User Roles & Permissions

User Roles & Permissions

Tickets Please assigns granular capabilities to WordPress roles so you can control who creates events, who manages tickets, and who views attendee data. Permissions follow WordPress’s built-in role and capability system — no custom role plugins required.

Role Summary

Each default WordPress role receives a specific set of Tickets Please capabilities:

Role	Events	Venues	Organizers	Tickets	Attendees	Categories
Administrator	Full access	Full access	Full access	Full access	Full access	Full access
Editor	Create, edit, delete any	Create, edit, delete any	Create, edit, delete any	Read	Read	Manage
Author	Own only	Own only	Own only	None	None	Assign
Contributor	Own, cannot publish	None	None	None	None	None
Subscriber	None	None	None	None	None	None

“Full access” means create, read, edit, delete, publish, and manage both own and others’ posts of that type.

Capability Naming Pattern

Each custom post type has a set of capabilities following this pattern:

• edit_{post_type} — Edit own posts
• edit_others_{post_type} — Edit posts created by other users
• publish_{post_type} — Publish posts (move from draft/pending to published)
• read_{post_type} — View posts in the admin
• read_private_{post_type} — View private posts
• delete_{post_type} — Delete own posts
• delete_others_{post_type} — Delete posts created by other users

The post type slugs used in capability names are:

• Events: tribe_events (e.g., edit_tribe_events, edit_others_tribe_events)
• Venues: tribe_venue (e.g., edit_tribe_venues, publish_tribe_venues)
• Organizers: tribe_organizer (e.g., edit_tribe_organizers)
• Tickets: tec_tc_ticket (e.g., edit_tec_tc_tickets)
• Attendees: tec_tc_attendee (e.g., edit_tec_tc_attendees)

Category Capabilities

Event categories (tec_event_category taxonomy) have their own capabilities:

• manage_tec_event_categories — Create, edit, and delete categories
• edit_tec_event_categories — Edit existing categories
• delete_tec_event_categories — Delete categories
• assign_tec_event_categories — Assign categories to events

Administrators and Editors can manage categories. Authors can assign existing categories to their events but cannot create new ones.

How Capabilities Are Applied

Tickets Please applies capabilities during plugin activation and when the internal CAPS_VERSION constant changes. Two methods handle this:

• apply_caps() — Adds all Tickets Please capabilities to the appropriate roles. Runs on activation and when the capability version increments.
• remove_all_caps() — Strips all Tickets Please capabilities from all roles. Runs on plugin deactivation for a clean uninstall.

If you modify role capabilities using a plugin like Members or User Role Editor, those changes persist until the next Tickets Please capability version update. After a plugin update that changes CAPS_VERSION, the plugin reapplies its default capability mapping.

Customizing Permissions

You can modify capabilities programmatically after Tickets Please applies them:

// Give Authors the ability to read attendees.
add_action( 'init', function () {
    $author = get_role( 'author' );
    if ( $author ) {
        $author->add_cap( 'read_tec_tc_attendee' );
    }
} );

Run capability changes on init to ensure they execute after Tickets Please has registered its post types.

For temporary permission grants (e.g., during a specific event), use the user_has_cap filter instead of permanently modifying roles:

add_filter( 'user_has_cap', function ( $allcaps, $caps, $args ) {
    // Grant edit_tec_tc_attendees to user ID 5 temporarily.
    if ( 5 === (int) $args[1] ) {
        $allcaps['edit_tec_tc_attendees'] = true;
    }
    return $allcaps;
}, 10, 3 );

Common Questions

Can I create a custom “Event Manager” role? Yes. Create a custom role with WordPress’s add_role() function and assign whichever Tickets Please capabilities you need. The plugin does not override custom roles.

Why can my Editor see tickets in the admin but not edit them? Editors receive read_tec_tc_ticket but not edit_tec_tc_tickets by default. Tickets are typically managed by Administrators. Add the edit capability to the Editor role if your workflow requires it.

What happens to capabilities when I deactivate the plugin? remove_all_caps() runs on deactivation, stripping all Tickets Please capabilities from all roles. Reactivating the plugin restores them.

Do capabilities affect the REST API? Yes. REST API endpoints enforce the same capability checks. A user without edit_tribe_events cannot create events via the API.

Can Contributors publish their own events? No. Contributors can create events in draft status. An Editor or Administrator must review and publish them. This matches WordPress core behavior for the Contributor role.

Does the Attendees admin page require manage_options? No. The Attendees management screen requires edit_tec_tc_attendees, which Administrators have by default. This allows you to grant attendee management to non-admin roles without giving them full site administration access.

Next Steps

• Admin Menu Structure — See how the Events admin menu is organized and which capabilities control access to each page.
• General Settings — Manage settings (requires manage_options).
• REST API Reference — Understand how capabilities map to API endpoint access.