Opened 6 years ago
Last modified 5 years ago
#44468 new enhancement
Introduce infrastructure for testing primitive capabilities granted via `user_has_cap`
Reported by: | flixos90 | Owned by: | |
---|---|---|---|
Milestone: | Future Release | Priority: | normal |
Severity: | normal | Version: | |
Component: | Role/Capability | Keywords: | has-patch |
Focuses: | Cc: |
Description
There are three ways of granting capabilities to a user:
- Via the database, with capabilities being granted through a role. Those capabilities are referred to as "primitive capabilities".
- Via the
map_meta_cap
filter, with capabilities being resolved to one or more primitive capabilities. Those capabilities are referred to as "meta capabilities". - Via the
user_has_cap
filter, with capabilities being granted as if they were in the database too. This has existed for a very long time, but has not been used in core until recently.
So what is this about?
New capabilities introduced to core should not be added to the database. However, many of the new capabilities are not meta capabilities, and it would be wrong to use map_meta_cap
for them. Those capabilities should be dynamically granted, but essentially behave just like primitive capabilities.
There are numerous of those capabilities in core that historically use map_meta_cap()
(for example customize
, manage_privacy_options
, ...), and we probably cannot change that. But for the future, we should ensure we stick to this separation and only use map_meta_cap()
for actual meta capabilities, i.e. capabilities that receive additional arguments (like a post ID, a plugin slug, ...) and are then resolved.
Originally introduced as part of #41332 (but not being suitable for discussion in there), this ticket aims at providing a comprehensive testing infrastructure for those capabilities. While currently the only capability granted like that is install_languages
, this infrastructure will encourage granting dynamic primitive capabilities the proper way.
cc @johnbillion
44468.diff adds the infrastructure for testing the so-called "dynamic primitive capabilities":
_getSingleSiteDynamicPrimitiveCaps()
and_getMultiSiteDynamicPrimitiveCaps()
methods, just how it is for the other two types of capabilities.user_has_cap
.user_has_cap
and not through another means (like the database).