WordPress Capabilities: edit_user vs edit_users

I found a few references to edit_user as a capability, one of which is this:

// Allow user to edit itself
    if ( 'edit_user' == $cap && isset( $args[0] ) && $user_id == $args[0] )
    break;

http://core.trac.wordpress.org/browser/tags/3.5.2/wp-includes/capabilities.php#L1005

I believe the comment in that block of code answers this question.

Per @PatJ, it looks like map_meta_cap converts (in a sense) edit_user into edit_users but only if the user attempting to edit the profile is the profile’s owner, thus allowing users who otherwise have no user edit capabilities to edit their own profile information.

Related Posts:

  1. Allowing Custom Capability to Manage Plugin Options
  2. How To Create A File Archive in WordPress?
  3. What are the common security flaws I need to look for? [closed]
  4. How can I modify the Capability needed to access a plugin’s options?
  5. Where should my plugin POST to?
  6. Add Capabilities to Custom Post Type after it has been created [duplicate]
  7. Security error WP 4.0 + WP phpBB Bridge [closed]
  8. Should I use RIPS tool to test my themes and plugins?
  9. Checking for user role in a custom plugin
  10. Allow Facebook to preview posts before published
  11. Escape when echoed
  12. Set user ID at time of wp_create_user
  13. Update User Role
  14. How to write a plugin to add users to a mail list
  15. How to make a customize role and view a specific plugins base on that role?
  16. wp_create_nonce function doesn’t work inside a plugin?
  17. Making a plugin only available on the front-end for the logged in super admin
  18. Redirection of users away from wp-admin (but not administrators)
  19. How to set add question capability for author role in wp pro quiz plugin
  20. Unable to delete custom post types, confusion around capabilities
  21. Can a Plugin Override New User Default Role Type
  22. I should enable automatic updates?
  23. Prevent direct access to WordPress plugin assets?
  24. How to prevent plugins from sniffing/stealing other plugins’ options?
  25. Add User Role: Pre-saved in User-Meta [SOLVED]
  26. Remove specific administrator’s capability
  27. How to hide plugin options for editors via functions.php
  28. Adding plugin editing capability for Author
  29. Security of a WordPress Plugin
  30. Help to Create a Simple Plugin to make a post
  31. Allow a particular user to access a particular plugin?
  32. Content-Security-Policy implementation with WordPress W3Total Cache plugin installed
  33. See which user role / capability is needed to use a plugin
  34. Securing a plugin pop-up window
  35. Remove dashboard links from wordpress
  36. Why user profile update creates Additional Capabilities
  37. What is more secure checking capabilities of user or checking role of user in WordPress plugin development
  38. Run only on plug-in activation instead of wp_head
  39. wp_verify_nonce fails always
  40. Validating values using Settings API?
  41. Want to add post to user dashboard
  42. Sync roles across several plugins
  43. How to disable plugin capability : “create new category”
  44. edit slider plugin capability for custom_role
  45. What security concerns should I have when setting FS_METHOD to “direct” in wp-config?
  46. What’s the preferred method of writing AJAX-enabled plugins?
  47. How to add a shortcode button to the TinyMCE editor?
  48. Is there any record of installed plugins in the database?
  49. Using require_once in a Plugin?
  50. How do I check if my $wpdb->insert() was successful?
  51. Creating a theme option page?
  52. Add post thumbnail from external image with plugin
  53. How to allow Unfiltered HTML in a wordpress multisite install
  54. Where is the source code that makes the “all” array grabs filters in the $wp_filter?
  55. Options page not displayed under Settings menu
  56. How can I change plugin to give access to editor user role?
  57. Is it possible to add an action to the currently running action?
  58. How to include and use custom class files in plugin?
  59. Action on post publish
  60. OOP: Display warning and deactivate the plugin if PHP version is less than 5.4
  61. Only execute jQuery function(on document ready) on the page has shortcode from plugin [duplicate]
  62. unzip a folder on specific location and delete the zip file
  63. Changing labels of status filters for post grid
  64. Where to call add_shortcode function in WordPress Plugin Boilerplate?
  65. How to keep users unique id stored in session in addition to IP in WordPress plugin?
  66. Plugin version is not showing up in wordpress.org plugin directory
  67. wordpress plugin is not activating from widget
  68. uninstall.php file in Plugin to clean DB
  69. How to get specific setting by settings_fields()?
  70. Filter custom posts based on the user role of author
  71. Save / Show multi line text in metabox
  72. Best way to initiate a class in a WP plugin?
  73. How to create a child/addon plugin
  74. How to secure the release of WordPress plugins / avoid copying plugins?
  75. add_filter doesn’t work
  76. how to force tag page layout to use same as search layout?
  77. Delay JavaScript files from loading
  78. Run function on plugin activation before plugin is loaded
  79. Gutenberg Block Style CSS Class Is Not Applying on Backend
  80. Why is it important to check for isset and is_array before checking in_array in this example?
  81. WordPress custom plugin that uses woocommerce enabled payment gateway for payment [closed]
  82. How to call external functions from a PHP script in a WordPress plugin?
  83. Don’t load the theme for a page FROM a plugin EDITED
  84. WordPress Feed Creator Name Tag Full Name Instead Of First Name
  85. How to add custom function to pluggable.php
  86. How to get Recent Post From Each Category with Thumbnail?
  87. Remove Zero Money From Previews Order woocommerce
  88. How use wp_insert_post and add og:custom tags?
  89. Access remote SFTP server via WordPress login?
  90. how to create user profile pages and display them based on users roles
  91. How to change “Read More” text?
  92. How to use wp_editor and save its data in wp_posts table
  93. My WordPress activation hook isn’t working
  94. Public WP website with one area just for members
  95. WordPress ajax error 400 bad request for sending data to remote site [duplicate]
  96. Echo custom admin field into a is_single()
  97. Exclude specifed files from plugin editor
  98. Jquery post responses 500 error after some time and lastly an 503 error
  99. How can I delete the options from DB when the plugin is deleted?
  100. public custom posts not showing in my wordpress plugin

Leave a Comment