Best practices to handle multilpe roles and capabilities?

Answering my own question, if your system is not performance-critical, you can use a plugin for it, such as User Role Editor:

roles and capabilities best practices wordpress

It supports multi-site, multiple roles per user and a lot more.

Optionally, If I were to write it:

If I would like to have total control over it and write my custom code, I would handle roles management in a plugin, to keep it organized and logically separated from the rest of the code.

The main advantage of this structure right now is to give a dedicated folder to Roles, keeping it organized, and providing a basic OOP structure to work with. This could be extended with methods to help assigning custom post types capabilities for instance, etc.

plugins/custom-roles-manager/custom-roles-manager.php

<?php
/*
 * Plugin Name:  Custom Roles Manager
 * Description:  This plugin handles roles capabilities.
 * Requires PHP: 5.3
 */
defined('ABSPATH') OR exit;

/** Runs only when the plugin is activated */
register_activation_hook(__FILE__, 'custom_roles_manager_activate');
function custom_roles_manager_activate()
{
    require_once(__DIR__ . '/RoleInterface.php');

    // This is the folder we add roles on
    $roles_folder = __DIR__ . '/roles';

    // If it throws anything, WordPress will automatically disable the plugin and show the notice
    $roles = crm_get_roles_in_folder($roles_folder);

    // Give developer a chance to filter the roles for any reason
    $roles = apply_filters('crm_get_roles', $roles);

    foreach ($roles as $role) {
        // Filter might add $role that does not implement RoleInterface
        if ($role instanceof RoleInterface) {
            $role->add();
        } else {
            throw new Exception('All roles handled by Custom Roles Manager must implement RoleInterface interface.');
        }
    }
}

/**
 * Returns an array of concrete classes that implements RoleInterface
 * in a given directory
 * 
 * @param $dir
 *
 * @return array
 * @throws ReflectionException
 */
function crm_get_roles_in_folder($dir)
{
    $roles = array();

    $roles_files = new RegexIterator(
        new DirectoryIterator($dir),
        '/\.php$/',
        RegexIterator::MATCH
    );

    foreach ($roles_files as $role_file) {
        include_once($role_file->getPathname());
        $r = new ReflectionClass($role_file->getBasename('.php'));
        if ($r->implementsInterface(RoleInterface::class)) {
            $roles[] = $r->newInstance();
        }
    }

    return $roles;
}

plugins/custom-roles-manager/RoleInterface.php

<?php

interface RoleInterface
{
    /**
     * Function that has to be implemented for
     * each concrete class to actually add the role.
     */
    public function add();
}

plugins/custom-roles-manager/roles/PublicRelationsRole.php

<?php

class PublicRelationsRole implements RoleInterface
{
    public function add()
    {
        add_role(
            'public_relations',
            __('Public Relations'),
            [
                'read',
                'edit_post',
                'publish_post',
                'delete_post',
            ]
        );
    }
}

Example scenario: Creating “Some Other Role”

  1. Create file wp-content/plugins/custom-roles-manager/Roles/SomeOtherRole.php
  2. Make it implement RoleInterface and create add method in it, which calls add_role function from WordPress.
  3. Deactivate and activate plugin.

With time, your complex role system will have a dedicated folder for them, helping keep it organized, using OOP, which gives a few options on code re-use over time.

Related Posts:

  1. Users can only save their draft once before saving for revision
  2. How to create a clone role in wordpress
  3. How to add a Capability to a User Role?
  4. How do I make a draft post accessible to everyone?
  5. add_role() run only once?
  6. What do unfiltered_html and unfiltered_upload actually filter?
  7. Temporary capability for current_user_can()
  8. Allow roles below admin to add subscribers only
  9. Temporarily give ‘manage_options’ capability
  10. Hide specific admin users’ posts
  11. Allow authors to edit only certain users
  12. How to update role capabilities
  13. Capability to edit own posts and not others
  14. Do custom user roles have any default capabilities?
  15. How to programmatically add a user to a role?
  16. how to add custom user capabilities using add_user_meta or something else?
  17. Allow user to Publish, but not Edit or Delete
  18. How to not allow custom roles to edit published custom post types?
  19. Email notification for editors only
  20. Shold I manually add ‘cap’ to admin role ?
  21. Allow users to publish child pages of the pages they have access to edit
  22. New Roles and Capabilities in WordPress
  23. Why is wp-login redirecting to the home page when I use this function?
  24. Allow contributor to view own scheduled post
  25. How to prevent users with “edit_others_posts” capability from editing admin posts
  26. Author Role – Allow editing of Gallery images
  27. What is the difference between “create_users” and “add_users” capabilities?
  28. How to delete user roles?
  29. How to get all users with Author role capabilities?
  30. How to check if a role has a specific capability
  31. Locking Down WordPress Application Password Permissions / Capabilities
  32. Prevent custom user role to add new pages
  33. Allow user to edit specific user with meta key using map_meta_cap
  34. How to remove sticky post capability for a specific user role?
  35. Let new user role to ‘edit_others_posts’ of other user role, not of its own type
  36. How can I have different groups of editors only allowed to edit certain parent+subpages?
  37. The delete_posts capability?
  38. How to restrict access to specific pages on the back-end?
  39. Capabilites not working [closed]
  40. add_menu_page() for more than one user role
  41. Remove wordpress author’s capability to moderate comments on their own posts
  42. Can you set a role as author?
  43. Prevent Editors from Editing/Deleting Admin Accounts
  44. How can I disable the update notice for non-administrators?
  45. Where are the WordPress capabilities stored?
  46. Adding Capabilities to a WordPress User Account
  47. Custom user roles for access to specific parts of the site
  48. Pending status by default for a specific role
  49. How do I restrict user access to plugins?
  50. Define new user capability for custom post types?
  51. My subscriber has the “edit comment” capability but can’t edit comment
  52. Show metabox for a special role
  53. User Role Capabilities for WordPress Gutenberg Blocks
  54. Subscriber (with read permissions) cannot view Private posts
  55. How can I add a custom role capability to use in a custom plugin?
  56. bbPress plugin moderator roles
  57. Allowing user to edit posts based on the post status
  58. Custom capabilities to add, edit, remove users of a particular role only?
  59. Stop users of author role from editing already pending posts
  60. add_role user capability not working
  61. Purpose of Adding Capability to Role But Not Grant?
  62. How to check user role?
  63. How can I promote a user to a network administrator?
  64. Reset Roles (or undo role changes on theme change)
  65. How to get a users list by who created them?
  66. Force modified contributor role to be re-approved on edit?
  67. Authorize users for specific pages and/or categories
  68. Custom Capabilities for CPT and Problem with current_user_can()
  69. Hiding custom theme functionality using capabilities
  70. user_can() not working for comment authors
  71. Which capabilities are available in Gravity Forms Salesforce plugin? [closed]
  72. How to write conditions based on user capabilities not on user role?
  73. What Capability is required to let a role RUN code in Edit Theme?
  74. Want to know parameters that can be passed to user_can() for access control by user capabilities
  75. Create sub-administrator role that can do everything except use or see the code editor
  76. Let editors view post in admin but not be able to perform a save/edit
  77. Capabilities don’t add
  78. Require Capability to View Woocommerce Product
  79. User role editor – Add download files capability
  80. How to determine which capability to use?
  81. Why can my subscribers create new posts for review?
  82. Disabled delete_others_posts if post is from admin
  83. How can I check if a visitor can read a post?
  84. How to query users to count all with a custom capability and limit it to a set of roles?
  85. Adding all custom capabilities to admin
  86. User role and capablities only for 1 plugin
  87. How to give plugin access to specific role(s)
  88. current_user_can( ‘edit_user’ ) does not work
  89. Create role that can edit some user details, but not the role
  90. How can I add capability to multiple roles?
  91. Role and Capabilities: How do I allow user role to access theme options without enabling ‘manage_options’?
  92. Custom Gutenberg Block and unfiltered_html capability
  93. Enable plugins for a specific user role
  94. Why does user_can return false for a capability during plugin deactivation?
  95. Hide user fields based off capability
  96. Author capabilities: Deleting comments on their own published posts
  97. Need to create admin user without capability to create user
  98. Grant access to admin menu?
  99. How to disable plugin capability : “create new category”
  100. How might I enable a user to view Draft pages from a different Author, without the ability to edit?