I’ve been a WP developer for a couple of years now but only recently has the concept of meta vs. primitive capabilities really “clicked” with me. I’m building some tools right now to allow easy creation of new custom post types. Sometimes the sites I build can get pretty extensive – I think my record is something like 11 custom post types on a single site.
My question is this: For certain basic custom post types where there is no strong need for security between users (for instance, the site’s users are all trusted, or there is only 1 user), is there any issue with just mapping the seven default capabilities to their corresponding meta cap?
(e.g. 'edit_others_posts' => 'edit_post'
)
The idea is that I would have 3 possible permission configurations for a custom post type depending on what is needed:
- A basic one, mapping each of the 7 capabilities to one of the the 3 meta caps
- An intermediate one, with each of the 7 standard capabilities mapped to a corresponding one for the post type (like posts and pages)
- An advanced one, where
map_meta_cap
is true on the post type, containing ~14 mapped capabilities
The main problem I am trying to solve is extreme clutter when using the role editor. As you can imagine, when you have 11 custom post types each with 7 capabilities, it gets pretty full – and maybe four out of five times, it’s either “all on” or “all off” for a CPT on a role-by-role basis. I don’t quite want to move to a single capability for those, but this gets me most of the way there.