Hi Markus,
User Role Editor (URE) supports/realizes WordPress default scheme of work with user capabilities and user roles. All WordPress built-in roles has user capabilities only with boolean true. That is every role contains only capabilities granted/permitted for this role. If you see the not checked (empty) capability checkbox at the URE – it means that this capability is not granted to the currently selected role.
Thus, if user has 2 roles, role A (cap1, cap2) and role B (cap 3), the resulting permissions for such user will be the sum of capabilities from the both roles: cap1, cap2, cap3. All missed capabilities are not granted/permitted, but not prohibited to such user. You can not apparently prohibit capability via URE user interface.
Though there is Members plugin which allows deny capability for role or user.
Lets stick to the example where the user has 2 roles
(capabilities for better illustration)
role A: edit page, edit post, edit events
role B: edit post, edit events
According to your explanation, that would mean the user with role A and role B is able to edit a page.
But that is exactly what is not working.
—
In my real example above (screenshots) it’s not about edit_page
, but about edit_others_pages
Obviously, edit_others_pages
does not work. Even though the user has this capability with one role. But it is missing this capability on another role.
Either I did not understand it, or something is wrong
Interested what you think about it
Thank you for explanation. It should work as my experience says. Some another plugin or additional code (may be in functions.php) may be involved. Can you test with all plugins deactivated temporally?
Sorry for my late response – just tested it and can confirm it still does not work how you expected it to work.
So the scenario stays the same as previously described.
I am just not sure if this is an issue or works as designed.
The capabilities are given to a user/role.
It’s possible to not give a capability by not checking it.
If there was an option to prohibit/forbid a specific capability, then it would make sense. When one role allows something, while the other prohibits something. The prohibition is stronger.
But I thought WordPress does not work this way, as you can only tick or untick a capability, hence I am confused about this.
In my particular case, it’s not important. It’s a tiny project, I could just workaround it … but overall, it would be interesting to know how this works.