WordPress 1.6 introduced role-based user management. wp_roles global variable stores the different roles WordPress user can have. It is an instance of class WP_Roles defined in [wordpress root folder]/wp-includes/capabilities.php and is set in [wordpress root folder]/wp-settings.php.

Ryan Boren has a detailed post regarding this. WP_Roles provides following methods:

  • WP_Roles(): the constructor
  • add_role($role, $display_name, $capabilities=''): adds specified role
  • remove_role($role): removes specified role
  • add_cap($role, $cap, $grant = true): adds specified capability to the specified role
  • remove_cap($role, $cap): removes specified capability from the specified role
  • get_role($role): returns specified role
  • get_names(): returns list of names of all the roles
  • is_role($role): queries if the specified role exists or not

Plugin authors can work with following wrapper functions that operate on the global variable for roles and capabilities management:

  • get_role($role)
  • add_role($role, $display_name, $capabilities='')
  • remove_role($role)

$role can be any of the capabilities provided by default (check here), e.g., it can be ‘administrator’, ‘contributor’, …

To manage capabilities of a role, following methods of class WP_Role can be used after acquiring a role by using get_role($role):

  • WP_Role($role, $capabilities)
  • add_cap($cap, $grant = true): adds capabilities
  • remove_cap($cap, $grant = true): removes capabilities
  • has_cap($cap): queries for a specific capability

WP_User can be use to manage a specific user’s roles and capabilities. $current_user_can($capability) can be used to query the current user’s capabilities.

Back to full list of global variables.

Technorati tags: , , ,

2 Responses to “wp_roles”

  1. Abhijit Nadgouda @ iface » Blog Archive » allowedtags Says:

    […] Optionally, unfiltered_html capability can be added to disable the default filtering of HTML elements specified in [wordpress root folder]/wp-includes/kses.php. Plugins can be written to add custom functions for the filter init to allow your set of HTML elements. unfiltered_html setting should be carefully enabled as it can allow posting of malicious code. […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: