - WD Meetup Cairo
Dig Deeper into WordPress - WD Meetup Cairo
Mohamed Mosaad
 
Система рендеринга в Magento
Система рендеринга в MagentoСистема рендеринга в Magento
Система рендеринга в MagentoMagecom Ukraine
 
Introduction to Web Components
Introduction to Web ComponentsIntroduction to Web Components
Introduction to Web Components
Felix Arntz
 
Bag Of Tricks From Iusethis
Bag Of Tricks From IusethisBag Of Tricks From Iusethis
Bag Of Tricks From Iusethis
Marcus Ramberg
 
Your code sucks, let's fix it - DPC UnCon
Your code sucks, let's fix it - DPC UnConYour code sucks, let's fix it - DPC UnCon
Your code sucks, let's fix it - DPC UnCon
Rafael Dohms
 
TDC 2015 - Metaprogramação na prática
TDC 2015 - Metaprogramação na práticaTDC 2015 - Metaprogramação na prática
TDC 2015 - Metaprogramação na prática
Guilherme Carreiro
 
WordPress Theme Design and Development Workshop - Day 3
WordPress Theme Design and Development Workshop - Day 3WordPress Theme Design and Development Workshop - Day 3
WordPress Theme Design and Development Workshop - Day 3
Mizanur Rahaman Mizan
 
날로 먹는 Django admin 활용
날로 먹는 Django admin 활용날로 먹는 Django admin 활용
날로 먹는 Django admin 활용
KyeongMook "Kay" Cha
 
WordPress plugin #3
WordPress plugin #3WordPress plugin #3
WordPress plugin #3
giwoolee
 
Quality code by design
Quality code by designQuality code by design
Quality code by design
WP Developers Club
 
Paying off technical debt with PHPSpec
Paying off technical debt with PHPSpecPaying off technical debt with PHPSpec
Paying off technical debt with PHPSpec
Lewis Wright
 
jQuery UI Widgets, Drag and Drop, Drupal 7 Javascript
jQuery UI Widgets, Drag and Drop, Drupal 7 JavascriptjQuery UI Widgets, Drag and Drop, Drupal 7 Javascript
jQuery UI Widgets, Drag and Drop, Drupal 7 Javascript
Darren Mothersele
 
Drupal & javascript
Drupal & javascriptDrupal & javascript
Drupal & javascript
Almog Baku
 
Building secured wordpress themes and plugins
Building secured wordpress themes and pluginsBuilding secured wordpress themes and plugins
Building secured wordpress themes and plugins
Tikaram Bhandari
 
Keeping It Simple
Keeping It SimpleKeeping It Simple
Keeping It Simple
Stephanie Leary
 

What's hot (20)

50 Laravel Tricks in 50 Minutes
50 Laravel Tricks in 50 Minutes50 Laravel Tricks in 50 Minutes
50 Laravel Tricks in 50 Minutes
 
Your Entity, Your Code
Your Entity, Your CodeYour Entity, Your Code
Your Entity, Your Code
 
Анатолий Поляков - Drupal.ajax framework from a to z
Анатолий Поляков - Drupal.ajax framework from a to zАнатолий Поляков - Drupal.ajax framework from a to z
Анатолий Поляков - Drupal.ajax framework from a to z
 
Ajax nested form and ajax upload in rails
Ajax nested form and ajax upload in railsAjax nested form and ajax upload in rails
Ajax nested form and ajax upload in rails
 
Symfony2 Building on Alpha / Beta technology
Symfony2 Building on Alpha / Beta technologySymfony2 Building on Alpha / Beta technology
Symfony2 Building on Alpha / Beta technology
 
Dig Deeper into WordPress - WD Meetup Cairo
Dig Deeper into WordPress - WD Meetup CairoDig Deeper into WordPress - WD Meetup Cairo
Dig Deeper into WordPress - WD Meetup Cairo
 
Система рендеринга в Magento
Система рендеринга в MagentoСистема рендеринга в Magento
Система рендеринга в Magento
 
Introduction to Web Components
Introduction to Web ComponentsIntroduction to Web Components
Introduction to Web Components
 
Bag Of Tricks From Iusethis
Bag Of Tricks From IusethisBag Of Tricks From Iusethis
Bag Of Tricks From Iusethis
 
Your code sucks, let's fix it - DPC UnCon
Your code sucks, let's fix it - DPC UnConYour code sucks, let's fix it - DPC UnCon
Your code sucks, let's fix it - DPC UnCon
 
TDC 2015 - Metaprogramação na prática
TDC 2015 - Metaprogramação na práticaTDC 2015 - Metaprogramação na prática
TDC 2015 - Metaprogramação na prática
 
WordPress Theme Design and Development Workshop - Day 3
WordPress Theme Design and Development Workshop - Day 3WordPress Theme Design and Development Workshop - Day 3
WordPress Theme Design and Development Workshop - Day 3
 
날로 먹는 Django admin 활용
날로 먹는 Django admin 활용날로 먹는 Django admin 활용
날로 먹는 Django admin 활용
 
WordPress plugin #3
WordPress plugin #3WordPress plugin #3
WordPress plugin #3
 
Quality code by design
Quality code by designQuality code by design
Quality code by design
 
Paying off technical debt with PHPSpec
Paying off technical debt with PHPSpecPaying off technical debt with PHPSpec
Paying off technical debt with PHPSpec
 
jQuery UI Widgets, Drag and Drop, Drupal 7 Javascript
jQuery UI Widgets, Drag and Drop, Drupal 7 JavascriptjQuery UI Widgets, Drag and Drop, Drupal 7 Javascript
jQuery UI Widgets, Drag and Drop, Drupal 7 Javascript
 
Drupal & javascript
Drupal & javascriptDrupal & javascript
Drupal & javascript
 
Building secured wordpress themes and plugins
Building secured wordpress themes and pluginsBuilding secured wordpress themes and plugins
Building secured wordpress themes and plugins
 
Keeping It Simple
Keeping It SimpleKeeping It Simple
Keeping It Simple
 

Viewers also liked

Calidad y productividad en la docencia de la educación superior
Calidad y productividad en la docencia de la educación superiorCalidad y productividad en la docencia de la educación superior
Calidad y productividad en la docencia de la educación superior
orlandomontes1979
 
Steven McDonnells Alan Kerins Project Experience
Steven McDonnells Alan Kerins Project ExperienceSteven McDonnells Alan Kerins Project Experience
Steven McDonnells Alan Kerins Project Experience
Servisource Recruitment
 
Comportamientos digitales
Comportamientos digitalesComportamientos digitales
Comportamientos digitalesdayanakatherine
 
Cap 55
Cap 55Cap 55
Cap 55
amalamol
 
calidad y educación
calidad y educacióncalidad y educación
calidad y educación
orlandomontes1979
 
Proyecto producción de hongos comestibles.2012
Proyecto producción de hongos comestibles.2012Proyecto producción de hongos comestibles.2012
Proyecto producción de hongos comestibles.2012
orlandomontes1979
 
Comportamientos digitales
Comportamientos digitalesComportamientos digitales
Comportamientos digitalesdayanakatherine
 

Viewers also liked (13)

Calidad y productividad en la docencia de la educación superior
Calidad y productividad en la docencia de la educación superiorCalidad y productividad en la docencia de la educación superior
Calidad y productividad en la docencia de la educación superior
 
Steven McDonnells Alan Kerins Project Experience
Steven McDonnells Alan Kerins Project ExperienceSteven McDonnells Alan Kerins Project Experience
Steven McDonnells Alan Kerins Project Experience
 
Comportamientos digitales
Comportamientos digitalesComportamientos digitales
Comportamientos digitales
 
Cap 55
Cap 55Cap 55
Cap 55
 
calidad y educación
calidad y educacióncalidad y educación
calidad y educación
 
Proyecto producción de hongos comestibles.2012
Proyecto producción de hongos comestibles.2012Proyecto producción de hongos comestibles.2012
Proyecto producción de hongos comestibles.2012
 
Doc (2)
Doc (2)Doc (2)
Doc (2)
 
Roxtec BG Solutions
Roxtec BG SolutionsRoxtec BG Solutions
Roxtec BG Solutions
 
Summery
SummerySummery
Summery
 
PUMA analysis
PUMA analysisPUMA analysis
PUMA analysis
 
Diapositivas TIC
Diapositivas TICDiapositivas TIC
Diapositivas TIC
 
Tugas 3 konsep layanan
Tugas 3 konsep layananTugas 3 konsep layanan
Tugas 3 konsep layanan
 
Comportamientos digitales
Comportamientos digitalesComportamientos digitales
Comportamientos digitales
 

Similar to WordPress Capabilities Magic

laravel tricks in 50minutes
laravel tricks in 50minuteslaravel tricks in 50minutes
laravel tricks in 50minutes
Barang CK
 
Drupal csu-open atriumname
Drupal csu-open atriumnameDrupal csu-open atriumname
Drupal csu-open atriumname
Emanuele Quinto
 
Как получить чёрный пояс по WordPress? v2.0
Как получить чёрный пояс по WordPress? v2.0Как получить чёрный пояс по WordPress? v2.0
Как получить чёрный пояс по WordPress? v2.0
Yevhen Kotelnytskyi
 
Curso Symfony - Clase 2
Curso Symfony - Clase 2Curso Symfony - Clase 2
Curso Symfony - Clase 2
Javier Eguiluz
 
Using Geeklog as a Web Application Framework
Using Geeklog as a Web Application FrameworkUsing Geeklog as a Web Application Framework
Using Geeklog as a Web Application Framework
Dirk Haun
 
Как получить чёрный пояс по WordPress?
Как получить чёрный пояс по WordPress?Как получить чёрный пояс по WordPress?
Как получить чёрный пояс по WordPress?
Yevhen Kotelnytskyi
 
Tidy Up Your Code
Tidy Up Your CodeTidy Up Your Code
Tidy Up Your Code
Abbas Ali
 
Doctrine For Beginners
Doctrine For BeginnersDoctrine For Beginners
Doctrine For Beginners
Jonathan Wage
 
Magento Dependency Injection
Magento Dependency InjectionMagento Dependency Injection
Magento Dependency InjectionAnton Kril
 
First Steps in Drupal Code Driven Development
First Steps in Drupal Code Driven DevelopmentFirst Steps in Drupal Code Driven Development
First Steps in Drupal Code Driven Development
Nuvole
 
WordPress REST API hacking
WordPress REST API hackingWordPress REST API hacking
WordPress REST API hacking
Jeroen van Dijk
 
WordPress as an application framework
WordPress as an application frameworkWordPress as an application framework
WordPress as an application framework
Dustin Filippini
 
Empowering users: modifying the admin experience
Empowering users: modifying the admin experienceEmpowering users: modifying the admin experience
Empowering users: modifying the admin experience
Beth Soderberg
 
10 Things Every Plugin Developer Should Know (WordCamp Atlanta 2013)
10 Things Every Plugin Developer Should Know (WordCamp Atlanta 2013)10 Things Every Plugin Developer Should Know (WordCamp Atlanta 2013)
10 Things Every Plugin Developer Should Know (WordCamp Atlanta 2013)arcware
 
Amp Up Your Admin
Amp Up Your AdminAmp Up Your Admin
Amp Up Your Admin
Amanda Giles
 
Introduction to Zend Framework web services
Introduction to Zend Framework web servicesIntroduction to Zend Framework web services
Introduction to Zend Framework web services
Michelangelo van Dam
 
Zend framework service
Zend framework serviceZend framework service
Zend framework service
Michelangelo van Dam
 
Zend framework service
Zend framework serviceZend framework service
Zend framework service
Michelangelo van Dam
 
WordCamp Denver 2012 - Custom Meta Boxes
WordCamp Denver 2012 - Custom Meta BoxesWordCamp Denver 2012 - Custom Meta Boxes
WordCamp Denver 2012 - Custom Meta Boxes
Jeremy Green
 
07 Php Mysql Update Delete
07 Php Mysql Update Delete07 Php Mysql Update Delete
07 Php Mysql Update Delete
Geshan Manandhar
 

Similar to WordPress Capabilities Magic (20)

laravel tricks in 50minutes
laravel tricks in 50minuteslaravel tricks in 50minutes
laravel tricks in 50minutes
 
Drupal csu-open atriumname
Drupal csu-open atriumnameDrupal csu-open atriumname
Drupal csu-open atriumname
 
Как получить чёрный пояс по WordPress? v2.0
Как получить чёрный пояс по WordPress? v2.0Как получить чёрный пояс по WordPress? v2.0
Как получить чёрный пояс по WordPress? v2.0
 
Curso Symfony - Clase 2
Curso Symfony - Clase 2Curso Symfony - Clase 2
Curso Symfony - Clase 2
 
Using Geeklog as a Web Application Framework
Using Geeklog as a Web Application FrameworkUsing Geeklog as a Web Application Framework
Using Geeklog as a Web Application Framework
 
Как получить чёрный пояс по WordPress?
Как получить чёрный пояс по WordPress?Как получить чёрный пояс по WordPress?
Как получить чёрный пояс по WordPress?
 
Tidy Up Your Code
Tidy Up Your CodeTidy Up Your Code
Tidy Up Your Code
 
Doctrine For Beginners
Doctrine For BeginnersDoctrine For Beginners
Doctrine For Beginners
 
Magento Dependency Injection
Magento Dependency InjectionMagento Dependency Injection
Magento Dependency Injection
 
First Steps in Drupal Code Driven Development
First Steps in Drupal Code Driven DevelopmentFirst Steps in Drupal Code Driven Development
First Steps in Drupal Code Driven Development
 
WordPress REST API hacking
WordPress REST API hackingWordPress REST API hacking
WordPress REST API hacking
 
WordPress as an application framework
WordPress as an application frameworkWordPress as an application framework
WordPress as an application framework
 
Empowering users: modifying the admin experience
Empowering users: modifying the admin experienceEmpowering users: modifying the admin experience
Empowering users: modifying the admin experience
 
10 Things Every Plugin Developer Should Know (WordCamp Atlanta 2013)
10 Things Every Plugin Developer Should Know (WordCamp Atlanta 2013)10 Things Every Plugin Developer Should Know (WordCamp Atlanta 2013)
10 Things Every Plugin Developer Should Know (WordCamp Atlanta 2013)
 
Amp Up Your Admin
Amp Up Your AdminAmp Up Your Admin
Amp Up Your Admin
 
Introduction to Zend Framework web services
Introduction to Zend Framework web servicesIntroduction to Zend Framework web services
Introduction to Zend Framework web services
 
Zend framework service
Zend framework serviceZend framework service
Zend framework service
 
Zend framework service
Zend framework serviceZend framework service
Zend framework service
 
WordCamp Denver 2012 - Custom Meta Boxes
WordCamp Denver 2012 - Custom Meta BoxesWordCamp Denver 2012 - Custom Meta Boxes
WordCamp Denver 2012 - Custom Meta Boxes
 
07 Php Mysql Update Delete
07 Php Mysql Update Delete07 Php Mysql Update Delete
07 Php Mysql Update Delete
 

Recently uploaded

Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
Thijs Feryn
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
Safe Software
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Paige Cruz
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
Jemma Hussein Allen
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
KatiaHIMEUR1
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
Aftab Hussain
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
OnBoard
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
Sri Ambati
 
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
UiPathCommunity
 
Free Complete Python - A step towards Data Science
Free Complete Python - A step towards Data ScienceFree Complete Python - A step towards Data Science
Free Complete Python - A step towards Data Science
RinaMondal9
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
James Anderson
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Nexer Digital
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
sonjaschweigert1
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 

Recently uploaded (20)

Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
 
Free Complete Python - A step towards Data Science
Free Complete Python - A step towards Data ScienceFree Complete Python - A step towards Data Science
Free Complete Python - A step towards Data Science
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
 

WordPress Capabilities Magic

  • 1.
  • 2. Mannie Schumpert WordPress Developer (Not actually a magician) @mannieschumpert mannieschumpert.com
  • 3. Roles Summary Subscriber read Contributor create posts, edit and delete own posts Author create posts, edit and delete own posts, and publish own posts Editor manage all content Administrator manage everything
  • 4. Subscriber Contributor Author Editor Administrator Capability Levels by Role
  • 5. “What if these don’t suit my needs?”
  • 7. add_role('video_editor',  'Video  Editor',  $caps  ); $caps  =  array(                  'edit_videos'  =>  true,          ); Add Role
  • 8. Add Capabilities to Existing Roles $role  =  get_role(  'editor'  );   $role-­‐>add_cap(  'pull_rabbit_out_of_hat'  );
  • 9. The Problem with add_role & add_cap
  • 10.
  • 11. The Activation Hook register_activation_hook(  __FILE__,  'wordcampchs_activate'  )  );   ! function  wordcampchs_activate(){     $caps  =  array(         'edit_videos'  =>  true,       );     add_role('video_editor',  'Video  Editor',  $caps  );   }
  • 14. “Wait, what are filters?”
  • 15. filter(  $data,  $info  ); What Are Filters? (pseudo code)
  • 16. user_has_cap The Magic Filters “Does the user have this capability? Ok, do this other stuff.”
  • 17. //  If  you  can  edit  pages,  you  can  edit  widgets       add_filter(  'user_has_cap',   function(  $caps  )  {          if  (  !  empty(  $caps['edit_pages']  )  )                  $caps['edit_theme_options']  =  true;          return  $caps;   }  ); Give Editors Widget Capability
  • 18. Subscriber Contributor Author Editor Administrator Capability Levels by Role
  • 19. Subscriber Contributor Author Editor Administrator
  • 20. add_filter('user_has_cap',   function(  $caps  ){     if  (!  empty(  $caps['edit_pages']  )  )  {       $caps['gravityforms_delete_entries']  =  true;       $caps['gravityforms_edit_entries']  =  true;       $caps['gravityforms_edit_entry_notes']  =  true;       $caps['gravityforms_view_entries']  =  true;       $caps['gravityforms_view_entry_notes']  =  true;                  }     return  $caps;   }); Let Editors View Gravity Forms Entries
  • 22. map_meta_cap /**    *  Filter  a  user's  capabilities  depending  on  specific  context  and/or  privilege.    *    *  @since  2.8.0    *    *  @param  array    $caps        Returns  the  user's  actual  capabilities.    *  @param  string  $cap          Capability  name.    *  @param  int        $user_id  The  user  ID.    *  @param  array    $args        Adds  the  context  to  the  cap.  Typically  the  object  ID.    */   return  apply_filters(  'map_meta_cap',  $caps,  $cap,  $user_id,  $args  );
  • 23. add_filter('map_meta_cap',  'prevent_user_edit',  10,  4  );   ! function  prevent_user_edit(  $caps,  $cap,  $user_id,  $args  ){         $protected_user  =  1;  //  ID  of  user  not  editable     !   //  Don't  block  caps  if  current  user  =  protected  user     if  (  $user_id  ===  $protected_user  )       return  $caps;         $blocked_caps  =  array(       'delete_user',       'edit_user'       );     if  (  in_array(  $cap,  $blocked_caps  )  &&  $args[0]  ===  $protected_user  )       $caps[]  =  'do_not_allow';         return  $caps;   } Prevent User Edit
  • 24. NO
  • 25. add_filter('map_meta_cap',  'prevent_users_edit',  10,  4  );   ! function  prevent_users_edit(  $caps,  $cap,  $user_id,  $args  ){         $protected_users  =  array(1,4,19);  //  IDs  of  users  not  editable     $allowed_editor  =  1;  //  ID  of  user  who  can  edit         if  (  $user_id  ===  $allowed_editor  )  //  Don't  block  caps  if  allowed  editor       return  $caps;         $blocked_caps  =  array(       'delete_user',       'edit_user'       );     if  (  in_array(  $cap,  $blocked_caps  )  &&  in_array(  $args[0],   $protected_user  )  )       $caps[]  =  'do_not_allow';         return  $caps;   } Prevent Editing of an Array of Users
  • 27. The Possibilities are Endless • let a particular user role only edit one taxonomy • let users of one role edit any other users of the same role • remove Tools capabilities from all but the primary admin • prevent some Super Admins from adding sites on a multisite network
  • 29. Appendix B Videos: “Current User Can Watch This Talk” - Andrew Nacin http://wordpress.tv/2013/08/10/andrew-nacin-current-user- can-watch-this-talk/ Code Snippets from Andrew Nacin’s “Current User Can Watch This Talk” https://gist.github.com/mannieschumpert/8886289
  • 30. Appendix C Article: WordPress Capabilities Magic with map_meta_cap http://mannieschumpert.com/blog/wordpress-capabilities- magic-with-map_meta_cap/