Permissions
WordPress provides a full set of permissions for each logged in user, which many themes and plugins utilize to ensure the current user can view, edit, and delete both their’s and other’s posts.
This is usually done in PHP with built-in functions like current_user_can. Whenever you use the PHP filters in this documentation, you can continue using that function and other WordPress suggested strategies for checking permissions on the server.
Javascript permissions
To provide the same level of security in Index, a Javascript object of the current user permissions is provided into various filters like actions and modifiers. The object contains permission keys and boolean values:
{
"switch_themes": true,
"edit_themes": true,
"activate_plugins": true,
"edit_plugins": true,
"edit_users": true,
"edit_files": true,
"manage_options": true,
"moderate_comments": true,
"manage_categories": true,
"manage_links": true,
"upload_files": true,
"import": true,
"unfiltered_html": true,
"edit_posts": true,
"edit_others_posts": true,
"edit_published_posts": true,
"publish_posts": true,
"edit_pages": true,
"read": true,
"level_10": true,
"level_9": true,
"level_8": true,
"level_7": true,
"level_6": true,
"level_5": true,
"level_4": true,
"level_3": true,
"level_2": true,
"level_1": true,
"level_0": true,
"edit_others_pages": true,
"edit_published_pages": true,
"publish_pages": true,
"delete_pages": true,
"delete_others_pages": true,
"delete_published_pages": true,
"delete_posts": true,
"delete_others_posts": true,
"delete_published_posts": true,
"delete_private_posts": true,
"edit_private_posts": true,
"read_private_posts": true,
"delete_private_pages": true,
"edit_private_pages": true,
"read_private_pages": true,
"delete_users": true,
"create_users": true,
"unfiltered_upload": true,
"edit_dashboard": true,
"update_plugins": true,
"delete_plugins": true,
"install_plugins": true,
"update_themes": true,
"install_themes": true,
"update_core": true,
"list_users": true,
"remove_users": true,
"promote_users": true,
"edit_theme_options": true,
"delete_themes": true,
"export": true
}
Note: this may look different for you, depending on activated plugins and themes. When adding features that handle permissions, you should log the object to the web console and review what’s available.