Wordpressframework~10 mins

User roles and permissions in Wordpress - Step-by-Step Execution

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Perf

Concept Flow - User roles and permissions

Define Roles

↓

Assign Capabilities

↓

Create Users

↓

Assign Roles to Users

↓

User Logs In

↓

Check User Role & Permissions

↓

Allow or Deny Actions

This flow shows how WordPress defines roles, assigns capabilities, creates users, and checks permissions when users perform actions.

Execution Sample

Wordpress

<?php
// Add a custom role
add_role('custom_editor', 'Custom Editor', ['edit_posts' => true, 'delete_posts' => false]);

// Assign role to user
$user = new WP_User($user_id);
$user->set_role('custom_editor');

// Check capability
if(current_user_can('edit_posts')) {
  // Allow editing
}

This code adds a custom role, assigns it to a user, and checks if the user can edit posts.

Execution Table

Step	Action	Role/Capability State	User Role	Permission Check	Result
1	Define 'custom_editor' role with 'edit_posts' capability	Roles: custom_editor(edit_posts: true, delete_posts: false)	None	N/A	Role created
2	Create user object for user_id	Roles unchanged	None	N/A	User object ready
3	Assign 'custom_editor' role to user	Roles unchanged	custom_editor	N/A	User role set
4	User tries to edit post	Roles unchanged	custom_editor	Check 'edit_posts'	Allowed (true)
5	User tries to delete post	Roles unchanged	custom_editor	Check 'delete_posts'	Denied (false)
6	User tries to publish post (not assigned)	Roles unchanged	custom_editor	Check 'publish_posts'	Denied (false)

💡 Permissions checked for user actions; allowed or denied based on role capabilities.

Variable Tracker

Variable	Start	After Step 1	After Step 3	After Step 4	After Step 5	Final
Roles	None	{custom_editor: {edit_posts: true, delete_posts: false}}	{custom_editor: {edit_posts: true, delete_posts: false}}	{custom_editor: {edit_posts: true, delete_posts: false}}	{custom_editor: {edit_posts: true, delete_posts: false}}	{custom_editor: {edit_posts: true, delete_posts: false}}
User Role	None	None	custom_editor	custom_editor	custom_editor	custom_editor
Permission Check	N/A	N/A	N/A	edit_posts: true	delete_posts: false	publish_posts: false

Key Moments - 3 Insights

Why can the user edit posts but not delete them?

What happens if a capability is not assigned to a role?

Does assigning a role to a user change the role's capabilities?

Visual Quiz - 3 Questions

Test your understanding

Look at the execution_table at step 4. What permission does the user have?

ACan edit posts

BCan delete posts

CCan publish posts

DNo permissions

Concept Snapshot

WordPress User Roles & Permissions:
- Roles group capabilities (actions users can do).
- Assign roles to users to grant permissions.
- Use add_role() to create roles with capabilities.
- Use current_user_can() to check permissions.
- Unassigned capabilities default to denied.

Full Transcript

In WordPress, user roles define what actions users can perform by grouping capabilities. First, roles are created with specific capabilities like editing or deleting posts. Then, users are assigned these roles. When a user tries to do something, WordPress checks if their role has the needed capability. If yes, the action is allowed; if not, it is denied. This system helps control access easily by managing roles instead of individual permissions for each user.