Articles of capabilities

Prevent Editors from Editing/Deleting Admin Accounts

I need editors to be able to add/edit/delete other users. Giving them those capabilities is easy with code similar to this: $editor = get_role(‘editor’); $editor->add_cap(‘edit_users’); The problem is that when they have the privileges they need to add/edit/delete other users, they can also do all of those things to admin users and/or promote themselves to […]

Custom Post Types – Capability Type

I’ve been developing a custom post type plugin for my own purposes and I want to understand capabilities in regards to custom post types a little better before I move forward. Unfortunately the WordPress Codex doesn’t really clear it up for me. I just don’t understand what capabilities are actually doing in regards to custom […]

add_cap only adding the first two in array

After numerous days of trying to track down a problem in code, it turns out that the add_cap is only taking the first two in an array. The first one (editor) will only add delete_others_pages and delete_others_posts to the database. If I use the second method of repeating add_cap then I can get all of […]

Odd behaviour with submenu link creation

I’m trying to develop a plugin that needs to add two pages to the dashboard side-bar menu. One of these being a main category. Everything is fine, except for the second submenu item for the settings page. After perusing just about as much of the codex and searching the web for similar issues I’ve come […]

How to safely allow user upload on CPTs?

I have a form with a WP Media to allow user uploads for a custom post type on the front end. Every time I try to upload as a user I can the message You don’t have permission to attach files to this post. Investigating it further, I get denied action in the file ajax-actions.php […]

Does the “promote_users” capability allow someone to create a new admin account?

I’ve created a “Second Administrator” role to avoid the worst case scenario happening on my WordPress site when I have casual web development contractors. However if I give them the ‘promote_users’ capability, can they promote a random user to an Admin and then circumvent the limitations in place?

Using author_can() on custom post types in WordPress

I’m trying to conditionally display some content in a theme using custom roles and capabilities. First, I define a custom role: add_role(‘free_vendor’, ‘Free Vendor Listing’, array(‘read’, ‘edit_posts’, ‘delete_posts’, ‘display_map’)); This is run directly from functions.php (do I need to add it to an action somewhere?) Then I use the display_map capability I defined to conditionally […]

Filter list of rules based on a capability

I’m trying to get a list of roles and filter them by a specific capability (custom). I’ve ran across this post, but I’d like to filter the roles by whether they’re capable to, say, edit_post. -Zack

Show Welcome Panel on Dashboard for every user

I have customised the welcome panel on the dashboard for users with information in. I then hid the “Dismiss” button and added CSS to make the welcome panel always visible. Using the ‘welcome_panel’ hook. This works fine for Admins but the Welcome Panel is not displayed for other users such as editors and authors. Its […]

How to set individual capabilities on a taxonomy? Or how to re-register an existing taxonomy?

The default taxonomy, category. By default, only those with the edit_posts capability can assign categories during post creation/editing. I have a role with very limited capabilities. I want to let users in this role be able to assign categories during custom-post-type creation/editing, but I cannot give them the edit_posts capability and they should not be […]