When we want to adjust users capabilities, we can do so quite fine-grained. For example we can configure that a certain user can edit posts. But furthermore we can limit the capability of editing posts only to particular post types (eg cap: edit_posts, edit_pages, edit_[post_type]). And even from there on we can go deeper and do thinks like only edit private posts of post types (eg cap: edit_private_posts, edit_private_pages); just to make sure what I mean with "fine-grained".
But when it comes to user related capabilities I'm only aware of exactly 6 capabilities, namely:
edit_users,delete_users,create_users,list_users,remove_usersandpromote_users.
So this is it? What about: edit_editor_users (which would mean: only edit users with user role "editor"). I can't believe that the user related capabilities are really that basic!
When I deliver a WP site to a customer I normally don't give them access to a user with user role administrator but more likely something like editor or custom user roles as well. But when I want to allow a user role to create users than users with that role can create users with each and every user role even administrators. Which would not be a good thing at all! So again. I need something like:
$role = get_role('editor');
$role -> add_cap('create_editor_users', true); // or in general:
$role -> add_cap('[edit|delete|create|list|remove|promote]_[user_role]_users', true);
Is there a non hacky way to achieve this? A Plugin would be also fine as well (by now I'm using "Members", which also only handles the 6 mentioned above).