fine-grained capabilities for user related capabilities

admin管理员组

文章数量:1435859

When we want to adjust users capabilities, we can do so quite fine-grained. For example we can configure that a certain user can edit posts. But furthermore we can limit the capability of editing posts only to particular post types (eg cap: edit_posts, edit_pages, edit_[post_type]). And even from there on we can go deeper and do thinks like only edit private posts of post types (eg cap: edit_private_posts, edit_private_pages); just to make sure what I mean with "fine-grained".

But when it comes to user related capabilities I'm only aware of exactly 6 capabilities, namely:

• edit_users,
• delete_users,
• create_users,
• list_users,
• remove_users and
• promote_users.

So this is it? What about: edit_editor_users (which would mean: only edit users with user role "editor"). I can't believe that the user related capabilities are really that basic!

When I deliver a WP site to a customer I normally don't give them access to a user with user role administrator but more likely something like editor or custom user roles as well. But when I want to allow a user role to create users than users with that role can create users with each and every user role even administrators. Which would not be a good thing at all! So again. I need something like:

$role = get_role('editor');
$role -> add_cap('create_editor_users', true); // or in general:
$role -> add_cap('[edit|delete|create|list|remove|promote]_[user_role]_users', true);

Is there a non hacky way to achieve this? A Plugin would be also fine as well (by now I'm using "Members", which also only handles the 6 mentioned above).

本文标签： finegrained capabilities for user related capabilities