Articles of add cap

add_cap only adding the first two in array

After numerous days of trying to track down a problem in code, it turns out that the add_cap is only taking the first two in an array. The first one (editor) will only add delete_others_pages and delete_others_posts to the database. If I use the second method of repeating add_cap then I can get all of […]

How can I grant capabilities directly to users (not roles) in wp-admin?

I want to create dynamic capabilities using WP_Role::add_cap(), something like $author_role = get_role(‘author’); foreach ($sections as $section) { $author_role->add_cap( “edit_{$section}_pages”, /* grant= */ false ); } and then let administrators grant certain of those capabilities to certain authors only (e.g., Jane can edit_school_pages) in wp-admin (not programmatically, via WP_User::add_cap()). I assume a plugin can help […]

Remove upload_files capability from a role but allow role to manage an avatar image

I have a site with 1 admin, 11 editors, and 4000+ authors. I need to prevent the authors from adding media to the server and using up all the storage. Initially I tried function removemediabuttons() { if($user->wp_user_level >= 1) { remove_action( ‘media_buttons’, ‘media_buttons’ ); global $menu; unset($menu[10]); } } add_action(‘admin_head’,’removemediabuttons’); This does remove the Add […]

How to 301 private posts rather than 404?

How do I 301 redirect private pages, rather than 404 them? If a post is private, WordPress filters it out in the SQL query, so there are no $post variables to work with. I’d like for this code to work, but doesn’t: add_action(‘wp’,’redirect_stuffs’, 0); function redirect_stuffs(){ global $post; if ( $post->post_status == “private” && !is_admin() […]

The 'user_has_cap' hook seems to take two page loads to trigger

This question relates to another question I asked recently (, the answer to which got me most of the way there to what I was trying to do. However, rather than keep updating that question I thought it better to post a new one as I really consider it more of a new issue now. […]

Allow roles below admin to add subscribers only

I want to give a group of user types (Editor + a custom role) the add_users /create_users capability. The only catch is that I wanted to limit that capability to adding ‘subscriber’ type users only, and nothing above that. Is there a way to do this?

Confusion with adding meta capabilities to a role after registering a Custom Post Type with corresponding 'capability_type' parameter

I got quite confused with Custom Post Type (CPT) ‘capability_type’ parameter and adding generated capabilities to a role. So I’ve got a CPT called ‘external_role’ registered as following: add_action(‘init’, ‘external_roles_post_type_init’); function external_roles_post_type_init() { $labels = array( ‘name’ => _x(‘External Roles’, ‘post type general name’), ‘singular_name’ => _x(‘external role’, ‘post type singular name’), ‘add_new’ => _x(‘Add […]

add_role() run only once?

I was surprised to discover that add_role() modifies the database and fails if the role already exists. There are two implications here, one first more serious than the other: 1) if you’re in development and update your add_role code, you must first remove_role() 2) once you have it right, you should never have to run […]