At first glance, the WordPress roles and capabilities system is simple.
Users have roles, roles have capabilities, and plugins can make simple changes to them.
Not quite: You’ve been doing it the hard way.
A deeper look inside the API reveals a surprising amount of flexibility, including the single most powerful (and dangerous) filter in WordPress.
In this talk, you’ll learn how capabilities are “mapped” to other capabilities, and what the difference between primitive and meta capabilities means for your plugins and custom post types.
We’ll explore the true hidden powers of the API, like using capability mapping to selectively grant and revoke privileges on the fly, making complex user management more maintainable.
Andrew Nacin is a lead developer of WordPress, squashing bugs, wrangling contributions, and spearheading new development.
He has strong feelings about the core philosophies of WordPress, among them “decisions, not options” — software should be opinionated in lieu of burdening the user with too many options.
He works for WordPress founder Matt Mullenweg at Audrey Capital, where he is primarily tasked with working on WordPress core and keeping the lights on at WordPress.org.
He resides in downtown Washington, D.C., with his wife.
You can follow him on Twitter at @nacin.