diff --git a/users/roles-and-capabilities/super-admin b/users/roles-and-capabilities/super-admin new file mode 100644 index 0000000..fd6908a --- /dev/null +++ b/users/roles-and-capabilities/super-admin @@ -0,0 +1,45 @@ +

Super Admin

+ +Super Admin is not a typical role like subscriber, to which capabilities can be granted or revoked; +rather, super admin is a status that can be granted to users when WordPress is in multisite mode. +These users are then granted all capabilities on the network, except where explicitly denied. + +A capability such as read_others_posts can be granted to the subscriber role, by the way of: +add_cap( 'edit_posts' ); +?> + +By default, super admins would have the edit_posts capability and any other capability. +WordPress uses the current_user_can() function to check if the current user has the passed capability, +and this function is what grants all capabilities to super admins. current_user_can is a wrapper function +for user_can(), which calls the has_cap() method on the WP_User object. In the has_cap method, +there exists the code that grants super admin all capabilities: + +ID ) ) { + if ( in_array( 'do_not_allow', $caps, true ) ) { + return false; + } + return true; +} +?> + +The code above checks if WordPress is in multisite mode and if the user in question is a super admin. +If both conditions are met, has_cap returns true if the user is not explicitly denied the capability, +as in 'do_not_allow'. For users who are not super admins, has_cap continues executing and checks +if the user has been explicitly granted the capability, ending with: + + + +As a result, there is no need to explicity grant capablities to super admins, +because super admins are already granted all capabilities by WordPress.