user_has_cap
云策文档标注
概述
user_has_cap 是 WordPress 中的一个过滤器,用于动态修改用户的权限能力。它允许开发者在运行时调整用户是否拥有特定能力,常用于扩展或限制用户权限。
关键要点
- user_has_cap 是一个过滤器,参数包括 $allcaps(用户当前能力数组)、$caps(请求的能力数组)、$args(附加参数数组)和 $user(用户对象)。
- 从 WordPress 3.7.0 开始,添加了 $user 参数;2.0.0 版本引入此过滤器。
- 使用 WP_User::has_cap() 时,传递数值参数已被弃用,建议改用角色和能力系统。
- 此过滤器常用于自定义权限逻辑,例如允许作者编辑其他用户的文章。
代码示例
/**
* author_cap_filter()
*
* Filter on the current_user_can() function.
* This function is used to explicitly allow authors to edit contributors and other
* authors posts if they are published or pending.
*
* @param array $allcaps All the capabilities of the user
* @param array $cap [0] Required capability
* @param array $args [0] Requested capability
* [1] User ID
* [2] Associated object ID
*/
function author_cap_filter( $allcaps, $cap, $args ) {
// Bail out if we're not asking about a post:
if ( 'edit_post' != $args[0] )
return $allcaps;
// Bail out for users who can already edit others posts:
if ( $allcaps['edit_others_posts'] )
return $allcaps;
// Bail out for users who can't publish posts:
if ( !isset( $allcaps['publish_posts'] ) or !$allcaps['publish_posts'] )
return $allcaps;
// Load the post data:
$post = get_post( $args[2] );
// Bail out if the user is the post author:
if ( $args[1] == $post->post_author )
return $allcaps;
// Bail out if the post isn't pending or published:
if ( ( 'pending' != $post->post_status ) and ( 'publish' != $post->post_status ) )
return $allcaps;
// Load the author data:
$author = new WP_User( $post->post_author );
// Bail out if post author can edit others posts:
if ( $author->has_cap( 'edit_others_posts' ) )
return $allcaps;
$allcaps[$cap[0]] = true;
return $allcaps;
}
add_filter( 'user_has_cap', 'author_cap_filter', 10, 3 );注意事项
避免在 WP_User::has_cap() 中传递数值参数,因为这已被弃用,可能导致调试警告。建议使用角色和能力系统来管理权限。
原文内容
Dynamically filter a user’s capabilities.
Parameters
$allcapsbool[]-
Array of key/value pairs where keys represent a capability name and boolean values represent whether the user has that capability.
$capsstring[]-
Required primitive capabilities for the requested capability.
$argsarray-
Arguments that accompany the requested capability check.
0stringRequested capability.1intConcerned user ID....$2mixedOptional second and further parameters, typically object ID.
$userWP_User-
The user object.
Source
$capabilities = apply_filters( 'user_has_cap', $this->allcaps, $caps, $args, $this );
Skip to note 2 content
Mayeenul Islam
/** * author_cap_filter() * * Filter on the current_user_can() function. * This function is used to explicitly allow authors to edit contributors and other * authors posts if they are published or pending. * * @param array $allcaps All the capabilities of the user * @param array $cap [0] Required capability * @param array $args [0] Requested capability * [1] User ID * [2] Associated object ID */ function author_cap_filter( $allcaps, $cap, $args ) { // Bail out if we're not asking about a post: if ( 'edit_post' != $args[0] ) return $allcaps; // Bail out for users who can already edit others posts: if ( $allcaps['edit_others_posts'] ) return $allcaps; // Bail out for users who can't publish posts: if ( !isset( $allcaps['publish_posts'] ) or !$allcaps['publish_posts'] ) return $allcaps; // Load the post data: $post = get_post( $args[2] ); // Bail out if the user is the post author: if ( $args[1] == $post->post_author ) return $allcaps; // Bail out if the post isn't pending or published: if ( ( 'pending' != $post->post_status ) and ( 'publish' != $post->post_status ) ) return $allcaps; // Load the author data: $author = new WP_User( $post->post_author ); // Bail out if post author can edit others posts: if ( $author->has_cap( 'edit_others_posts' ) ) return $allcaps; $allcaps[$cap[0]] = true; return $allcaps; } add_filter( 'user_has_cap', 'author_cap_filter', 10, 3 );