Make WordPress Core

Opened 7 weeks ago

Last modified 7 weeks ago

#43210 new enhancement

Introduce singular capabilities for managing individual options

Reported by: flixos90 Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version:
Component: Role/Capability Keywords: 2nd-opinion granular-capabilities has-patch
Focuses: rest-api Cc:


We've always had manage_options, but it's currently impossible whether a user can manage a specific option. As part of related tickets dealing with more granular capabilities (see https://core.trac.wordpress.org/query?status=accepted&status=assigned&status=new&status=reopened&status=reviewing&keywords=~granular-capabilities&col=id&col=summary&col=status&col=owner&col=type&col=priority&col=milestone&col=component&order=priority), I suggest adding a meta capability manage_option.

It should accept (or basically require) the option name as argument. By default it should fallback to the regular manage_options, but an auth_callback could be passed to register_setting() to tweak the permissions there (such an auth_callback is already known from register_meta()).

This would also be useful for the REST API so that it can use the more granular permissions.

Attachments (1)

43210.diff (3.1 KB) - added by flixos90 7 weeks ago.

Download all attachments as: .zip

Change History (3)

7 weeks ago

#1 @flixos90
7 weeks ago

  • Keywords has-patch added; needs-patch removed

43210.diff provides an example implementation for the suggested approach.

#2 @flixos90
7 weeks ago

Somewhat related: #38734 could also make use of that for determining whether to display the individual fields and update their options.

Note: See TracTickets for help on using tickets.