WordPress.org

Make WordPress Core

Opened 6 years ago

Closed 4 years ago

#8663 closed enhancement (worksforme)

Allow customizing capabilities prefix through wp-config.php

Reported by: hudatoriq Owned by: hudatoriq
Milestone: Priority: normal
Severity: normal Version:
Component: Role/Capability Keywords: has-patch needs-review early
Focuses: Cc:

Description

It's better if we are able to customize the user capabilities prefix. There are some advantages:

  1. Security improvement.
  2. Allow users to customize their multiple WP installations and share single user table & capabilities information without hacking the core script.

Right now the user capabilities prefix is always the same as the $table_prefix.

For user table sharing, some people have been practicing it. See this forum thread. We share a database, set different $table_prefix for each installation, define the CUSTOM_USER_TABLE and CUSTOM_USER_META_TABLE into the same value. The only problem is, we can't share the same user capabilities list since we can't set the prefix to other value than $wp_prefix. This could be improved if we add conditional statement to see whether the capabilities prefix is already defined in somewhere else (e.g. wp-config.php).

Attachments (2)

custom_capabilities_prefix.diff (585 bytes) - added by hudatoriq 6 years ago.
Adding a check whether a CUSTOM_CAPABILITIES_PREFIX is already defined
8663.diff (4.7 KB) - added by Denis-de-Bernardy 5 years ago.

Download all attachments as: .zip

Change History (15)

hudatoriq6 years ago

Adding a check whether a CUSTOM_CAPABILITIES_PREFIX is already defined

comment:1 hudatoriq6 years ago

  • Keywords has-patch added; custom user capabilities prefix removed

comment:2 thee176 years ago

I would really like to see this, I tested it and works great.

comment:3 Denis-de-Bernardy5 years ago

  • Keywords tested added

comment:4 ryan5 years ago

  • Component changed from General to Role/Capability

comment:5 Denis-de-Bernardy5 years ago

  • Keywords commit added

comment:6 westi5 years ago

  • Keywords needs-docs added; tested commit removed
  • Milestone changed from 2.8 to 2.9
  • Priority changed from high to normal

Moving to 2.9 for now as we are feature freeze and I don't want to change this now.

We need some more documentation of this and it would be good to review all the uses of $wp_db->prefix . capabilities as the one you have modified is not the only one.

comment:7 Denis-de-Bernardy5 years ago

  • Keywords needs-review early added; needs-docs removed

improved patch attached

Denis-de-Bernardy5 years ago

comment:8 aaroncampbell5 years ago

  • Cc aaroncampbell added

comment:10 ryan5 years ago

  • Milestone changed from 2.9 to Future Release

comment:11 voyagerfan57614 years ago

  • Cc WordPress@… added

comment:12 scribu4 years ago

You can set the $wp_user_roles global in wp-config.php, which will be used on all sites in the network. See WP_Roles::_init().

comment:13 scribu4 years ago

  • Milestone Future Release deleted
  • Resolution set to worksforme
  • Status changed from new to closed

Having done that, plugins can still manipulate capabilites, but they won't be stored in the database, so you can pretty much do whatever you want.

So, being able to customize the cap prefix is unnecessary.

Note: See TracTickets for help on using tickets.