Types Access provides a set of hooks that allows third-party software to use its capability/role management interface and functions.
The API can be used in order for custom capabilities (for third-party software) to be easily managed by admins and power users, using the Types Access interface.
The API consists of 3 hooks:
- types-access-area Defines an area in Types Access interface for third-party custom capabilities
- types-access-group Defines groups within custom Area for capabilities to be grouped by
- types-access-cap Defines a custom capability
Here is an example of how Forms plugin uses the API, in order to integrate access control on its forms.
On Init:
add_filter('types-access-area', array('Forms_Forms','register_access_cred_area')); add_filter('types-access-group', array('Forms_Forms','register_access_cred_group'), 10, 2); add_filter('types-access-cap', array('Forms_Forms','register_access_cred_caps'), 10, 3);
// register a new Types Access Area for custom Forms Frontend capabilities public static function register_access_cred_area($areas) { $Forms_ACCESS_AREA_NAME=__('Forms Frontend Access','wp-cred'); $Forms_ACCESS_AREA_ID='__Forms_Forms'; $Forms_ACCESS_GROUP_NAME=__('Forms Frontend Access Group','wp-cred'); $Forms_ACCESS_GROUP_ID='__Forms_Forms_GROUP'; $areas[] = array('id' => $Forms_ACCESS_AREA_ID, 'name' => $Forms_ACCESS_AREA_NAME); return $areas; } // register a new Types Access Group within Area for custom Forms Frontend capabilities public static function register_access_cred_group($groups, $id) { $Forms_ACCESS_AREA_NAME=__('Forms Frontend Access','wp-cred'); $Forms_ACCESS_AREA_ID='__Forms_Forms'; $Forms_ACCESS_GROUP_NAME=__('Forms Frontend Access Group','wp-cred'); $Forms_ACCESS_GROUP_ID='__Forms_Forms_GROUP'; if ($id == $Forms_ACCESS_AREA_ID) { $groups[] = array('id' => $Forms_ACCESS_GROUP_ID, 'name' => $Forms_ACCESS_GROUP_NAME); } return $groups; } // register custom Forms Frontend capabilities specific to each form type public static function register_access_cred_caps($caps, $area_id, $group_id) { $Forms_ACCESS_AREA_NAME=__('Forms Frontend Access','wp-cred'); $Forms_ACCESS_AREA_ID='__Forms_Forms'; $Forms_ACCESS_GROUP_NAME=__('Forms Frontend Access Group','wp-cred'); $Forms_ACCESS_GROUP_ID='__Forms_Forms_GROUP'; if ($area_id == $Forms_ACCESS_AREA_ID && $group_id == $Forms_ACCESS_GROUP_ID) { // these caps do not require a specific form $caps['delete_own_posts_with_cred'] = array( 'cap_id' => 'delete_own_posts_with_cred', 'title' => __('Delete Own Posts using Forms','wp-cred'), 'default_role' => 'administrator', ); $caps['delete_other_posts_with_cred'] = array( 'cap_id' => 'delete_other_posts_with_cred', 'title' => __('Delete Others Posts using Forms','wp-cred'), 'default_role' => 'administrator', ); } return $caps; }
After the custom capabilities for Forms have been registered with Types Access, admins and power users can assign these capabilities to the roles and users to which they choose.
It is important to understand that Types cannot implement the functionality of the custom capabilities, except in rare cases where the capability has well-known semantics (what it represents is known to be a default functionality)
In all other cases the plugin itself will have to implement the functionality. In Forms plugin this is done like:
if (!current_user_can('delete_own_posts_with_cred') && $current_user->ID == $post->post_author) { return ''.__('Do not have permission (delete own)','wp-cred').''; } if (!current_user_can('delete_other_posts_with_cred') && $current_user->ID != $post->post_author) { return ''.__('Do not have permission (delete other)','wp-cred').''; } // else user has this capability which is required and is allowed to perform operation
This is all is required to setup custom capabilities with Types Access API.