Bug in WordPress custom role creation

Published 14 May 2013 in Development, PHP & MySQL, Plugins, WordPress by ZigPress

After some slightly off-topic posts, we’re back to the ins and outs of developing with WordPress.

I needed some custom roles, each with a number of custom capabilities, for a plugin I’m creating for a client. Exactly what the plugin does is covered by a non-disclosure agreement, but I can still talk in general terms and hopefully help someone out there who’s finding that custom roles don’t always seem to work.

Within my plugin’s activation hook I had created a custom role like this, according to the information in the WordPress Codex:

[code]$role = add_role(‘role_slug’, ‘Role Name’, array(
‘capability1’,
‘capability2’,
‘capability3’,
));[/code]

Then, elsewhere in the plugin, I needed to know if a user had a certain capability, so I tested it like this:

[code]if (current_user_can(‘capability1’)) {
# do something
}[/code]

However, this wasn’t working. When a user with the custom role was logged in, the code within the ‘IF’ block was not executing.

I did some digging, and found a WordPress bug: the capabilities in the user object were structured differently for users with this custom role, than for the normal built-in roles (editor, author, etc).

Also, when I used the add_cap function to add custom capabilities to built-in roles, it worked fine.

This led me to deduce that using the add_cap function to add the capabilities to the custom role object, instead of defining them within the add_role function, should mean that the capabilities get added to the role correctly. I tested it and it worked.

So, here’s my solution for creating a custom role with specific capabilities. Simply create the role first, without any capabilities, then add the capabilities to it afterwards, rather than doing the whole thing in one function call:

[code]$role = add_role(‘role_slug’, ‘Role Name’);
$role->add_cap(‘capability1’);
$role->add_cap(‘capability2’);
$role->add_cap(‘capability3’);[/code]

Once I changed all my roles so that they were created this way, all my current_user_can tests started working properly. And for info, my project is using WordPress 3.5.1.

Hope this helps someone :-)

8 Comments

  1. On 02 Jun 2013 at 05:13, best eye cream said:

    You always have a new and unique post regarding WordPress. It is always helpful.

  2. On 09 Jun 2013 at 12:37, best eye cream said:

    Glad to see a new post regarding WordPress. Always informational and helpful.

  3. On 17 Jun 2013 at 14:10, Nathan Brook said:

    I can still use user levels there because we don’t have a good way of getting the same list via capabilties.

  4. On 13 Jul 2013 at 05:01, mike said:

    Always glad to see Great WP info sites

  5. On 17 Jul 2013 at 10:20, Advance Cleaning said:

    Wow! these are wonderful tips. Thanks for sharing them with us.

  6. On 21 Jul 2013 at 21:21, best eye cream said:

    You are a WordPress genius. And you are so kind for sharing what you learn and discover.

  7. On 13 Aug 2013 at 08:01, Shruti said:

    Love Role Scoper and all of the options that it has. I have run into a bit of an issue with it though. I have created custom Tags for my Blog, but when I try to add these Tags to a post it won’t let me. If I go in and deactivate Role Scoper I can add the Tags fine, but if I try to re-activate Role Scoper and then update the Tags they are all removed.

    Thanks for the help.

  8. On 20 Aug 2013 at 10:55, Martina McKeough said:

    Thanks for the tip. Think I need to bookmark it.