Part 3: Advanced Stuff

Roles and Capabilities

Nzymes is the first version of Enzymes to support many roles and capabilities to make it work only for those users with the right access.

Capabilities are added to WordPress on plugin activation and removed on deactivation. By default, the admin is granted all capabilities.

´User´ in a role name implies the capability to create transclusion (static) custom fields.
´Coder´ in a role name implies the capability to create execution (dynamic) custom fields.
´Trusted´ in a role name implies the capability to share custom fields with other users.

Capabilities are checked each time an enzyme is interpreted, while they are never checked when an injection or a custom field are added to a post. Thus, users can create all injections and custom fields they want but Nzymes will never interpret them if their creators do not have the capabilities to use/create/share them. For example, a user with only the User role can create a custom field with PHP code and inject it into her post, but she won’t ever see its result, because it will always be ignored.

Notice that roles are made available but not enforced by Nzymes. Roles are provided for documenting how capabilities shape access. By limiting enforcement to capabilities, admins can freely create custom roles.

Roles

  • User
    • Full name: ´nzymes.User´
    • Capabilities:
      • ´nzymes.inject´
      • ´nzymes.use_own_attributes´
      • ´nzymes.use_own_custom_fields´
      • ´nzymes.create_static_custom_fields´
  • PrivilegedUser
    • Full name: ´nzymes.PrivilegedUser´
    • All User’s capabilities plus:
      • ´nzymes.use_others_custom_fields´
  • TrustedUser
    • Full name: ´nzymes.TrustedUser´
    • All PrivilegedUser capabilities plus:
      • ´nzymes.share_static_custom_fields´
  • Coder
    • Full name: ´nzymes.Coder´
    • All TrustedUser capabilities plus:
      • ´nzymes.create_dynamic_custom_fields´
  • TrustedCoder
    • Full name: ´nzymes.TrustedCoder´
    • All Coder capabilities plus:
      • ´nzymes.share_dynamic_custom_fields´

Capabilities

  • inject
    • Full name: ´nzymes.inject´
    • It allows a user to inject enzymes into her posts.
  • use_own_attributes
    • Full name: ´nzymes.use_own_attributes´
    • It allows a user to make her enzymes with her own attributes.
  • use_others_attributes
    • Full name: ´nzymes.use_others_attributes´
    • It allows a user to make her enzymes with other users’ attributes.
    • For privacy reasons, only the admin has this capability, i.e. it’s not included into any role.
  • use_own_custom_fields
    • Full name: ´nzymes.use_own_custom_fields´
    • It allows a user to make her enzymes with her own custom fields.
  • use_others_custom_fields
    • Full name: ´nzymes.use_others_custom_fields´
    • It allows a user to make her enzymes with other users’ custom fields.
  • create_static_custom_fields
    • Full name: ´nzymes.create_static_custom_fields´
    • It allows a user to create enzymes from non-evaluated custom fields.
  • create_dynamic_custom_fields
    • Full name: ´nzymes.create_dynamic_custom_fields´
    • It allows a user to create enzymes from evaluated custom fields.
  • share_static_custom_fields
    • Full name: ´nzymes.share_static_custom_fields´
    • It allows a user to share her enzymes from non-evaluated custom fields.
  • share_dynamic_custom_fields
    • Full name: ´nzymes.share_dynamic_custom_fields´
    • It allows a user to share her enzymes from evaluated custom fields.

Nzymes | WordPress Plugin

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.