| 39 | | 2. Although, on the other side, the problem with referring to capabilities, is that, if tomorrow, there is a very relevant and "dangerous for any malicious attacker" capability released, who will remember to include this? ~~I have not gone deep in the code~~, but I wonder if there is a "pack" of capabilities by levels, somewhere in the code (for example, array of administrator default capabilities). In that case, just by doing an `array_intersect` between the Custom Role and the Admin Role and in case the result is not empty, then add this role to the list of hindered roles. **EDIT**: I've been doing a little research and appears that you can get an array of capabilities per role in `wp_roles()->roles`, as the value `capabilities` of the key administrator and consequently, you can get other roles and intersect with ease. |
| | 39 | 2. Although, on the other side, the problem with referring to capabilities, is that, if tomorrow, there is a very relevant and "dangerous for any malicious attacker" capability released, who will remember to include this? ~~I have not gone deep in the code~~, but I wonder if there is a "pack" of capabilities by levels, somewhere in the code (for example, array of administrator default capabilities). In that case, just by doing an `array_intersect` between the Custom Role and the Admin Role and in case the result is not empty, then add this role to the list of hindered roles. **EDIT**: I've been doing a little research and appears that you can get an array of capabilities per role in `wp_roles()->roles`, as the value `capabilities` of the key administrator and consequently, you can get other roles and intersect with ease. **EDIT 2:** I forgot that administrator capabilities include all caps, not only admin ones. So before this we should get which are the admin caps by making an `array_diff` between the two chosen ones (Author and Admin, or Editor and Admin). |