Adding capabilities to super admins

I’m developing a plugin that uses custom capabilities. Some of those capabilities need to be added to all users who are super admins. Currently, I’m using this code:

$supers = get_super_admins();
foreach ( $supers as $admin ) {
    $user = new WP_User( 0, $admin );
    $user->add_cap( 'my_cap' );
    $user->add_cap( 'my_second_cap' );
}

However, I’m concerned that this code is just adding the capabilities to the individual users, as opposed to the role as I usually would. If a new super admin is created, they will not have these capabilities as this function only runs on plugin activation.

Read More

Is there a better way of adding custom capabilities to super admins?

Related posts

Leave a Reply

3 comments

  1. Although this isn’t well documented, “Super Admin” is not a role (in that it is not an actual role object). It’s more like a special “status”.

    A list of users who are Super Admins (also called “network admins” or “site admins”) are stored in a database site-option record called site_admins. Generally, adding a capability to the Administrator role is enough since Super Admins are also, de facto, members of Administrator role with all it’s capabilities.

    That said, if you specifically need to add a capability only to Super Admins (but not “normal” administrators), it might be better to simply use WordPress’s is_super_admin() function instead of using capabilities at all, since it is assumed that Super Admins have no restrictions.

    If you really need to use capabilities, you should use the grant_super_admin and remove_super_admin hooks to add or remove capabilities to/from Super Admin users (respectively) as soon as their Super Admin status changes.

    Now as far as changing capabilities for existing Super Admin users, your approach is the best … fetch a list of super admin users, loop through it, and add capabilities to each (although should only need to run that once EVER if you used the above hooks).

  2. It depends on whether it’s single site or multisite.

    Multisite:

    Super admin has all capabilities unless specifically denied. From Core class-wp-user.php::has_cap:

    if ( is_multisite() && is_super_admin( $this->ID ) ) {
        if ( in_array( 'do_not_allow', $caps ) ) {
            return false;
        }
        return true;
    }
    

    Single site

    Super-admin cannot be added on Single Sites. From Core capabilities.php::grant_super_admin():

    function grant_super_admin( $user_id ) {
        if ( isset( $GLOBALS['super_admins'] ) || ! is_multisite() ) {
            return false;
        }
    

    If for some reason a user has the super-admin status on a single site, it won’t change anything in regards to what capability the user has.

  3. The things to do:

    1. Get the author role.
    2. Add capability to that role.

    For example:

    function add_theme_caps() {
        // gets the author role
        $role = get_role( 'author' );
    
        // This only works, because it accesses the class instance.
        // would allow the author to edit others' posts for current theme only
        $role->add_cap( 'edit_others_posts' ); 
    }
    
    add_action( 'admin_init', 'add_theme_caps');
    

    The code above is a snippet from Function Reference/add_cap.