티스토리 수익 글 보기
WordPress Core Abilities #40
Description
As the Abilities API is developed for inclusion in WordPress Core, we need to define a default set of abilities that will be bundled with it. This proposal outlines a foundational set of abilities intended to be safe, useful for the majority of use cases, and non-destructive by default.
All ability names below follow the established namespace/ability-name convention enforced by the API. The core namespace is used to designate that they are part of the WordPress Core set.
Proposed Core Abilities
Site and Settings
core/get-site-infocore/get-settingscore/update-settings
Users
core/get-current-usercore/get-usercore/find-userscore/update-user-profile
Posts and Pages
core/find-postscore/get-postcore/create-postcore/update-postcore/find-pagescore/get-pagecore/create-pagecore/update-page
Media
core/find-media-itemscore/get-media-itemcore/upload-media-itemcore/update-media-item
Comments
core/find-commentscore/get-comment
Taxonomy
core/find-categoriescore/get-categorycore/find-tagscore/get-tag
Menus
core/get-menu-locationscore/get-menu
Themes
core/get-active-themecore/list-themes
Plugins
core/list-pluginscore/get-plugincore/activate-plugincore/deactivate-plugincore/update-plugin
Out of Scope for this Proposal
- Deleting content, users, or media.
- Installing or uninstalling plugins and themes.
- Theme switching.
- Creating or modifying menus.
- Any actions that cannot be easily reversed.
Open Questions
-
Plugin Management: This proposal includes abilities to activate, deactivate, and update plugins. Given the potential for site instability, what guardrails are essential? Should these actions be limited to an allowlist of specific plugins by default to prevent unintended changes?
-
Destructive Actions: This initial set deliberately excludes destructive actions like deleting posts or users. Should a future version include them? If so, what additional security measures, like a ‘trash’ or ‘undo’ ability, would be required to maintain a high degree of safety?