edit_posts — Contributors, Authors, Editors have this. edit_published_posts — Is the post published? — Authors, Editors have this. edit_private_posts — Is the post private? — Editors have this. @nacin
edit_posts — Contributors, Authors, Editors have this. edit_published_posts — Is the post published? — Authors, Editors have this. edit_private_posts — Is the post private? — Editors have this. edit_others_posts — Are you not the post author? — Editors have this. @nacin
Meta caps are singular, and roles should never be assigned them. — edit_post, delete_post, read_post —delete_user, edit_user Primitive caps are plural, and roles have these. — edit_posts, edit_published_posts —delete_users, edit_users @nacin
If you do: current_user_can( 'edit_post', $post_id ) meta capability ^ context ^ map_meta_cap() translates this to, e.g.: array( 'edit_posts' ) If the post is published and not by you: array( 'edit_published_posts', 'edit_others_posts' ) @nacin
(That is built into core, by the way...) // deny edit_themes, edit_plugins define( 'DISALLOW_FILE_EDIT', true ); // deny all file changes define( 'DISALLOW_FILE_MODS', true );
// mapping for current_user_can( 'edit_post', $post_id ) case 'edit_post' : if ( $user_id == $post_author->ID ) { // Are we the author? if ( 'publish' == $post->post_status ) $caps[] = $post_type->cap->edit_published_posts; else $caps[] = $post_type->cap->edit_posts; } else { // The user is trying to edit someone else's post. $caps[] = $post_type->cap->edit_others_posts; // If the post is published, extra caps are required. if ( 'publish' == $post->post_status ) $caps[] = $post_type->cap->edit_published_posts; elseif ( 'private' == $post->post_status ) $caps[] = $post_type->cap->edit_private_posts; } . . . return apply_filters( 'map_meta_cap', $caps, ... );
Where you are leveraging the same *_posts capabilities: register_post_type( 'book', array( . . . 'capability_type' => 'post', // Implied for 'post' and 'page' : 'map_meta_cap' => true, . . . );
Review user_has_cap filter Explicitly granting or denying users a capability. map_meta_cap filter Translating a capability into the capabilities required, depending on the context. @nacin
And finally: register_post_type( ) You can customize mapping and capabilities when registering a post type. map_meta_cap( ) Read it. It's worth it. get_post_type_capabilities( ) Read the documentation in wp-includes/post.php. @nacin