=== PublishPress Capabilities: Manage WordPress Permissions and Edit User Roles === Contributors: publishpress, kevinB, stevejburge, andergmartins Author: PublishPress Author URI: https://publishpress.com Tags: user roles, capabilities, permissions, authors, editors, post types, taxonomies Requires at least: 4.9.7 Tested up to: 5.5 Requires PHP: 5.6.20 Stable tag: 1.10.1 License: GPLv3 License URI: https://www.gnu.org/licenses/gpl-3.0.html PublishPress Capabilities is the best plugin to customize your permissions and user roles. You can control who has access to your WordPress site. == Description == [PublishPress Capabilities](https://publishpress.com/capabilities/) gives you control over all the permissions on your WordPress site. You can customize all the user roles on your site, from Administrators and Editors to Authors, Contributors, Subscribers and custom roles. Each role can have the exact permissions that your site needs. PublishPress Capabilities allows you to modify existing roles, but you can also create new roles. These roles can be added to single sites or to an entire multisite network. PublishPress Capabilities is safe to use. Every time you change your site's permissions, PublishPress Capabilities will take a backup that you can restore if anything goes wrong. You can use these backups to migrate your roles and permissions from one site to another. = Control User Permissions = PublishPress Capabilities gives you detailed control over all the permissions on your WordPress site. You can customize all the user roles on your site, from Administrator to Subscriber. With Capabilities, you can choose who can Publish, Read, Edit and Delete content. You can choose permissions for posts, pages, custom content types, categories, tags, and more. [Click here for your quick start guide to PublishPress Capabilities](https://publishpress.com/knowledge-base/permissions-start/). = Capabilities for any Post Type = Many WordPress users have sites with custom post types. This can be done using custom code, a theme, or with a plugin. No matter how your post type is created, PublishPress Capabilities lets you enforce and assign distinct capabilities for your post type. [Click here to see how to control post type permissions](https://publishpress.com/knowledge-base/custom-post-types-capability/). = Permissions for Custom Statuses = This option will appear if you have the [PublishPress](https://publishpress.com/publishpress) plugin installed to create and configure custom statuses. With Capabilities Pro, you can decide which user roles are able to send posts to each status. For status-specific editing control, also activate [PublishPress Permissions Pro](https://publishpress.com/presspermit) and its Status Control module. [Click here to see how to manage permissions for statuses](https://publishpress.com/knowledge-base/permissions-for-custom-statuses/). = Capabilities for any Taxonomy = The PublishPress Capabilities plugin allows you to add extra permissions to the taxonomies on your site. This feature includes the default Categories and Tags, but also applies to other taxonomies. For example, in WooCommerce you can apply custom permissions to Product categories, Product tags, and Product shipping classes. You can enforce and assign "Manage", "Edit" and "Assign" distinct capabilities for all your taxonomies. [Click here to learn about taxonomy permissions](https://publishpress.com/knowledge-base/taxonomy-specific-capabilities/). = Backup and Restore Roles and Capabilities = PublishPress Capabilities offers you the ability to back up and restore your permissions. This feature is very helpful if you want to test out changes on your site, or if you've installed a new plugin that has changed your site's permissions. Every time you change your permissions, the PublishPress Capabilities plugin will now automatically create a backup. If you make a mistake, go to the "Backup" menu link and you'll be able to roll back to a previous version. [Click here to see how to backup permissions](https://publishpress.com/knowledge-base/backup-restore-permissions/). = Create or Copy User Roles = With PublishPress Capabilities you can create or copy any existing WordPress user role. These roles can be customized in exactly the same way as the default WordPress roles. These new roles can be added to single sites or to an entire multisite network. [Click here to see how to create or copy user roles](https://publishpress.com/knowledge-base/create-or-copy-user-roles/). = Support for Media Library Permissions = PublishPress Capabilities enables you to decide who can upload, edit and delete files from your site's Media Library. By default, only Administrators are able to delete files in your Media Library. Subscribers and Contributors are not even allowed to upload files. You can customize these permissions for the Media Library and also the Featured Image box. [Click here to learn about Media Library permissions](https://publishpress.com/knowledge-base/control-media-library-access/). = Support for WooCommerce Permissions = We mentioned earlier that PublishPress Capabilities has special support for WooCommerce taxonomies. This is true for the rest of WooCommerce also. With PublishPress Capabilities you can control permissions for WooCommerce products, orders and coupons. [Click here to learn about WooCommerce permissions](https://publishpress.com/knowledge-base/woocommerce-permissons/). = WordPress Multisite support = PublishPress Capabilities allows you to control permissions on a single site or across your whole network. Every time you update permissions in PublishPress Capabilities, you can choose to sync those changes across your multisite network. [Click here to learn about multisite permissions](https://publishpress.com/knowledge-base/multisite-network/). = Join PublishPress and get the Pro plugins = The Pro versions of the PublishPress plugins are well worth your investment. The Pro versions have extra features and faster support. [Click here to join PublishPress](https://publishpress.com/pricing/). Join PublishPress and you'll get access to these 6 Pro plugins: * [PublishPress Authors Pro](https://publishpress.com/authors) allows you to add multiple authors and guest authors to WordPress posts. * [PublishPress Capabilities Pro](https://publishpress.com/capabilities) is the plugin to manage your WordPress user roles, permissions, and capabilities. * [PublishPress Checklists Pro](https://publishpress.com/checklists) enables you to define tasks that must be completed before content is published. * [PublishPress Permissions Pro](https://publishpress.com/permissions) is the plugin for advanced WordPress permissions. * [PublishPress Pro](https://publishpress.com/publishpress) is the plugin for managing and scheduling WordPress content. * [PublishPress Revisions Pro](https://publishpress.com/revisions) allows you to update your published pages with teamwork and precision. Together, these plugins are a suite of powerful publishing tools for WordPress. If you need to create a professional workflow in WordPress, with moderation, revisions, permissions and more... then you should try PublishPress. = Bug Reports = Bug reports for PublishPress Capabilities are welcomed in our [repository on GitHub](https://github.com/publishpress/publishpress-capabilities). Please note that GitHub is not a support forum, and that issues that aren't properly qualified as bugs will be closed. = Follow the PublishPress team = Follow PublishPress on [Facebook](https://www.facebook.com/publishpress), [Twitter](https://www.twitter.com/publishpresscom) and [YouTube](https://www.youtube.com/publishpress). == Screenshots == 1. Control user permissions 2. Create and copy user roles 3. Content permissions 4. Permissions for Custom Statuses 5. Enforce Type-Specific Capabilities 6. Enforce Taxonomy-Specific Capabilities 7. Detailed Taxonomy Capabilities 8. Automatic or Manual Capabilities Backup, Restore 9. Control WooCommerce Capabilities 10. PublishPress Permission integration (showing capabilities from supplemental roles) 11. Multisite support == Upgrade Notice == = 1.5.1 = Fixed : Non-administrators with user editing capabilities could add new Administrators == Changelog == = 1.10.1 - 8 Oct 2020 = * Fixed : Type-Specific Capabilities options included some non-public WordPress post types that don't support capability customization * Fixed : Review of role backup contents does not show name of current roles which would be removed by restoring backup = 1.10 - 1 Oct 2020 = * Feature : Improved design and styling for Backup and Restore * Feature : Backup > Restore - filter to display only modified capabilities * Compat : Advanced Gutenberg - include AG Profile capabilities in Editing, Deletion, Reading capabilities grid * Fixed : Media Create / upload_files capability could not be removed from role * Fixed : Multisite - Incorrect menu display on sites where main site ID is not 1 * Fixed : Language file load failure if plugin directory structure is non-standard = 1.9.12 - 16 Jun 2020 = * Fixed : Fatal error due to missing vendor library folder = 1.9.11 - 16 Jun 2020 = * Fixed : Upgrade menu links were not displayed = 1.9.10 - 1 Jun 2020 = * Fixed : PublishPress Permissions - Type / Taxonomy settings incorrectly synchronized under some conditions = 1.9.9 - 13 May 2020 = * Compat : PublishPress Permissions - "Type-Specific Capabilities" setting was not properly synchronized with Permissions > Settings > Core > Filtered Post Types = 1.9.6 - 23 Apr 2020 = * Change : Add New Role retains capitalization as entered for role title (otherwise applies proper case) * Feature : Rename Role sidebar box on Capabilities screen * Fixed : Fatal error on plugin load if Administrator role does not exist * Compat : PublishPress Permissions - Post Type selections for "Type-Specific Capabilities" were not synchronized with PublishPress Permissions under some conditions = 1.9.5 - 6 Apr 2020 = * Fixed : Fatal error loading Capabilities screen on a small percentage of installations * Compat : PublishPress Permissions - Post Type selections for "Type-Specific Capabilities" were not synchronized with PublishPress Permissions under some conditions = 1.9.4 - 2 Apr 2020 = * Fixed : Fatal error loading Capabilities screen on a small percentage of installations * Fixed : Capabilities menu was displayed to non-Administrators with no items except "Upgrade to Pro" = 1.9.3 - 17 Mar 2020 = * Fixed : Capabilities screen was not accessible to non-Administrators who have "manage_capabilities" capability * Fixed : Some functions were not accessible to network Super Administrators without a role on the site * Change : Clarify some messages for plugin access denial = 1.9.2 - 16 Mar 2020 = * Feature : Auto-backup role and capabilities on each update (and on update to this version) * Fixed : First-time installation: Capabilities menu item not displayed until after Plugins or Users menu clicked * Change : Third Party Plugin Capabilities - always display checkboxes even if capabilities not present in Administrator role * Fixed : Plugin capability sections - pp_set_notification_channel and pp_manage_roles were included in both PublishPress and PublishPress Permissions sections * Fixed : Capability Negation (Denial) bulk unselect link was ambiguous due to missing strikethrough = 1.9.1 - 16 Jan 2020 = * Fixed : Create Role, Copy Role, and Add Capability sidebar functions did not work with ENTER keypress (caused screen reload without applying operation) = 1.9 - 9 Jan 2020 = * Change : Renamed to PublishPress Capabilities * Feature : Capabilities link on PublishPress > Roles row opens Role Capabilities screen * Feature : Role Capabilities screen links to PublishPress > Roles for member management * Fixed : Browser reload caused Role Capabilities screen to display default role * Fixed : Add Capability sidebar added custom capability to role immediately, but capability checkbox did not display as checked until reload * Fixed : Category Assign or Delete capabilities were not effective due to WordPress core forcing default capability requirement * Fixed : Term Assign or Delete capabilities were not effective due to WordPress core forcing default capability requirement * Fixed : Multisite - On sub-sites, Role Capabilities screen did not display PublishPress Capabilities section to Super Administrators who don't have a role on the site * Fixed : Role name captions on Role Capabilities and Backup Tool screens could not be translated * Fixed : Checkbox bulk selection on Role Capabilities screen was incorrect under some conditions * Change : Reinstate WordPress edit_published_posts workaround with correct status filtering behavior * Change : Apply workaround filters for WordPress edit_published_posts / publish_posts handling only for users who have edit_published_posts capability for current post type = 1.8.1 - 25 Oct 2019 = * Fixed : Automatic publication of blank auto-drafts, WooCommerce posts save with incorrect post status (since 1.8) = 1.8 - 24 Oct 2019 = * Feature : WooCommerce, PublishPress, PressPermit capabilities grouped in sections on role editor screen * Feature : Plugin API - plugins can hook into "cme_plugin_capabilities" filter to register their capabilities * Feature : Work around WordPress issue preventing users with edit_published_posts (but not publish_posts) capability from updating published posts (https://core.trac.wordpress.org/ticket/47443) * Feature : Work around WordPress issue allowing users with edit_published_posts (but not publish_posts) to unpublish published posts * Fixed : If a unique edit/delete capability is already defined, don't change the definition * Fixed : Removed add_users from the Core WordPress Capabilities section because it is was replaced by promote_users * Fixed : PHP Notices on Role Capabilities screen for undefined index, under some configurations * Fixed : HTML validation errors on Manage Capabilities screen * Fixed : PHP 5.x : Notice for undefined constant PHP_INT_MIN on wp-admin Posts / Pages listing * Change : Move Role Capabilities menu item to Permissions menu if PressPermit plugin is active (restoring previous behavior with Press Permit Core) * Change : Edit Roles link in CME row of Plugins list * Change : PublishPress icon, footer on Roles and Capabilities screen = 1.7.5 - 24 May 2019 = * Fixed : Users' inclusion or non-inclusion in Authors dropdown was not updated based on role edit = 1.7.4 - 1 May 2019 = * Fixed : On some sites, capabilities added dynamically by other code were forced into stored role definition (and could not be removed). * Fixed : Negative role capabilities could not be directly unset (had to be checked, saved, then unchecked). = 1.7.3 - 9 Apr 2019 = * Fixed : Work around WP quirk of completely blocking admin page access for a post type if user lacks create capability for the post type and there are no other accessible items on the menu. * Fixed : PHP Notices on Roles and Capabilities screen for non-Administrator with WooCommerce active = 1.7.2 - 3 Apr 2019 = * Compat : WooCommerce integration - Users lacking access to the "Add New Order" submenu could not access Posts, Pages, Products or any other Post Type listing. This occurred if "use create_posts" option enabled and user lacks the create capability for Orders. = 1.7.1 - 29 Mar 2019 = * Fixed : Press Permit integration - cannot load Permissions > Role Capabilities with Press Permit Core < 2.7 = 1.7 - 28 Mar 2019 = * Feature : New right sidebar setting: "Type-Specific Capabilities" for selected post types (without activating Press Permit Core). * Feature : New right sidebar setting: "Taxonomy-Specific Capabilities" ensures a distinct manage capability for selected taxonomies * Feature : New right sidebar setting: "Detailed Taxonomy Capabilities" causes term assign, edit and deletion capabilities to be required and credited separate from management capability * Feature : WooCommerce - Ensure orders can be edited or added based on edit_shop_orders / create_shop_orders capability * Change : Lockout safeguard (preventing read capability removal) is bypassed if role has no WP admin / edit capabilities, or if it has "dashboard_lockout_ok" capability * Compat : Press Permit: new plugin page slugs in Press Permit Core 2.7 = 1.6.1 = * Feature : Prevent read capability from being removed from a standard role * Feature : If read capability is missing from a standard role, display warning and instant fix link * Feature : Additional save button at top of Roles and Capabilities screen! * Change : Reinstate Press Permit description link * Change : Thickbox popups for related plugins = 1.6 = * Feature : WooCommerce - If current user has duplicate_products capability, make Woo honor it * Feature : Link to Backup Tool from sidebar of Roles and Capabilities screen * Feature : Link to Roles and Capabilities screen from Backup Tool * Change : Minor code cleanup and refactor * Change : Copyrights, onscreen link for PublishPress ownership * Change : Links to Related Permissions Plugins in sidebar on Roles and Capabilities screen = 1.5.11 = * Feature : Automatically save backup of WP roles on plugin activation or update * Feature : When roles are manually backed up, also retain initial role backup * Feature : Backup Tool can also display contents of role backups = 1.5.10 = * Fixed : Back button caused mismatching role dropdown selection * Compat : PHP 7.2 - warning for deprecated function if a second copy of CME is activated = 1.5.9 = * Fixed : Potential vulnerability in wp-admin (but exposure was only to users with role editing capability) = 1.5.8 = * Fixed : PHP warning for deprecated function WP_Roles::reinit * Change : Don't allow non-Administrator to edit Administrators, even if Administrator role level is set to 0 = 1.5.7 = * Change : Revert menu captions to previous behavior ("Permissions > Role Capabilities" if Press Permit Core is active, otherwise "Users > Capabilities") = 1.5.6 = * Fixed : Correct some irregularities in CME admin menu item display = 1.5.5 = * Fixed : User editing was improperly blocked in some cases = 1.5.4 = * Fixed : Non-administrators' user editing capabilities were blocked if Press Permit Core was also active * Fixed : Non-administrators could not edit other users with their role (define constant CME_LEGACY_USER_EDIT_FILTER to retain previous behavior) * Fixed : Non-administrators could not assign their role to other users (define constant CME_LEGACY_USER_EDIT_FILTER to retain previous behavior) * Lang : Changed text domain for language pack conformance = 1.5.3 = * Fixed : On single-site installations, non-Administrators with delete_users capability could give new users an Administrator role (since 1.5.2) * Fixed : Deletion of a third party plugin role could cause users to be demoted to Subscriber inappropriately * Compat : Press Permit Core - Permission Group refresh was not triggered if Press Permit Core is inactive when CME deletes a role definition * Compat : Support third party display of available capabilities via capsman_get_capabilities or members_get_capabilities filter * Change : If user_level of Administrator role was cleared, non-Administrators with user editing capabilities could create/edit/delete Administrators. Administrator role is now implicitly treated as level 10. * Fixed : CSS caused formatting issues around wp-admin Update button on some installations * Perf : Don't output wp-admin CSS on non-CME screens * Lang : Fixed erroneous text_domain argument for numerous strings * Lang : Updated .pot and .po files = 1.5.2 = * Fixed : Network Super Administrators without an Administrator role on a particular site could not assign an Administrator role to other users of that site = 1.5.1 = * Fixed : Non-administrators with user editing capabilities could give new users a role with a higher level than their own (including Administrator) = 1.5 = * Feature : Support negative capabilities (storage to wp_roles array with false value) * Feature : Multisite - Copy a role definition to all current sites on a network * Feature : Multisite - Copy a role definition to new (future) sites on a network * Feature : Backup / Restore tool requires "restore_roles" capability or super admin status * Fixed : Role reset to WP defaults did not work, caused a PHP error / white screen * Change : Clarified English captions on Backup Tool screen * Fixed : Term deletion capability was not included in taxonomies grid even if defined * Fixed : jQuery notices for deprecated methods on Edit Role screen * Compat : Press Permit - if a role is marked as hidden, also default it for use by PP Pro as a Pattern Role (when PP Collaborative Editing is activated and Advanced Settings enabled) * Change : Press Permit promotional message includes link to display further info = 1.4.10 = * Perf : Eliminated unused framework code (reduced typical wp-admin memory usage by 0.6 MB) * Fixed : Failure to save capability changes, on some versions of PHP * Compat : Press Permit - PHP Warning on role save * Compat : Press Permit - PHP Warning on "Force Type-Specific Capabilities" settings update * Compat : Press Permit - "supplemental only" option stored redundant entries * Compat : Press Permit - green background around capabilities which * Compat : Press Permit - PHP Warning on "Force Type-Specific Capabilities" settings update * Maint : Stop using $GLOBALS superglobal * Change : Reduced download size by moving screenshots to assets folder of project folder = 1.4.9 = * Fixed : Role capabilities were not updated / refreshed properly on multisite installations * Feature : If create_posts capabilities are defined, organize checkboxes into a column alongside edit_posts * Feature : "Use create_posts capability" checkbox in sidebar auto-defines create_posts capabilities (requires Press Permit) * Compat : bbPress + Press Permit - Modified bbPress role capabilities were not redisplayed following save, required reload * Compat : bbPress + Press Permit - Adding a capability via the "Add Cap" textbox caused the checkbox to be available but not selected * Compat : Press Permit - "supplemental only" option was always enabled for newly created and copied roles, regardless of checkbox setting near Create/Copy button = 1.4.8 = * Compat : bbPress + Press Permit - "Add Capability" form failed when used on a bbPress role, caused creation of an invalid role = 1.4.7 = * Compat : Press Permit - flagging of roles as "supplemental assignment only" was not saved = 1.4.6 = * Compat : bbPress 2.2 (supports customization of dynamic forum role capabilities) * Compat : Press Permit + bbPress - customized role capabilities were not properly maintained on bbPress activation / deactivation, in some scenarios * Fixed : Role update and copy failed if currently stored capability array is corrupted = 1.4.5 = * Fixed : Capabilities were needlessly re-saved on role load * Fixed : Capability labels in "Other WordPress" section did not toggle checkbox selection * Press Permit integration: If capability is granted by the role's Permit Group, highlight it as green with a descriptive caption title, but leave checkbox enabled for display/editing of role defintion setting (previous behavior caused capability to be stripped out of WP role definition under some PP configurations) = 1.4.4 = * Fixed : On translated sites, roles could not be edited * Fixed : Menu item change to "Role Capabilities" broke existing translations = 1.4.3 = * Fixed : Separate checkbox was displayed for cap->edit_published_posts even if it was defined to the be same as cap->edit_posts * Press Permit integration: automatically store a backup copy of each role's last saved capability set so they can be reinstated if necessary (currently for bbPress) = 1.4.2 = * Language: updated .pot file * Press Permit integration: roles can be marked for supplemental assignment only (and suppressed from WP role assignment dropdown, requires PP 1.0-beta1.4) = 1.4.1 = * https compatibility: use content_url(), plugins_url() * Press Permit integration: if role definitions are reset to WP defaults, also repopulate PP capabilities (pp_manage_settings, etc.) = 1.4 = * Organized capabilities UI by post type and operation * Editing UI separates WP core capabilities and 3rd party capabilities * Clarified sidebar captions * Don't allow a non-Administrator to add or remove a capability they don't have * Fixed : PHP Warnings for unchecked capabilities * Press Permit integration: externally (dis)enable Post Types, Taxonomies for PP filtering (which forces type-specific capability definitions) * Show capabilities which Press Permit adds to the role by supplemental type-specific role assignment * Reduce memory usage by loading framework and plugin code only when needed = 1.3.2 = * Added Swedish translation. = 1.3.1 = * Fixed a bug where administrators could not create or manage other administrators. = 1.3 = * Cannot edit users with more capabilities than current user. * Cannot assign to users a role with more capabilities than current user. * Solved an incompatibility with Chameleon theme. * Migrated to the new Alkivia Framework. * Changed license to GPL version 2. = 1.2.5 = * Tested up to WP 2.9.1. = 1.2.4 = * Added Italian translation. = 1.2.3 = * Added German and Belorussian translations. = 1.2.2 = * Added Russian translation. = 1.2.1 = * Coding Standards. * Corrected internal links. * Updated Framework. = 1.2 = * Added backup/restore tool. = 1.1 = * Role deletion added. = 1.0.1 = * Some code improvements. * Updated Alkivia Framework. = 1.0 = * First public version.