WordPress 中文文档

Roles and Capabilities

出自WordPress Chinese 中文文档

跳转到: 导航, 搜索

The WordPress Roles feature is designed to give the blog owner the ability to control and assign what users can and cannot do in the blog. A blog owner must manage and allow access to such functions as writing and editing Posts, creating Pages, defining Links, creating Categories, moderating Comments, managing Plugins, managing Themes, and managing other users. The tool that gives the blog owner that control is the ability to assign a Role to a user.

目录

WordPress Version 2.0

WordPress Version 2.0 introduces the concept of Roles. The WordPress distribution comes delivered 'standard' with five pre-defined Roles: Administrator, Editor, Author, Contributor, and Subscriber. Each Role is allowed to perform a set of tasks called Capabilities. There are thirty Capabilities including publish_posts, moderate_comments, and edit_users. The Capabilities are pre-assigned to each Role.

The Administrator Role is allowed to perform all possible Capabilities. Each of the other Roles has a decreasing number of allowed Capabilities. For instance, the Subscriber Role is allowed just the read and level_0. One particular Role should not be considered to be 'senior to' another Role. Rather, consider that Roles define the user's responsibilities within the blog.

Plugin developers will likely revise the 'standard' Roles and Capabilities because WordPress Developers left open the future possibility of assigning a user to one or more Roles, or assigning Capabilities directly to a User. Since Plugins might change Roles and Capabilities, just the 'standard' Roles and Capabilities are addressed in this article.

Super Powers for Blog Owner

The person with the most important Role is that of blog owner. Typically, the blog owner is the person responsibile for maintaining and backing up the WordPress MySQL database as well as managing the WordPress repository of files (programs, scripts, plugins, themes, images, uploads). Ultimately, the smooth operation of a blog depends on the blog owner fulfilling this 'ultimate role'. Note: The blog owner, in many cases, also acts the Role of Administrator but may choose to assign other users the Administrator Role.

Summary of Roles

  • Administrator - Somebody who has access to all the administration features
  • Editor - Somebody who can publish posts, manage posts as well as manage other people's posts, etc.
  • Author - Somebody who can publish and manage their own posts
  • Contributor - Somebody who can write and manage their posts but not publish posts
  • Subscriber - Somebody who can read comments/comment/receive news letters, etc.

Roles

The identity a particular user assumes in a blog is called their Role. A Role essentially describes the set of tasks, called Capabilities, a person is allowed to perform. For instance, the role of Administrator encompasses every possible task that can be performed within a WordPress blog. On the other hand, the Author role allows the execution of just a small subset of tasks.

WordPress 2.0 simplifies the User Level approach of WordPress 1.5 by rolling up adjacent levels with similar permissions into logical, named roles. For example, Level 0 is now assigned to the Subscriber role, while Levels 5-7 together make up the Editor role.

The following sections list the Roles and their Capabilities:

Administrator

Editor

Author

Contributor

Subscriber

Capability vs. Role Table

Capabilityadmineditorauthorcontributorsubscriber
switch_themes
edit_themes
activate_plugins
edit_plugins
edit_users
edit_files
manage_options
import
unfiltered_upload
edit_dashboard
update_plugins
delete_plugins
moderate_comments
manage_categories
manage_links
unfiltered_html
edit_published_posts
edit_others_posts
edit_pages
delete_users
create_users
edit_others_pages
edit_published_pages
publish_pages
delete_pages
delete_others_pages
delete_published_pages
delete_others_posts
delete_private_posts
edit_private_posts
read_private_posts
delete_private_pages
edit_private_pages
read_private_pages
upload_files
publish_posts
delete_published_posts
edit_posts
delete_posts
read
nbsp;
level_10
level_9
level_8
level_7
level_6
level_5
level_4
level_3
level_2
level_1
level_0

Capabilities

switch_themes

Allows access to Administration Panel options:

  • Design
  • Design Themes
  • Design Widgets

edit_themes

Allows access to Administration Panel options:

  • Design Theme Editor
  • Design Current Theme Options

activate_plugins

Allows access to Administration Panel options:

edit_plugins

Allows access to Administration Panel options:

edit_users

Allows access to Administration Panel options:

edit_files

No longer used.

manage_options

Allows access to Administration Panel options:

  • Options General
  • Options Writing
  • Options Reading
  • Options Discussion
  • Options Permalinks
  • Options Miscellaneous

moderate_comments

Allows access to Administration Panel options:

  • Question: This is blank. I guess the User can accept and deny (= delete) a comment in moderation. Can he also delete other comments? Tordans 17:56, 8 Apr 2006 (GMT)

manage_categories

Allows access to Administration Panel options:

  • Manage Categories

manage_links

Allows access to Administration Panel options:

  • Links
  • Links Manage Links
  • Links Add Link
  • Links Link Categories
  • Links Import Links

upload_files

Allows access to Administration Panel options:

  • Upload

import

Allows access to Administration Panel options:

  • Import

unfiltered_html

Allows user to post HTML markup or even Javascript code in pages, posts, and comments.

Note: Enabling this option for untrusted users may result in their posting malicious code to your blog.

edit_posts

Allows access to Administration Panel options:

  • Write
  • Write Write Post
  • Manage
  • Manage Posts
  • Manage Comments -- The show post, edit post, edit comment, and delete comment links are enabled only on own posts, since edit-comment.php looks for current_user_can('edit_post', $comment-comment_post_ID)'
  • Manage Awaiting Moderation -- I think contributor can only see the menuitem since the capability moderate_comments is needed to view the comment list (see moderate.php). So you cannot even see your own posts comments in the moderation list?!

edit_others_posts

  • Manage Comments -- Lets user delete and edit every comment (see edit_posts above)
  • user can edit other users' posts through function get_others_drafts()
  • user can see other users' images in inline-uploading [no? see inline-uploading.php]

edit_published_posts

User can edit his published posts. This capability is off by default. The core checks the capability edit_posts, but on demand this check is changed to edit_published_posts.br / If you don't want a user to be able edit his published posts, remove this capability. (see also this comment on the Role Manager Plugin Homepage).

publish_posts

User can

  • see and choose the radiobox publish when writing a post
  • see and use the publish button below their post (otherwise they can only save drafts)
  • can use xmlrpc to publish (otherwise they get a Sorry, you can not post on this weblog or category.)

edit_pages

Allows access to Administration Panel options:

  • Write Write Page -- gives acces to page-new.php
  • Manage Pages -- all users can view /wp-admin/edit-pages.php but only those here do see the link 'edit' and 'delete' in the table list.

As far as I see all editors can edit each others' pages. [[[User:Scoop0901|Dave J. (Scoop0901)]] 16:38, 30 Jan 2007 (UTC) fixed typo]

read

Allows access to Administration Panel options:

  • Dashboard
  • Your Profile

Used nowhere in the core code except the menu.php

edit_others_pages

Since 2.1

edit_published_pages

Since 2.1

edit_published_pages

Since 2.1

delete_pages

Since 2.1

delete_others_pages

Since 2.1

delete_published_pages

Since 2.1

delete_posts

Since 2.1

delete_others_posts

Since 2.1

delete_published_posts

Since 2.1

delete_private_posts

Since 2.1

edit_private_posts

Since 2.1

read_private_posts

Since 2.1

delete_private_pages

Since 2.1

edit_private_pages

Since 2.1

read_private_pages

Since 2.1

delete_users

Since 2.1

create_users

Since 2.1

unfiltered_upload

Since 2.3

edit_dashboard

Since 2.5

update_plugins

Since 2.6

delete_plugins

Since 2.6

level_10

Allows access to Administration Panel options:

  • Maintained for backward compatibility for Plugins

level_9

Allows access to Administration Panel options:

  • Maintained for backward compatibility for Plugins

level_8

Allows access to Administration Panel options:

  • Maintained for backward compatibility for Plugins

level_7

Allows access to Administration Panel options:

  • Maintained for backward compatibility for Plugins

level_6

Allows access to Administration Panel options:

  • Maintained for backward compatibility for Plugins

level_5

Allows access to Administration Panel options:

  • Maintained for backward compatibility for Plugins

level_4

Allows access to Administration Panel options:

  • Maintained for backward compatibility for Plugins

level_3

Allows access to Administration Panel options:

  • Maintained for backward compatibility for Plugins

level_2

Allows access to Administration Panel options:

  • Maintained for backward compatibility for Plugins

level_1

Allows access to Administration Panel options:

  • Maintained for backward compatibility for Plugins

level_0

Allows access to Administration Panel options:

  • Maintained for backward compatibility for Plugins

User Level to Role Conversion

Role to User Level Conversion

Subscriber Role

User Level 0

Contributor Role

User Level 1

Author Role

User Levels 2, 3, and 4

Editor Role

User Levels 5, 6, and 7

Administrator Role

User Level 8, 9, and 10

Resources

div id=Copyedit This article is marked as in need of editing. You can help Codex by editing it. /div

取自"http://codex.wordpress.org.cn/Roles_and_Capabilities"
wordpress