«
»

How to change WordPress User Role capabilities

User Roles

User Roles


Every WordPress blog owner knows that WordPress 2.8 and higher user standard roles are: Administrator, Editor, Author, Contributor, Subscriber.
What is the difference? What the “Author” can do but “Contributor” can not? Comprehensive information about it can be found here, at WordPress.org
But where all that data are stored? How to change the role if you really need it? Interested? Read this article and you will get some answers on that questions. Recently I met with the following problem at the multi-authored blog. User with role “Author” can upload images to the blog server, but can not use it in his/her posts. Any HTML tags are immediately hidden from post text after “Author” saves his draft or post. The same user with role “Editor” stores post with all HTML tags he includes in it with success. The problem is that WordPress automatically applies HTML filters to all author’s content if he has not “unfiltered_html” capability in his role. The “Author” role has not such capability in WordPress by default. So if you wish to give your authors the ability to include images or other media staff into their posts, you are in the right place.
First of all, user roles data are stored in the MySQL database table which is named ‘wp_options’ by default. You need to have one of MySQL client software (MyPHPAdmin, MySQLyog, etc.) to connect to your blog MySQL database and proceed with text of this post futher.
This SQL command help you find the record containing information about WordPress user roles:

SELECT * FROM wp_options WHERE option_name="wp_user_roles"

As the result we can see that user roles data is stored in the option_value field as the text string of the special format. To be exact, it is a format which can be used to read from and write to the PHP array.

a:5:{
s:13:"administrator";a:2:{s:4:"name";s:13:"Administrator";s:12:"capabilities";a:54:{s:13:"switch_themes";b:1;s:11:"edit_themes";b:1;s:16:"activate_plugins";b:1;s:12:"edit_plugins";b:1;s:10:"edit_users";b:1;s:10:"edit_files";b:1;s:14:"manage_options";b:1;s:17:"moderate_comments";b:1;s:17:"manage_categories";b:1;s:12:"manage_links";b:1;s:12:"upload_files";b:1;s:6:"import";b:1;s:15:"unfiltered_html";b:1;s:10:"edit_posts";b:1;s:17:"edit_others_posts";b:1;s:20:"edit_published_posts";b:1;s:13:"publish_posts";b:1;s:10:"edit_pages";b:1;s:4:"read";b:1;s:8:"level_10";b:1;s:7:"level_9";b:1;s:7:"level_8";b:1;s:7:"level_7";b:1;s:7:"level_6";b:1;s:7:"level_5";b:1;s:7:"level_4";b:1;s:7:"level_3";b:1;s:7:"level_2";b:1;s:7:"level_1";b:1;s:7:"level_0";b:1;s:17:"edit_others_pages";b:1;s:20:"edit_published_pages";b:1;s:13:"publish_pages";b:1;s:12:"delete_pages";b:1;s:19:"delete_others_pages";b:1;s:22:"delete_published_pages";b:1;s:12:"delete_posts";b:1;s:19:"delete_others_posts";b:1;s:22:"delete_published_posts";b:1;s:20:"delete_private_posts";b:1;s:18:"edit_private_posts";b:1;s:18:"read_private_posts";b:1;s:20:"delete_private_pages";b:1;s:18:"edit_private_pages";b:1;s:18:"read_private_pages";b:1;s:12:"delete_users";b:1;s:12:"create_users";b:1;s:17:"unfiltered_upload";b:1;s:14:"edit_dashboard";b:1;s:14:"update_plugins";b:1;s:14:"delete_plugins";b:1;s:15:"install_plugins";b:1;s:13:"update_themes";b:1;s:14:"install_themes";b:1;}}
s:6:"editor";a:2:{s:4:"name";s:6:"Editor";s:12:"capabilities";a:34:{s:17:"moderate_comments";b:1;s:17:"manage_categories";b:1;s:12:"manage_links";b:1;s:12:"upload_files";b:1;s:15:"unfiltered_html";b:1;s:10:"edit_posts";b:1;s:17:"edit_others_posts";b:1;s:20:"edit_published_posts";b:1;s:13:"publish_posts";b:1;s:10:"edit_pages";b:1;s:4:"read";b:1;s:7:"level_7";b:1;s:7:"level_6";b:1;s:7:"level_5";b:1;s:7:"level_4";b:1;s:7:"level_3";b:1;s:7:"level_2";b:1;s:7:"level_1";b:1;s:7:"level_0";b:1;s:17:"edit_others_pages";b:1;s:20:"edit_published_pages";b:1;s:13:"publish_pages";b:1;s:12:"delete_pages";b:1;s:19:"delete_others_pages";b:1;s:22:"delete_published_pages";b:1;s:12:"delete_posts";b:1;s:19:"delete_others_posts";b:1;s:22:"delete_published_posts";b:1;s:20:"delete_private_posts";b:1;s:18:"edit_private_posts";b:1;s:18:"read_private_posts";b:1;s:20:"delete_private_pages";b:1;s:18:"edit_private_pages";b:1;s:18:"read_private_pages";b:1;}}
s:6:"author";a:2:{s:4:"name";s:6:"Author";s:12:"capabilities";a:10:{s:12:"upload_files";b:1;s:10:"edit_posts";b:1;s:20:"edit_published_posts";b:1;s:13:"publish_posts";b:1;s:4:"read";b:1;s:7:"level_2";b:1;s:7:"level_1";b:1;s:7:"level_0";b:1;s:12:"delete_posts";b:1;s:22:"delete_published_posts";b:1;}}
s:11:"contributor";a:2:{s:4:"name";s:11:"Contributor";s:12:"capabilities";a:5:{s:10:"edit_posts";b:1;s:4:"read";b:1;s:7:"level_1";b:1;s:7:"level_0";b:1;s:12:"delete_posts";b:1;}}
s:10:"subscriber";a:2:{s:4:"name";s:10:"Subscriber";s:12:"capabilities";a:2:{s:4:"read";b:1;s:7:"level_0";b:1;}}}

Here we see that:

  • a:number:{ is the begin of array and “number” is the number of array elements. For example “a:5:{” at the begin of the string means that roles array consists of 5 element. Remember that WordPress has exaclty 5 roles.
  • s:number:"string"; – “s” is the type of string element, number is the quant of chars in the string. E.g. s:6:"author";
  • b:1; – means the Boolean element with value “1″ or “True”

    • That’s almost all. We can see that capabilities are stored inside roles in the “Name-Bolean value” format. Now we must to find the “unfiltered_html” capability in the “Editor” role, copy the whole sequence s:15:"unfiltered_html";b:1; from there and paste it into the “Author” role, just after s:12:"upload_files";b:1; capability. To finish the role change we have to increase to 1 the quant of elements in the “Author” role array. By default the “Author” role has 10 capabilities or in this special format a:10:{s:12:"upload_files". To finish the role update we need to chage 10 to 11, and finally have this a:11:{s:12:"upload_files" inside the “Author” role.
    What is left? Just update MySQL table wp_options to store your changes. Use this SQL command for that:

     UPDATE `wp_options` 
SET option_value='changed value here' WHERE option_id=NN;

    Do not forget to replace ‘changed value here’ with modified user roles data from the previous query and ‘NN’ on the wp_user_roles record Id from the same query.
    Warning! Make a backup of wp_options table first. Just after making the fresh backup proceed with any update SQL command.

    Congratulations, we changed WordPress user role without change the line of PHP code.

    I have got the information about WordPress user roles storage mechanism from this file wp-admin\includes\schema.php

    If you wish to change user role capabilities for the WordPress MU blog please read “How to change WordPress MU user role capabilities” post.

    Tags: Security, WordPress

    This entry was posted on Sunday, November 22nd, 2009 at 07:31 and is filed under Security, WordPress. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

  • Jason
    HI,
    I tried this to add ability to edit pages for 'authors', but it did not have any effect. I tired about 10 times, read the post again and again, but was unsuccessful. It seems there is some other spot where the roles are controlled in addition to this. Thoughts? Thanks!
  • shinephp
    Hi Jason,
    What version of WordPress do you use? Is it WordPress MU?
    Please show me the SQL query you use to update the user role options value. I will try to help you.
    I just tried to add 'edit_pages' capability to the author role. It works fine.
    You need to add
    s:10:"edit_pages";b:1;
    inside {} capabilities of author role and change the quant of this role capabilies from 10 to 11, that is you need to have
    a:11:{
    instead of
    a:10:{
    there.
    The full author role with edit_pages capability is
    s:6:"author";a:2:{s:4:"name";s:6:"Author";s:12:"capabilities";a:11:{s:12:"upload_files";b:1;s:10:"edit_posts";b:1;s:20:"edit_published_posts";b:1;
    s:13:"publish_posts";b:1;s:4:"read";b:1;s:7:"level_2";b:1;s:7:"level_1";b:1;s:7:"level_0";b:1;
    s:12:"delete_posts";b:1;s:22:"delete_published_posts";b:1;s:10:"edit_pages";b:1;}}
    I hope it helps you.
  • Glen
    Shinephp -

    BRILLIANT post, and U've got me looking @ my problem from a different angle.
    You wouldn't happen to have any idea what the command is when looking in a WordPressMU database would you?
    I need to add media upload capability to "Contributors", but I can't use a plug in r Module as WPMU been integrated into Joomla.
    Any thoughts?
  • shinephp
    Thanks. I made a new post to answer on your question about WPMU user role changing. Please read it at "How to change WordPress MU user role capabilities" post.
  • You should develop plugins instead of writing posts ;)
    Just kidding! Nice job!
  • shinephp
    Thanks. I describe my actions. Just to not forget if I need to make the same thing in the future :).
blog comments powered by Disqus