diff --git a/README.markdown b/README.markdown
index 23dec0ee..853a37ee 100644
--- a/README.markdown
+++ b/README.markdown
@@ -100,10 +100,10 @@ permissions like so:
 
 ```php
 new UserClass("anonymous", "base", [
-	"create_comment" => True,
-	"edit_image_tag" => True,
-	"edit_image_source" => True,
-	"create_image_report" => True,
+	Permissions::CREATE_COMMENT => True,
+	Permissions::EDIT_IMAGE_TAG => True,
+	Permissions::EDIT_IMAGE_SOURCE => True,
+	Permissions::CREATE_IMAGE_REPORT => True,
 ]);
 ```
 
@@ -111,12 +111,12 @@ For a moderator class, being a regular user who can delete images and comments:
 
 ```php
 new UserClass("moderator", "user", [
-	"delete_image" => True,
-	"delete_comment" => True,
+	Permissions::DELETE_IMAGE => True,
+	Permissions::DELETE_COMMENT => True,
 ]);
 ```
 
-For a list of permissions, see `core/userclass.php`
+For a list of permissions, see `core/permissions.php`
 
 
 # Development Info
diff --git a/core/imageboard/image.php b/core/imageboard/image.php
index 90ab9e6a..3e2529b8 100644
--- a/core/imageboard/image.php
+++ b/core/imageboard/image.php
@@ -129,7 +129,7 @@ class Image
         }
 
         if (SPEED_HAX) {
-            if (!$user->can("big_search") and count($tags) > 3) {
+            if (!$user->can(Permissions::BIG_SEARCH) and count($tags) > 3) {
                 throw new SCoreException("Anonymous users may only search for up to 3 tags at a time");
             }
         }
diff --git a/core/permissions.php b/core/permissions.php
new file mode 100644
index 00000000..f3ab7c6b
--- /dev/null
+++ b/core/permissions.php
@@ -0,0 +1,67 @@
+<?php
+
+abstract class Permissions
+{
+    public const CHANGE_SETTING = "change_setting";  # modify web-level settings, eg the config table
+    public const OVERRIDE_CONFIG = "override_config"; # modify sys-level settings, eg shimmie.conf.php
+    public const BIG_SEARCH = "big_search";      # search for more than 3 tags at once (speed mode only)
+
+    public const MANAGE_EXTENSION_LIST = "manage_extension_list";
+    public const MANAGE_ALIAS_LIST = "manage_alias_list";
+    public const MASS_TAG_EDIT = "mass_tag_edit";
+
+    public const VIEW_IP = "view_ip";         # view IP addresses associated with things
+    public const BAN_IP = "ban_ip";
+
+    public const EDIT_USER_NAME = "edit_user_name";
+    public const EDIT_USER_PASSWORD = "edit_user_password";
+    public const EDIT_USER_INFO = "edit_user_info";  # email address, etc
+    public const EDIT_USER_CLASS = "edit_user_class";
+    public const DELETE_USER = "delete_user";
+
+    public const CREATE_COMMENT = "create_comment";
+    public const DELETE_COMMENT = "delete_comment";
+    public const BYPASS_COMMENT_CHECKS = "bypass_comment_checks";  # spam etc
+
+    public const REPLACE_IMAGE = "replace_image";
+    public const CREATE_IMAGE = "create_image";
+    public const EDIT_IMAGE_TAG = "edit_image_tag";
+    public const EDIT_IMAGE_SOURCE = "edit_image_source";
+    public const EDIT_IMAGE_OWNER = "edit_image_owner";
+    public const EDIT_IMAGE_LOCK = "edit_image_lock";
+    public const BULK_EDIT_IMAGE_TAG = "bulk_edit_image_tag";
+    public const BULK_EDIT_IMAGE_SOURCE = "bulk_edit_image_source";
+    public const DELETE_IMAGE = "delete_image";
+
+    public const BAN_IMAGE = "ban_image";
+
+    public const VIEW_EVENTLOG = "view_eventlog";
+    public const IGNORE_DOWNTIME = "ignore_downtime";
+
+    public const CREATE_IMAGE_REPORT = "create_image_report";
+    public const VIEW_IMAGE_REPORT = "view_image_report";  # deal with reported images
+
+    public const EDIT_WIKI_PAGE = "edit_wiki_page";
+    public const DELETE_WIKI_PAGE = "delete_wiki_page";
+
+    public const MANAGE_BLOCKS = "manage_blocks";
+
+    public const MANAGE_ADMINTOOLS = "manage_admintools";
+
+    public const VIEW_OTHER_PMS = "view_other_pms";
+    public const EDIT_FEATURE = "edit_feature";
+    public const BULK_EDIT_VOTE = "bulk_edit_vote";
+    public const EDIT_OTHER_VOTE = "edit_other_vote";
+    public const VIEW_SYSINTO = "view_sysinfo";
+
+    public const HELLBANNED = "hellbanned";
+    public const VIEW_HELLBANNED = "view_hellbanned";
+
+    public const PROTECTED = "protected";          # only admins can modify protected users (stops a moderator changing an admin's password)
+
+    public const EDIT_IMAGE_RATING = "edit_image_rating";
+    public const BULK_EDIT_IMAGE_RATING = "bulk_edit_image_rating";
+
+    public const VIEW_TRASH = "view_trash";
+
+}
\ No newline at end of file
diff --git a/core/userclass.php b/core/userclass.php
index bcd05c36..4ae2511b 100644
--- a/core/userclass.php
+++ b/core/userclass.php
@@ -72,134 +72,133 @@ class UserClass
 // action = create / view / edit / delete
 // object = image / user / tag / setting
 new UserClass("base", null, [
-    "change_setting" => false,  # modify web-level settings, eg the config table
-    "override_config" => false, # modify sys-level settings, eg shimmie.conf.php
-    "big_search" => false,      # search for more than 3 tags at once (speed mode only)
+    Permissions::CHANGE_SETTING => false,  # modify web-level settings, eg the config table
+    Permissions::OVERRIDE_CONFIG => false, # modify sys-level settings, eg shimmie.conf.php
+    Permissions::BIG_SEARCH => false,      # search for more than 3 tags at once (speed mode only)
 
-    "manage_extension_list" => false,
-    "manage_alias_list" => false,
-    "mass_tag_edit" => false,
+    Permissions::MANAGE_EXTENSION_LIST => false,
+    Permissions::MANAGE_ALIAS_LIST => false,
+    Permissions::MASS_TAG_EDIT => false,
 
-    "view_ip" => false,         # view IP addresses associated with things
-    "ban_ip" => false,
+    Permissions::VIEW_IP => false,         # view IP addresses associated with things
+    Permissions::BAN_IP => false,
 
-    "edit_user_name" => false,
-    "edit_user_password" => false,
-    "edit_user_info" => false,  # email address, etc
-    "edit_user_class" => false,
-    "delete_user" => false,
+    Permissions::EDIT_USER_NAME => false,
+    Permissions::EDIT_USER_PASSWORD => false,
+    Permissions::EDIT_USER_INFO => false,  # email address, etc
+    Permissions::EDIT_USER_CLASS => false,
+    Permissions::DELETE_USER => false,
 
-    "create_comment" => false,
-    "delete_comment" => false,
-    "bypass_comment_checks" => false,  # spam etc
+    Permissions::CREATE_COMMENT => false,
+    Permissions::DELETE_COMMENT => false,
+    Permissions::BYPASS_COMMENT_CHECKS => false,  # spam etc
 
-    "replace_image" => false,
-    "create_image" => false,
-    "edit_image_tag" => false,
-    "edit_image_source" => false,
-    "edit_image_owner" => false,
-    "edit_image_lock" => false,
-    "bulk_edit_image_tag" => false,
-    "bulk_edit_image_source" => false,
-    "delete_image" => false,
+    Permissions::REPLACE_IMAGE => false,
+    Permissions::CREATE_IMAGE => false,
+    Permissions::EDIT_IMAGE_TAG => false,
+    Permissions::EDIT_IMAGE_SOURCE => false,
+    Permissions::EDIT_IMAGE_OWNER => false,
+    Permissions::EDIT_IMAGE_LOCK => false,
+    Permissions::BULK_EDIT_IMAGE_TAG => false,
+    Permissions::BULK_EDIT_IMAGE_SOURCE => false,
+    Permissions::DELETE_IMAGE => false,
 
-    "ban_image" => false,
+    Permissions::BAN_IMAGE => false,
 
-    "view_eventlog" => false,
-    "ignore_downtime" => false,
+    Permissions::VIEW_EVENTLOG => false,
+    Permissions::IGNORE_DOWNTIME => false,
 
-    "create_image_report" => false,
-    "view_image_report" => false,  # deal with reported images
+    Permissions::CREATE_IMAGE_REPORT => false,
+    Permissions::VIEW_IMAGE_REPORT => false,  # deal with reported images
 
-    "edit_wiki_page" => false,
-    "delete_wiki_page" => false,
+    Permissions::EDIT_WIKI_PAGE => false,
+    Permissions::DELETE_WIKI_PAGE => false,
 
-    "manage_blocks" => false,
+    Permissions::MANAGE_BLOCKS => false,
 
-    "manage_admintools" => false,
+    Permissions::MANAGE_ADMINTOOLS => false,
 
-    "view_other_pms" => false,
-    "edit_feature" => false,
-    "bulk_edit_vote" => false,
-    "edit_other_vote" => false,
-    "view_sysinfo" => false,
+    Permissions::VIEW_OTHER_PMS => false,
+    Permissions::EDIT_FEATURE => false,
+    Permissions::BULK_EDIT_VOTE => false,
+    Permissions::EDIT_OTHER_VOTE => false,
+    Permissions::VIEW_SYSINTO => false,
 
-    "hellbanned" => false,
-    "view_hellbanned" => false,
+    Permissions::HELLBANNED => false,
+    Permissions::VIEW_HELLBANNED => false,
 
-    "protected" => false,          # only admins can modify protected users (stops a moderator changing an admin's password)
+    Permissions::PROTECTED => false,          # only admins can modify protected users (stops a moderator changing an admin's password)
 
-    "edit_image_rating" => false,
-    "bulk_edit_image_rating" => false,
+    Permissions::EDIT_IMAGE_RATING => false,
+    Permissions::BULK_EDIT_IMAGE_RATING => false,
 
-    "view_trash" => false,
-    "perform_bulk_actions" => false,
+    Permissions::VIEW_TRASH => false,
 ]);
 
 new UserClass("anonymous", "base", [
 ]);
 
 new UserClass("user", "base", [
-    "big_search" => true,
-    "create_image" => true,
-    "create_comment" => true,
-    "edit_image_tag" => true,
-    "edit_image_source" => true,
-    "create_image_report" => true,
-    "edit_image_rating" => true,
+    Permissions::BIG_SEARCH => true,
+    Permissions::CREATE_IMAGE => true,
+    Permissions::CREATE_COMMENT => true,
+    Permissions::EDIT_IMAGE_TAG => true,
+    Permissions::EDIT_IMAGE_SOURCE => true,
+    Permissions::CREATE_IMAGE_REPORT => true,
+    Permissions::EDIT_IMAGE_RATING => true,
 
 ]);
 
 new UserClass("admin", "base", [
-    "change_setting" => true,
-    "override_config" => true,
-    "big_search" => true,
-    "edit_image_lock" => true,
-    "view_ip" => true,
-    "ban_ip" => true,
-    "edit_user_name" => true,
-    "edit_user_password" => true,
-    "edit_user_info" => true,
-    "edit_user_class" => true,
-    "delete_user" => true,
-    "create_image" => true,
-    "delete_image" => true,
-    "ban_image" => true,
-    "create_comment" => true,
-    "delete_comment" => true,
-    "bypass_comment_checks" => true,
-    "replace_image" => true,
-    "manage_extension_list" => true,
-    "manage_alias_list" => true,
-    "edit_image_tag" => true,
-    "edit_image_source" => true,
-    "edit_image_owner" => true,
-    "bulk_edit_image_tag" => true,
-    "bulk_edit_image_source" => true,
-    "mass_tag_edit" => true,
-    "create_image_report" => true,
-    "view_image_report" => true,
-    "edit_wiki_page" => true,
-    "delete_wiki_page" => true,
-    "view_eventlog" => true,
-    "manage_blocks" => true,
-    "manage_admintools" => true,
-    "ignore_downtime" => true,
-    "view_other_pms" => true,
-    "edit_feature" => true,
-    "bulk_edit_vote" => true,
-    "edit_other_vote" => true,
-    "view_sysinfo" => true,
-    "view_hellbanned" => true,
-    "protected" => true,
-    "edit_image_rating" => true,
-    "bulk_edit_image_rating" => true,
-    "view_trash" => true,
-    "perform_bulk_actions" => true,
+    Permissions::CHANGE_SETTING => true,
+    Permissions::OVERRIDE_CONFIG => true,
+    Permissions::BIG_SEARCH => true,
+    Permissions::EDIT_IMAGE_LOCK => true,
+    Permissions::VIEW_IP => true,
+    Permissions::BAN_IP => true,
+    Permissions::EDIT_USER_NAME => true,
+    Permissions::EDIT_USER_PASSWORD => true,
+    Permissions::EDIT_USER_INFO => true,
+    Permissions::EDIT_USER_CLASS => true,
+    Permissions::DELETE_USER => true,
+    Permissions::CREATE_IMAGE => true,
+    Permissions::DELETE_IMAGE => true,
+    Permissions::BAN_IMAGE => true,
+    Permissions::CREATE_COMMENT => true,
+    Permissions::DELETE_COMMENT => true,
+    Permissions::BYPASS_COMMENT_CHECKS => true,
+    Permissions::REPLACE_IMAGE => true,
+    Permissions::MANAGE_EXTENSION_LIST => true,
+    Permissions::MANAGE_ALIAS_LIST => true,
+    Permissions::EDIT_IMAGE_TAG => true,
+    Permissions::EDIT_IMAGE_SOURCE => true,
+    Permissions::EDIT_IMAGE_OWNER => true,
+    Permissions::BULK_EDIT_IMAGE_TAG => true,
+    Permissions::BULK_EDIT_IMAGE_SOURCE => true,
+    Permissions::MASS_TAG_EDIT => true,
+    Permissions::CREATE_IMAGE_REPORT => true,
+    Permissions::VIEW_IMAGE_REPORT => true,
+    Permissions::EDIT_WIKI_PAGE => true,
+    Permissions::DELETE_WIKI_PAGE => true,
+    Permissions::VIEW_EVENTLOG => true,
+    Permissions::MANAGE_BLOCKS => true,
+    Permissions::MANAGE_ADMINTOOLS => true,
+    Permissions::IGNORE_DOWNTIME => true,
+    Permissions::VIEW_OTHER_PMS => true,
+    Permissions::EDIT_FEATURE => true,
+    Permissions::BULK_EDIT_VOTE => true,
+    Permissions::EDIT_OTHER_VOTE => true,
+    Permissions::VIEW_SYSINTO => true,
+    Permissions::VIEW_HELLBANNED => true,
+    Permissions::PROTECTED => true,
+    Permissions::EDIT_IMAGE_RATING => true,
+    Permissions::BULK_EDIT_IMAGE_RATING => true,
+    Permissions::VIEW_TRASH => true,
+
 ]);
 
 new UserClass("hellbanned", "user", [
-    "hellbanned" => true,
+    Permissions::HELLBANNED => true,
 ]);
 
 @include_once "data/config/user-classes.conf.php";
diff --git a/core/util.php b/core/util.php
index 91e467ff..aa310c45 100644
--- a/core/util.php
+++ b/core/util.php
@@ -588,8 +588,8 @@ function show_ip(string $ip, string $ban_reason): string
     global $user;
     $u_reason = url_escape($ban_reason);
     $u_end = url_escape("+1 week");
-    $ban = $user->can("ban_ip") ? ", <a href='".make_link("ip_ban/list", "ip=$ip&reason=$u_reason&end=$u_end#add")."'>Ban</a>" : "";
-    $ip = $user->can("view_ip") ? $ip.$ban : "";
+    $ban = $user->can(Permissions::BAN_IP) ? ", <a href='".make_link("ip_ban/list", "ip=$ip&reason=$u_reason&end=$u_end#add")."'>Ban</a>" : "";
+    $ip = $user->can(Permissions::VIEW_IP) ? $ip.$ban : "";
     return $ip;
 }
 
diff --git a/ext/admin/main.php b/ext/admin/main.php
index 4ebae35e..eef919d7 100644
--- a/ext/admin/main.php
+++ b/ext/admin/main.php
@@ -54,7 +54,7 @@ class AdminPage extends Extension
         global $page, $user;
 
         if ($event->page_matches("admin")) {
-            if (!$user->can("manage_admintools")) {
+            if (!$user->can(Permissions::MANAGE_ADMINTOOLS)) {
                 $this->theme->display_permission_denied();
             } else {
                 if ($event->count_args() == 0) {
@@ -111,7 +111,7 @@ class AdminPage extends Extension
     public function onUserBlockBuilding(UserBlockBuildingEvent $event)
     {
         global $user;
-        if ($user->can("manage_admintools")) {
+        if ($user->can(Permissions::MANAGE_ADMINTOOLS)) {
             $event->add_link("Board Admin", make_link("admin"));
         }
     }
diff --git a/ext/alias_editor/main.php b/ext/alias_editor/main.php
index 07f9f289..5e8e4c11 100644
--- a/ext/alias_editor/main.php
+++ b/ext/alias_editor/main.php
@@ -36,7 +36,7 @@ class AliasEditor extends Extension
 
         if ($event->page_matches("alias")) {
             if ($event->get_arg(0) == "add") {
-                if ($user->can("manage_alias_list")) {
+                if ($user->can(Permissions::MANAGE_ALIAS_LIST))) {
                     if (isset($_POST['oldtag']) && isset($_POST['newtag'])) {
                         try {
                             $aae = new AddAliasEvent($_POST['oldtag'], $_POST['newtag']);
@@ -49,7 +49,7 @@ class AliasEditor extends Extension
                     }
                 }
             } elseif ($event->get_arg(0) == "remove") {
-                if ($user->can("manage_alias_list")) {
+                if ($user->can(Permissions::MANAGE_ALIAS_LIST))) {
                     if (isset($_POST['oldtag'])) {
                         $database->execute("DELETE FROM aliases WHERE oldtag=:oldtag", ["oldtag" => $_POST['oldtag']]);
                         log_info("alias_editor", "Deleted alias for ".$_POST['oldtag'], "Deleted alias");
@@ -85,7 +85,7 @@ class AliasEditor extends Extension
                 $page->set_filename("aliases.csv");
                 $page->set_data($this->get_alias_csv($database));
             } elseif ($event->get_arg(0) == "import") {
-                if ($user->can("manage_alias_list")) {
+                if ($user->can(Permissions::MANAGE_ALIAS_LIST)) {
                     if (count($_FILES) > 0) {
                         $tmp = $_FILES['alias_file']['tmp_name'];
                         $contents = file_get_contents($tmp);
@@ -120,7 +120,7 @@ class AliasEditor extends Extension
     public function onUserBlockBuilding(UserBlockBuildingEvent $event)
     {
         global $user;
-        if ($user->can("manage_alias_list")) {
+        if ($user->can(Permissions::MANAGE_ALIAS_LIST)) {
             $event->add_link("Alias Editor", make_link("alias/list"));
         }
     }
diff --git a/ext/alias_editor/theme.php b/ext/alias_editor/theme.php
index ec12348e..732139d4 100644
--- a/ext/alias_editor/theme.php
+++ b/ext/alias_editor/theme.php
@@ -11,7 +11,7 @@ class AliasEditorTheme extends Themelet
     {
         global $page, $user;
 
-        $can_manage = $user->can("manage_alias_list");
+        $can_manage = $user->can(Permissions::MANAGE_ALIAS_LIST);
         if ($can_manage) {
             $h_action = "<th width='10%'>Action</th>";
             $h_add = "
diff --git a/ext/ban_words/main.php b/ext/ban_words/main.php
index c668e514..5e0761b3 100644
--- a/ext/ban_words/main.php
+++ b/ext/ban_words/main.php
@@ -58,7 +58,7 @@ xanax
     public function onCommentPosting(CommentPostingEvent $event)
     {
         global $user;
-        if (!$user->can("bypass_comment_checks")) {
+        if (!$user->can(Permissions::BYPASS_COMMENT_CHECKS)) {
             $this->test_text($event->comment, new CommentPostingException("Comment contains banned terms"));
         }
     }
diff --git a/ext/blocks/main.php b/ext/blocks/main.php
index cb9c375c..b444b03a 100644
--- a/ext/blocks/main.php
+++ b/ext/blocks/main.php
@@ -29,7 +29,7 @@ class Blocks extends Extension
     public function onUserBlockBuilding(UserBlockBuildingEvent $event)
     {
         global $user;
-        if ($user->can("manage_blocks")) {
+        if ($user->can(Permissions::MANAGE_BLOCKS)) {
             $event->add_link("Blocks Editor", make_link("blocks/list"));
         }
     }
@@ -52,7 +52,7 @@ class Blocks extends Extension
             }
         }
 
-        if ($event->page_matches("blocks") && $user->can("manage_blocks")) {
+        if ($event->page_matches("blocks") && $user->can(Permissions::MANAGE_BLOCKS)) {
             if ($event->get_arg(0) == "add") {
                 if ($user->check_auth_token()) {
                     $database->execute("
diff --git a/ext/bulk_actions/main.php b/ext/bulk_actions/main.php
index d8dde6d9..67f652e2 100644
--- a/ext/bulk_actions/main.php
+++ b/ext/bulk_actions/main.php
@@ -85,11 +85,11 @@ class BulkActions extends Extension
     {
         global $user;
 
-        if ($user->can("delete_image")) {
+        if ($user->can(Permissions::DELETE_IMAGE)) {
             $event->add_action("bulk_delete", "(D)elete", "d", "Delete selected images?", $this->theme->render_ban_reason_input(), 10);
         }
 
-        if ($user->can("bulk_edit_image_tag")) {
+        if ($user->can(Permissions::BULK_EDIT_IMAGE_TAG)) {
 
             $event->add_action(
                 "bulk_tag",
@@ -100,7 +100,7 @@ class BulkActions extends Extension
                 10);
         }
 
-        if ($user->can("bulk_edit_image_source")) {
+        if ($user->can(Permissions::BULK_EDIT_IMAGE_SOURCE)) {
             $event->add_action("bulk_source", "Set (S)ource", "s","", $this->theme->render_source_input(), 10);
         }
     }
@@ -111,7 +111,7 @@ class BulkActions extends Extension
 
         switch ($event->action) {
             case "bulk_delete":
-                if ($user->can("delete_image")) {
+                if ($user->can(Permissions::DELETE_IMAGE)) {
                     $i = $this->delete_items($event->items);
                     flash_message("Deleted $i items");
                 }
@@ -120,7 +120,7 @@ class BulkActions extends Extension
                 if (!isset($_POST['bulk_tags'])) {
                     return;
                 }
-                if ($user->can("bulk_edit_image_tag")) {
+                if ($user->can(Permissions::BULK_EDIT_IMAGE_TAG)) {
                     $tags = $_POST['bulk_tags'];
                     $replace = false;
                     if (isset($_POST['bulk_tags_replace']) &&  $_POST['bulk_tags_replace'] == "true") {
@@ -135,7 +135,7 @@ class BulkActions extends Extension
                 if (!isset($_POST['bulk_source'])) {
                     return;
                 }
-                if ($user->can("bulk_edit_image_source")) {
+                if ($user->can(Permissions::BULK_EDIT_IMAGE_SOURCE)) {
                     $source = $_POST['bulk_source'];
                     $i = $this->set_source($event->items, $source);
                     flash_message("Set source for $i items");
diff --git a/ext/comment/main.php b/ext/comment/main.php
index 1dfdc03b..2540ef4a 100644
--- a/ext/comment/main.php
+++ b/ext/comment/main.php
@@ -189,7 +189,7 @@ class CommentList extends Extension
     private function onPageRequest_delete(PageRequestEvent $event)
     {
         global $user, $page;
-        if ($user->can("delete_comment")) {
+        if ($user->can(Permissions::DELETE_COMMENT)) {
             // FIXME: post, not args
             if ($event->count_args() === 3) {
                 send_event(new CommentDeletionEvent($event->get_arg(1)));
@@ -209,7 +209,7 @@ class CommentList extends Extension
     private function onPageRequest_bulk_delete()
     {
         global $user, $database, $page;
-        if ($user->can("delete_comment") && !empty($_POST["ip"])) {
+        if ($user->can(Permissions::DELETE_COMMENT) && !empty($_POST["ip"])) {
             $ip = $_POST['ip'];
 
             $comment_ids = $database->get_col("
@@ -288,7 +288,7 @@ class CommentList extends Extension
         $this->theme->display_image_comments(
             $event->image,
             $this->get_comments($event->image->id),
-            $user->can("create_comment")
+            $user->can(Permissions::CREATE_COMMENT)
         );
     }
 
@@ -399,7 +399,7 @@ class CommentList extends Extension
             }
         }
 
-        $this->theme->display_comment_list($images, $current_page, $total_pages, $user->can("create_comment"));
+        $this->theme->display_comment_list($images, $current_page, $total_pages, $user->can(Permissions::CREATE_COMMENT));
     }
     // }}}
 
@@ -574,7 +574,7 @@ class CommentList extends Extension
     {
         global $database, $page;
 
-        if (!$user->can("bypass_comment_checks")) {
+        if (!$user->can(Permissions::BYPASS_COMMENT_CHECKS)) {
             // will raise an exception if anything is wrong
             $this->comment_checks($image_id, $user, $comment);
         }
@@ -600,7 +600,7 @@ class CommentList extends Extension
         global $config, $page;
 
         // basic sanity checks
-        if (!$user->can("create_comment")) {
+        if (!$user->can(Permissions::CREATE_COMMENT)) {
             throw new CommentPostingException("Anonymous posting has been disabled");
         } elseif (is_null(Image::by_id($image_id))) {
             throw new CommentPostingException("The image does not exist");
diff --git a/ext/comment/theme.php b/ext/comment/theme.php
index a17131af..1bdc70cb 100644
--- a/ext/comment/theme.php
+++ b/ext/comment/theme.php
@@ -218,9 +218,9 @@ class CommentListTheme extends Themelet
                 if (!array_key_exists($comment->poster_ip, $this->anon_map)) {
                     $this->anon_map[$comment->poster_ip] = $this->anon_id;
                 }
-                #if($user->can("view_ip")) {
+                #if($user->can(UserAbilities::VIEW_IP)) {
                 #$style = " style='color: ".$this->get_anon_colour($comment->poster_ip).";'";
-                if ($user->can("view_ip") || $config->get_bool("comment_samefags_public", false)) {
+                if ($user->can(Permissions::VIEW_IP) || $config->get_bool("comment_samefags_public", false)) {
                     if ($this->anon_map[$comment->poster_ip] != $this->anon_id) {
                         $anoncode2 = '<sup>('.$this->anon_map[$comment->poster_ip].')</sup>';
                     }
@@ -248,9 +248,9 @@ class CommentListTheme extends Themelet
                 $h_avatar = "<img src=\"//www.gravatar.com/avatar/$hash.jpg?cacheBreak=$cb\"><br>";
             }
             $h_reply = " - <a href='javascript: replyTo($i_image_id, $i_comment_id, \"$h_name\")'>Reply</a>";
-            $h_ip = $user->can("view_ip") ? "<br>".show_ip($comment->poster_ip, "Comment posted {$comment->posted}") : "";
+            $h_ip = $user->can(Permissions::VIEW_IP) ? "<br>".show_ip($comment->poster_ip, "Comment posted {$comment->posted}") : "";
             $h_del = "";
-            if ($user->can("delete_comment")) {
+            if ($user->can(Permissions::DELETE_COMMENT)) {
                 $comment_preview = substr(html_unescape($tfe->stripped), 0, 50);
                 $j_delete_confirm_message = json_encode("Delete comment by {$comment->owner_name}:\n$comment_preview");
                 $h_delete_script = html_escape("return confirm($j_delete_confirm_message);");
diff --git a/ext/danbooru_api/main.php b/ext/danbooru_api/main.php
index ce13295b..cb55766f 100644
--- a/ext/danbooru_api/main.php
+++ b/ext/danbooru_api/main.php
@@ -297,7 +297,7 @@ class DanbooruApi extends Extension
         // Now we check if a file was uploaded or a url was provided to transload
         // Much of this code is borrowed from /ext/upload
 
-        if (!$user->can("create_image")) {
+        if (!$user->can(Permissions::CREATE_IMAGE)) {
             $page->set_code(409);
             $page->add_http_header("X-Danbooru-Errors: authentication error");
             return;
diff --git a/ext/downtime/main.php b/ext/downtime/main.php
index 891d87c3..97f8682e 100644
--- a/ext/downtime/main.php
+++ b/ext/downtime/main.php
@@ -32,7 +32,7 @@ class Downtime extends Extension
         global $config, $page, $user;
 
         if ($config->get_bool("downtime")) {
-            if (!$user->can("ignore_downtime") && !$this->is_safe_page($event)) {
+            if (!$user->can(Permissions::IGNORE_DOWNTIME) && !$this->is_safe_page($event)) {
                 $msg = $config->get_string("downtime_message");
                 $this->theme->display_message($msg);
                 if (!defined("UNITTEST")) {  // hax D:
diff --git a/ext/et/main.php b/ext/et/main.php
index e3e9b9c7..e344710d 100644
--- a/ext/et/main.php
+++ b/ext/et/main.php
@@ -18,7 +18,7 @@ class ET extends Extension
     {
         global $user;
         if ($event->page_matches("system_info")) {
-            if ($user->can("view_sysinfo")) {
+            if ($user->can(Permissions::VIEW_SYSINTO)) {
                 $this->theme->display_info_page($this->get_info());
             }
         }
@@ -27,7 +27,7 @@ class ET extends Extension
     public function onUserBlockBuilding(UserBlockBuildingEvent $event)
     {
         global $user;
-        if ($user->can("view_sysinfo")) {
+        if ($user->can(Permissions::VIEW_SYSINTO)) {
             $event->add_link("System Info", make_link("system_info"));
         }
     }
diff --git a/ext/ext_manager/main.php b/ext/ext_manager/main.php
index 03ee3bb1..e024f286 100644
--- a/ext/ext_manager/main.php
+++ b/ext/ext_manager/main.php
@@ -118,7 +118,7 @@ class ExtManager extends Extension
     {
         global $page, $user;
         if ($event->page_matches("ext_manager")) {
-            if ($user->can("manage_extension_list")) {
+            if ($user->can(Permissions::MANAGE_EXTENSION_LIST)) {
                 if ($event->get_arg(0) == "set" && $user->check_auth_token()) {
                     if (is_writable("data/config")) {
                         $this->set_things($_POST);
@@ -166,7 +166,7 @@ class ExtManager extends Extension
     public function onUserBlockBuilding(UserBlockBuildingEvent $event)
     {
         global $user;
-        if ($user->can("manage_extension_list")) {
+        if ($user->can(Permissions::MANAGE_EXTENSION_LIST)) {
             $event->add_link("Extension Manager", make_link("ext_manager"));
         } else {
             $event->add_link("Help", make_link("ext_doc"));
diff --git a/ext/featured/main.php b/ext/featured/main.php
index 4b713424..ae5946dd 100644
--- a/ext/featured/main.php
+++ b/ext/featured/main.php
@@ -32,7 +32,7 @@ class Featured extends Extension
         global $config, $page, $user;
         if ($event->page_matches("featured_image")) {
             if ($event->get_arg(0) == "set" && $user->check_auth_token()) {
-                if ($user->can("edit_feature") && isset($_POST['image_id'])) {
+                if ($user->can(Permissions::EDIT_FEATURE) && isset($_POST['image_id'])) {
                     $id = int_escape($_POST['image_id']);
                     if ($id > 0) {
                         $config->set_int("featured_id", $id);
@@ -86,7 +86,7 @@ class Featured extends Extension
     public function onImageAdminBlockBuilding(ImageAdminBlockBuildingEvent $event)
     {
         global $user;
-        if ($user->can("edit_feature")) {
+        if ($user->can(Permissions::EDIT_FEATURE)) {
             $event->add_part($this->theme->get_buttons_html($event->image->id));
         }
     }
diff --git a/ext/hellban/main.php b/ext/hellban/main.php
index 42bfec27..541f7620 100644
--- a/ext/hellban/main.php
+++ b/ext/hellban/main.php
@@ -9,9 +9,9 @@ class HellBan extends Extension
     {
         global $page, $user;
 
-        if ($user->can("hellbanned")) {
+        if ($user->can(Permissions::HELLBANNED)) {
             $s = "";
-        } elseif ($user->can("view_hellbanned")) {
+        } elseif ($user->can(Permissions::VIEW_HELLBANNED)) {
             $s = "DIV.hb, TR.hb TD {border: 1px solid red !important;}";
         } else {
             $s = ".hb {display: none !important;}";
diff --git a/ext/image/main.php b/ext/image/main.php
index 099bdd65..9969c3e8 100644
--- a/ext/image/main.php
+++ b/ext/image/main.php
@@ -73,7 +73,7 @@ class ImageIO extends Extension
     {
         if ($event->page_matches("image/delete")) {
             global $page, $user;
-            if ($user->can("delete_image") && isset($_POST['image_id']) && $user->check_auth_token()) {
+            if ($user->can(Permissions::DELETE_IMAGE) && isset($_POST['image_id']) && $user->check_auth_token()) {
                 $image = Image::by_id($_POST['image_id']);
                 if ($image) {
                     send_event(new ImageDeletionEvent($image));
@@ -87,7 +87,7 @@ class ImageIO extends Extension
             }
         } elseif ($event->page_matches("image/replace")) {
             global $page, $user;
-            if ($user->can("replace_image") && isset($_POST['image_id']) && $user->check_auth_token()) {
+            if ($user->can(Permissions::REPLACE_IMAGE) && isset($_POST['image_id']) && $user->check_auth_token()) {
                 $image = Image::by_id($_POST['image_id']);
                 if ($image) {
                     $page->set_mode(PageMode::REDIRECT);
@@ -110,11 +110,11 @@ class ImageIO extends Extension
     {
         global $user;
         
-        if ($user->can("delete_image")) {
+        if ($user->can(Permissions::DELETE_IMAGE)) {
             $event->add_part($this->theme->get_deleter_html($event->image->id));
         }
         /* In the future, could perhaps allow users to replace images that they own as well... */
-        if ($user->can("replace_image")) {
+        if ($user->can(Permissions::REPLACE_IMAGE)) {
             $event->add_part($this->theme->get_replace_html($event->image->id));
         }
     }
diff --git a/ext/image_hash_ban/main.php b/ext/image_hash_ban/main.php
index c2e3ec3a..67298a89 100644
--- a/ext/image_hash_ban/main.php
+++ b/ext/image_hash_ban/main.php
@@ -64,7 +64,7 @@ class ImageBan extends Extension
         global $database, $page, $user;
 
         if ($event->page_matches("image_hash_ban")) {
-            if ($user->can("ban_image")) {
+            if ($user->can(Permissions::BAN_IMAGE)) {
                 if ($event->get_arg(0) == "add") {
                     $image = isset($_POST['image_id']) ? Image::by_id(int_escape($_POST['image_id'])) : null;
                     $hash = isset($_POST["hash"]) ? $_POST["hash"] : $image->hash;
@@ -106,7 +106,7 @@ class ImageBan extends Extension
     public function onUserBlockBuilding(UserBlockBuildingEvent $event)
     {
         global $user;
-        if ($user->can("ban_image")) {
+        if ($user->can(Permissions::BAN_IMAGE)) {
             $event->add_link("Image Bans", make_link("image_hash_ban/list/1"));
         }
     }
@@ -130,7 +130,7 @@ class ImageBan extends Extension
     public function onImageAdminBlockBuilding(ImageAdminBlockBuildingEvent $event)
     {
         global $user;
-        if ($user->can("ban_image")) {
+        if ($user->can(Permissions::BAN_IMAGE)) {
             $event->add_part($this->theme->get_buttons_html($event->image));
         }
     }
diff --git a/ext/ipban/main.php b/ext/ipban/main.php
index d6feb092..bfefb813 100644
--- a/ext/ipban/main.php
+++ b/ext/ipban/main.php
@@ -66,7 +66,7 @@ class IPBan extends Extension
     {
         if ($event->page_matches("ip_ban")) {
             global $page, $user;
-            if ($user->can("ban_ip")) {
+            if ($user->can(Permissions::BAN_IP)) {
                 if ($event->get_arg(0) == "add" && $user->check_auth_token()) {
                     if (isset($_POST['ip']) && isset($_POST['reason']) && isset($_POST['end'])) {
                         if (empty($_POST['end'])) {
@@ -108,7 +108,7 @@ class IPBan extends Extension
     public function onUserBlockBuilding(UserBlockBuildingEvent $event)
     {
         global $user;
-        if ($user->can("ban_ip")) {
+        if ($user->can(Permissions::BAN_IP)) {
             $event->add_link("IP Bans", make_link("ip_ban/list"));
         }
     }
diff --git a/ext/log_db/main.php b/ext/log_db/main.php
index 2f1d761a..a5dd1d7f 100644
--- a/ext/log_db/main.php
+++ b/ext/log_db/main.php
@@ -48,7 +48,7 @@ class LogDatabase extends Extension
     {
         global $database, $user;
         if ($event->page_matches("log/view")) {
-            if ($user->can("view_eventlog")) {
+            if ($user->can(Permissions::VIEW_EVENTLOG)) {
                 $wheres = [];
                 $args = [];
                 $page_num = int_escape($event->get_arg(0));
@@ -123,7 +123,7 @@ class LogDatabase extends Extension
     public function onUserBlockBuilding(UserBlockBuildingEvent $event)
     {
         global $user;
-        if ($user->can("view_eventlog")) {
+        if ($user->can(Permissions::VIEW_EVENTLOG)) {
             $event->add_link("Event Log", make_link("log/view"));
         }
     }
diff --git a/ext/media/main.php b/ext/media/main.php
index a4fba3ba..acce17ab 100644
--- a/ext/media/main.php
+++ b/ext/media/main.php
@@ -316,7 +316,7 @@ class Media extends Extension
     public function onImageAdminBlockBuilding(ImageAdminBlockBuildingEvent $event)
     {
         global $user;
-        if ($user->can("delete_image")) {
+        if ($user->can(Permissions::DELETE_IMAGE)) {
             $event->add_part($this->theme->get_buttons_html($event->image->id));
         }
     }
diff --git a/ext/not_a_tag/main.php b/ext/not_a_tag/main.php
index 18486e9c..29f31e75 100644
--- a/ext/not_a_tag/main.php
+++ b/ext/not_a_tag/main.php
@@ -61,7 +61,7 @@ class NotATag extends Extension
     public function onUserBlockBuilding(UserBlockBuildingEvent $event)
     {
         global $user;
-        if ($user->can("ban_image")) {
+        if ($user->can(Permissions::BAN_IMAGE)) {
             $event->add_link("UnTags", make_link("untag/list/1"));
         }
     }
@@ -71,7 +71,7 @@ class NotATag extends Extension
         global $database, $page, $user;
 
         if ($event->page_matches("untag")) {
-            if ($user->can("ban_image")) {
+            if ($user->can(Permissions::BAN_IMAGE)) {
                 if ($event->get_arg(0) == "add") {
                     $tag = $_POST["tag"];
                     $redirect = isset($_POST['redirect']) ? $_POST['redirect'] : "DNP";
diff --git a/ext/numeric_score/main.php b/ext/numeric_score/main.php
index 5275dfa7..446c5553 100644
--- a/ext/numeric_score/main.php
+++ b/ext/numeric_score/main.php
@@ -45,7 +45,7 @@ class NumericScore extends Extension
     public function onUserPageBuilding(UserPageBuildingEvent $event)
     {
         global $user;
-        if ($user->can("edit_other_vote")) {
+        if ($user->can(Permissions::EDIT_OTHER_VOTE)) {
             $this->theme->get_nuller($event->display_user);
         }
 
@@ -98,7 +98,7 @@ class NumericScore extends Extension
                 $page->set_redirect(make_link("post/view/$image_id"));
             }
         } elseif ($event->page_matches("numeric_score/remove_votes_on") && $user->check_auth_token()) {
-            if ($user->can("edit_other_vote")) {
+            if ($user->can(Permissions::EDIT_OTHER_VOTE)) {
                 $image_id = int_escape($_POST['image_id']);
                 $database->execute(
                     "DELETE FROM numeric_score_votes WHERE image_id=?",
@@ -112,7 +112,7 @@ class NumericScore extends Extension
                 $page->set_redirect(make_link("post/view/$image_id"));
             }
         } elseif ($event->page_matches("numeric_score/remove_votes_by") && $user->check_auth_token()) {
-            if ($user->can("edit_other_vote")) {
+            if ($user->can(Permissions::EDIT_OTHER_VOTE)) {
                 $this->delete_votes_by(int_escape($_POST['user_id']));
                 $page->set_mode(PageMode::REDIRECT);
                 $page->set_redirect(make_link());
diff --git a/ext/numeric_score/theme.php b/ext/numeric_score/theme.php
index c2dc31c7..1852548c 100644
--- a/ext/numeric_score/theme.php
+++ b/ext/numeric_score/theme.php
@@ -32,7 +32,7 @@ class NumericScoreTheme extends Themelet
 			<input type='submit' value='Vote Down'>
 			</form>
 		";
-        if ($user->can("edit_other_vote")) {
+        if ($user->can(Permissions::EDIT_OTHER_VOTE)) {
             $html .= "
 			<form action='".make_link("numeric_score/remove_votes_on")."' method='POST'>
 			".$user->get_auth_html()."
diff --git a/ext/oekaki/main.php b/ext/oekaki/main.php
index 1da9cc90..94e1b061 100644
--- a/ext/oekaki/main.php
+++ b/ext/oekaki/main.php
@@ -12,7 +12,7 @@ class Oekaki extends Extension
         global $user, $page;
 
         if ($event->page_matches("oekaki")) {
-            if ($user->can("create_image")) {
+            if ($user->can(Permissions::CREATE_IMAGE)) {
                 if ($event->get_arg(0) == "create") {
                     $this->theme->display_page();
                     $this->theme->display_block();
@@ -84,7 +84,7 @@ class Oekaki extends Extension
     public function onPostListBuilding(PostListBuildingEvent $event)
     {
         global $user;
-        if ($user->can("create_image")) {
+        if ($user->can(Permissions::CREATE_IMAGE)) {
             $this->theme->display_block();
         }
     }
diff --git a/ext/ouroboros_api/main.php b/ext/ouroboros_api/main.php
index d701fbea..d654b6f0 100644
--- a/ext/ouroboros_api/main.php
+++ b/ext/ouroboros_api/main.php
@@ -410,7 +410,7 @@ class OuroborosAPI extends Extension
             if ($event->page_matches('post')) {
                 if ($this->match('create')) {
                     // Create
-                    if ($user->can("create_image")) {
+                    if ($user->can(Permissions::CREATE_IMAGE)) {
                         $md5 = !empty($_REQUEST['md5']) ? filter_var($_REQUEST['md5'], FILTER_SANITIZE_STRING) : null;
                         $this->postCreate(new OuroborosPost($_REQUEST['post']), $md5);
                     } else {
diff --git a/ext/pm/main.php b/ext/pm/main.php
index 123d6368..d4ef16da 100644
--- a/ext/pm/main.php
+++ b/ext/pm/main.php
@@ -108,7 +108,7 @@ class PrivMsg extends Extension
         global $page, $user;
         $duser = $event->display_user;
         if (!$user->is_anonymous() && !$duser->is_anonymous()) {
-            if (($user->id == $duser->id) || $user->can("view_other_pms")) {
+            if (($user->id == $duser->id) || $user->can(Permissions::VIEW_OTHER_PMS)) {
                 $this->theme->display_pms($page, $this->get_pms($duser));
             }
             if ($user->id != $duser->id) {
@@ -128,7 +128,7 @@ class PrivMsg extends Extension
                         $pm = $database->get_row("SELECT * FROM private_message WHERE id = :id", ["id" => $pm_id]);
                         if (is_null($pm)) {
                             $this->theme->display_error(404, "No such PM", "There is no PM #$pm_id");
-                        } elseif (($pm["to_id"] == $user->id) || $user->can("view_other_pms")) {
+                        } elseif (($pm["to_id"] == $user->id) || $user->can(Permissions::VIEW_OTHER_PMS)) {
                             $from_user = User::by_id(int_escape($pm["from_id"]));
                             if ($pm["to_id"] == $user->id) {
                                 $database->execute("UPDATE private_message SET is_read='Y' WHERE id = :id", ["id" => $pm_id]);
@@ -145,7 +145,7 @@ class PrivMsg extends Extension
                             $pm = $database->get_row("SELECT * FROM private_message WHERE id = :id", ["id" => $pm_id]);
                             if (is_null($pm)) {
                                 $this->theme->display_error(404, "No such PM", "There is no PM #$pm_id");
-                            } elseif (($pm["to_id"] == $user->id) || $user->can("view_other_pms")) {
+                            } elseif (($pm["to_id"] == $user->id) || $user->can(Permissions::VIEW_OTHER_PMS)) {
                                 $database->execute("DELETE FROM private_message WHERE id = :id", ["id" => $pm_id]);
                                 $database->cache->delete("pm-count-{$user->id}");
                                 log_info("pm", "Deleted PM #$pm_id", "PM deleted");
diff --git a/ext/pm/theme.php b/ext/pm/theme.php
index bb9a0f49..f69240d9 100644
--- a/ext/pm/theme.php
+++ b/ext/pm/theme.php
@@ -27,7 +27,7 @@ class PrivMsgTheme extends Themelet
                 $h_subject = "<b>$h_subject</b>";
                 $readYN = "N";
             }
-            $hb = $from->can("hellbanned") ? "hb" : "";
+            $hb = $from->can(Permissions::HELLBANNED) ? "hb" : "";
             $html .= "<tr class='$hb'>
 			<td>$readYN</td>
 			<td><a href='$pm_url'>$h_subject</a></td>
diff --git a/ext/rating/main.php b/ext/rating/main.php
index 7b43d914..c62fd03e 100644
--- a/ext/rating/main.php
+++ b/ext/rating/main.php
@@ -169,7 +169,7 @@ class Ratings extends Extension
     {
         global $user;
 
-        if ($user->can("bulk_edit_image_rating")) {
+        if ($user->can(Permissions::BULK_EDIT_IMAGE_RATING)) {
             $event->add_action("bulk_rate","Set (R)ating", "r","",$this->theme->get_selection_rater_html("u","bulk_rating"));
         }
     }
@@ -183,7 +183,7 @@ class Ratings extends Extension
                 if (!isset($_POST['bulk_rating'])) {
                     return;
                 }
-                if ($user->can("bulk_edit_image_rating")) {
+                if ($user->can(Permissions::BULK_EDIT_IMAGE_RATING)) {
                     $rating = $_POST['bulk_rating'];
                     $total = 0;
                     foreach ($event->items as $image) {
@@ -201,7 +201,7 @@ class Ratings extends Extension
         global $user, $page;
         
         if ($event->page_matches("admin/bulk_rate")) {
-            if (!$user->can("bulk_edit_image_rating")) {
+            if (!$user->can(Permissions::BULK_EDIT_IMAGE_RATING)) {
                 throw new PermissionDeniedException();
             } else {
                 $n = 0;
diff --git a/ext/regen_thumb/main.php b/ext/regen_thumb/main.php
index 637febbf..62e80664 100644
--- a/ext/regen_thumb/main.php
+++ b/ext/regen_thumb/main.php
@@ -28,14 +28,14 @@ class RegenThumb extends Extension
     {
         global $database, $page, $user;
 
-        if ($event->page_matches("regen_thumb/one") && $user->can("delete_image") && isset($_POST['image_id'])) {
+        if ($event->page_matches("regen_thumb/one") && $user->can(Permissions::DELETE_IMAGE) && isset($_POST['image_id'])) {
             $image = Image::by_id(int_escape($_POST['image_id']));
 
             $this->regenerate_thumbnail($image);
 
             $this->theme->display_results($page, $image);
         }
-        if ($event->page_matches("regen_thumb/mass") && $user->can("delete_image") && isset($_POST['tags'])) {
+        if ($event->page_matches("regen_thumb/mass") && $user->can(Permissions::DELETE_IMAGE) && isset($_POST['tags'])) {
             $tags = Tag::explode(strtolower($_POST['tags']), false);
             $images = Image::find_images(0, 10000, $tags);
 
@@ -51,7 +51,7 @@ class RegenThumb extends Extension
     public function onImageAdminBlockBuilding(ImageAdminBlockBuildingEvent $event)
     {
         global $user;
-        if ($user->can("delete_image")) {
+        if ($user->can(Permissions::DELETE_IMAGE)) {
             $event->add_part($this->theme->get_buttons_html($event->image->id));
         }
     }
@@ -59,7 +59,7 @@ class RegenThumb extends Extension
     // public function onPostListBuilding(PostListBuildingEvent $event)
     // {
     //     global $user;
-    //     if ($user->can("delete_image") && !empty($event->search_terms)) {
+    //     if ($user->can(UserAbilities::DELETE_IMAGE) && !empty($event->search_terms)) {
     //         $event->add_control($this->theme->mtr_html(Tag::implode($event->search_terms)));
     //     }
     // }
@@ -68,7 +68,7 @@ class RegenThumb extends Extension
     {
         global $user;
 
-        if ($user->can("delete_image")) {
+        if ($user->can(Permissions::DELETE_IMAGE)) {
             $event->add_action("bulk_regen", "Regen Thumbnails", "","", $this->theme->bulk_html());
         }
     }
@@ -79,7 +79,7 @@ class RegenThumb extends Extension
 
         switch ($event->action) {
             case "bulk_regen":
-                if ($user->can("delete_image")) {
+                if ($user->can(Permissions::DELETE_IMAGE)) {
                     $force = true;
                     if (isset($_POST["bulk_regen_thumb_missing_only"])
                         &&$_POST["bulk_regen_thumb_missing_only"]=="true") {
diff --git a/ext/report_image/main.php b/ext/report_image/main.php
index d3ee2c81..970d9466 100644
--- a/ext/report_image/main.php
+++ b/ext/report_image/main.php
@@ -74,7 +74,7 @@ class ReportImage extends Extension
                 }
             } elseif ($event->get_arg(0) == "remove") {
                 if (!empty($_POST['id'])) {
-                    if ($user->can("view_image_report")) {
+                    if ($user->can(Permissions::VIEW_IMAGE_REPORT)) {
                         send_event(new RemoveReportedImageEvent($_POST['id']));
                         $page->set_mode(PageMode::REDIRECT);
                         $page->set_redirect(make_link("image_report/list"));
@@ -83,13 +83,13 @@ class ReportImage extends Extension
                     $this->theme->display_error(500, "Missing input", "Missing image ID");
                 }
             } elseif ($event->get_arg(0) == "remove_reports_by" && $user->check_auth_token()) {
-                if ($user->can("view_image_report")) {
+                if ($user->can(Permissions::VIEW_IMAGE_REPORT)) {
                     $this->delete_reports_by(int_escape($_POST['user_id']));
                     $page->set_mode(PageMode::REDIRECT);
                     $page->set_redirect(make_link());
                 }
             } elseif ($event->get_arg(0) == "list") {
-                if ($user->can("view_image_report")) {
+                if ($user->can(Permissions::VIEW_IMAGE_REPORT)) {
                     $this->theme->display_reported_images($page, $this->get_reported_images());
                 }
             }
@@ -118,7 +118,7 @@ class ReportImage extends Extension
     public function onUserPageBuilding(UserPageBuildingEvent $event)
     {
         global $user;
-        if ($user->can("view_image_report")) {
+        if ($user->can(Permissions::VIEW_IMAGE_REPORT)) {
             $this->theme->get_nuller($event->display_user);
         }
     }
@@ -126,7 +126,7 @@ class ReportImage extends Extension
     public function onDisplayingImage(DisplayingImageEvent $event)
     {
         global $user;
-        if ($user->can('create_image_report')) {
+        if ($user->can(Permissions::CREATE_IMAGE_REPORT)) {
             $reps = $this->get_reports($event->image);
             $this->theme->display_image_banner($event->image, $reps);
         }
@@ -135,7 +135,7 @@ class ReportImage extends Extension
     public function onUserBlockBuilding(UserBlockBuildingEvent $event)
     {
         global $user;
-        if ($user->can("view_image_report")) {
+        if ($user->can(Permissions::VIEW_IMAGE_REPORT)) {
             $count = $this->count_reported_images();
             $h_count = $count > 0 ? " ($count)" : "";
             $event->add_link("Reported Images$h_count", make_link("image_report/list"));
diff --git a/ext/rule34/main.php b/ext/rule34/main.php
index b26fb166..3e9c650c 100644
--- a/ext/rule34/main.php
+++ b/ext/rule34/main.php
@@ -50,7 +50,7 @@ class Rule34 extends Extension
     public function onUserPageBuilding(UserPageBuildingEvent $event)
     {
         global $database, $user, $config;
-        if ($user->can("change_setting") && $config->get_bool('r34_comic_integration')) {
+        if ($user->can(Permissions::CHANGE_SETTING) && $config->get_bool('r34_comic_integration')) {
             $current_state = bool_escape($database->get_one("SELECT comic_admin FROM users WHERE id=?", [$event->display_user->id]));
             $this->theme->show_comic_changer($event->display_user, $current_state);
         }
@@ -59,7 +59,7 @@ class Rule34 extends Extension
     public function onThumbnailGeneration(ThumbnailGenerationEvent $event)
     {
         global $database, $user;
-        if ($user->can("manage_admintools")) {
+        if ($user->can(Permissions::MANAGE_ADMINTOOLS)) {
             $database->execute("NOTIFY shm_image_bans, '{$event->hash}';");
         }
     }
@@ -72,7 +72,7 @@ class Rule34 extends Extension
     {
         global $database, $page, $user;
 
-        if ($user->can("delete_user")) {  // deleting users can take a while
+        if ($user->can(Permissions::DELETE_USER)) {  // deleting users can take a while
             $database->execute("SET statement_timeout TO ".(DATABASE_TIMEOUT+15000).";");
         }
 
@@ -81,7 +81,7 @@ class Rule34 extends Extension
         }
 
         if ($event->page_matches("rule34/comic_admin")) {
-            if ($user->can("change_setting") && $user->check_auth_token()) {
+            if ($user->can(Permissions::CHANGE_SETTING) && $user->check_auth_token()) {
                 $input = validate_input([
                     'user_id' => 'user_id,exists',
                     'is_admin' => 'bool',
@@ -102,7 +102,7 @@ class Rule34 extends Extension
         }
 
         if ($event->page_matches("admin/cache_purge")) {
-            if (!$user->can("manage_admintools")) {
+            if (!$user->can(Permissions::MANAGE_ADMINTOOLS)) {
                 $this->theme->display_permission_denied();
             } else {
                 if ($user->check_auth_token()) {
@@ -130,7 +130,7 @@ class Rule34 extends Extension
 
         if ($event->page_matches("sys_ip_ban")) {
             global $page, $user;
-            if ($user->can("ban_ip")) {
+            if ($user->can(Permissions::BAN_IP)) {
                 if ($event->get_arg(0) == "list") {
                     $bans = (isset($_GET["all"])) ? $this->get_bans() : $this->get_active_bans();
                     $this->theme->display_bans($page, $bans);
diff --git a/ext/setup/main.php b/ext/setup/main.php
index 86af0141..9b8fa060 100644
--- a/ext/setup/main.php
+++ b/ext/setup/main.php
@@ -293,7 +293,7 @@ class Setup extends Extension
         }
 
         if ($event->page_matches("setup")) {
-            if (!$user->can("change_setting")) {
+            if (!$user->can(Permissions::CHANGE_SETTING)) {
                 $this->theme->display_permission_denied();
             } else {
                 if ($event->get_arg(0) == "save" && $user->check_auth_token()) {
@@ -413,7 +413,7 @@ class Setup extends Extension
     public function onUserBlockBuilding(UserBlockBuildingEvent $event)
     {
         global $user;
-        if ($user->can("change_setting")) {
+        if ($user->can(Permissions::CHANGE_SETTING)) {
             $event->add_link("Board Config", make_link("setup"));
         }
     }
diff --git a/ext/source_history/main.php b/ext/source_history/main.php
index 591fd217..ac5f7ae7 100644
--- a/ext/source_history/main.php
+++ b/ext/source_history/main.php
@@ -35,13 +35,13 @@ class Source_History extends Extension
 
         if ($event->page_matches("source_history/revert")) {
             // this is a request to revert to a previous version of the source
-            if ($user->can("edit_image_tag")) {
+            if ($user->can(Permissions::EDIT_IMAGE_TAG)) {
                 if (isset($_POST['revert'])) {
                     $this->process_revert_request($_POST['revert']);
                 }
             }
         } elseif ($event->page_matches("source_history/bulk_revert")) {
-            if ($user->can("bulk_edit_image_tag") && $user->check_auth_token()) {
+            if ($user->can(Permissions::BULK_EDIT_IMAGE_TAG) && $user->check_auth_token()) {
                 $this->process_bulk_revert_request();
             }
         } elseif ($event->page_matches("source_history/all")) {
@@ -85,7 +85,7 @@ class Source_History extends Extension
     public function onUserBlockBuilding(UserBlockBuildingEvent $event)
     {
         global $user;
-        if ($user->can("bulk_edit_image_tag")) {
+        if ($user->can(Permissions::BULK_EDIT_IMAGE_TAG)) {
             $event->add_link("Source Changes", make_link("source_history/all/1"));
         }
     }
diff --git a/ext/source_history/theme.php b/ext/source_history/theme.php
index 9d6faeac..fbe5a332 100644
--- a/ext/source_history/theme.php
+++ b/ext/source_history/theme.php
@@ -20,7 +20,7 @@ class Source_HistoryTheme extends Themelet
             $current_source = html_escape($fields['source']);
             $name = $fields['name'];
             $date_set = autodate($fields['date_set']);
-            $h_ip = $user->can("view_ip") ? " ".show_ip($fields['user_ip'], "Sourcing Image #$image_id as '$current_source'") : "";
+            $h_ip = $user->can(Permissions::VIEW_IP) ? " ".show_ip($fields['user_ip'], "Sourcing Image #$image_id as '$current_source'") : "";
             $setter = "<a href='".make_link("user/".url_escape($name))."'>".html_escape($name)."</a>$h_ip";
 
             $selected = ($n == 2) ? " checked" : "";
@@ -72,7 +72,7 @@ class Source_HistoryTheme extends Themelet
             $image_id = $fields['image_id'];
             $current_source = html_escape($fields['source']);
             $name = $fields['name'];
-            $h_ip = $user->can("view_ip") ? " ".show_ip($fields['user_ip'], "Sourcing Image #$image_id as '$current_source'") : "";
+            $h_ip = $user->can(Permissions::VIEW_IP) ? " ".show_ip($fields['user_ip'], "Sourcing Image #$image_id as '$current_source'") : "";
             $setter = "<a href='".make_link("user/".url_escape($name))."'>".html_escape($name)."</a>$h_ip";
 
             $history_list .= '
diff --git a/ext/tag_edit/main.php b/ext/tag_edit/main.php
index aa443797..7d20b7d0 100644
--- a/ext/tag_edit/main.php
+++ b/ext/tag_edit/main.php
@@ -161,7 +161,7 @@ class TagEdit extends Extension
         global $user, $page;
         if ($event->page_matches("tag_edit")) {
             if ($event->get_arg(0) == "replace") {
-                if ($user->can("mass_tag_edit") && isset($_POST['search']) && isset($_POST['replace'])) {
+                if ($user->can(Permissions::MASS_TAG_EDIT) && isset($_POST['search']) && isset($_POST['replace'])) {
                     $search = $_POST['search'];
                     $replace = $_POST['replace'];
                     $this->mass_tag_edit($search, $replace);
@@ -170,7 +170,7 @@ class TagEdit extends Extension
                 }
             }
             if ($event->get_arg(0) == "mass_source_set") {
-                if ($user->can("mass_tag_edit") && isset($_POST['tags']) && isset($_POST['source'])) {
+                if ($user->can(Permissions::MASS_TAG_EDIT) && isset($_POST['tags']) && isset($_POST['source'])) {
                     $this->mass_source_edit($_POST['tags'], $_POST['source']);
                     $page->set_mode(PageMode::REDIRECT);
                     $page->set_redirect(make_link("post/list"));
@@ -182,7 +182,7 @@ class TagEdit extends Extension
     // public function onPostListBuilding(PostListBuildingEvent $event)
     // {
     //     global $user;
-    //     if ($user->can("bulk_edit_image_source") && !empty($event->search_terms)) {
+    //     if ($user->can(UserAbilities::BULK_EDIT_IMAGE_SOURCE) && !empty($event->search_terms)) {
     //         $event->add_control($this->theme->mss_html(Tag::implode($event->search_terms)));
     //     }
     // }
@@ -190,7 +190,7 @@ class TagEdit extends Extension
     public function onImageInfoSet(ImageInfoSetEvent $event)
     {
         global $user;
-        if ($user->can("edit_image_owner") && isset($_POST['tag_edit__owner'])) {
+        if ($user->can(Permissions::EDIT_IMAGE_OWNER) && isset($_POST['tag_edit__owner'])) {
             $owner = User::by_name($_POST['tag_edit__owner']);
             if ($owner instanceof User) {
                 send_event(new OwnerSetEvent($event->image, $owner));
@@ -206,7 +206,7 @@ class TagEdit extends Extension
                 send_event(new SourceSetEvent($event->image, $_POST['tag_edit__source']));
             }
         }
-        if ($user->can("edit_image_lock")) {
+        if ($user->can(Permissions::EDIT_IMAGE_LOCK)) {
             $locked = isset($_POST['tag_edit__locked']) && $_POST['tag_edit__locked']=="on";
             send_event(new LockSetEvent($event->image, $locked));
         }
@@ -215,7 +215,7 @@ class TagEdit extends Extension
     public function onOwnerSet(OwnerSetEvent $event)
     {
         global $user;
-        if ($user->can("edit_image_owner") && (!$event->image->is_locked() || $user->can("edit_image_lock"))) {
+        if ($user->can(Permissions::EDIT_IMAGE_OWNER) && (!$event->image->is_locked() || $user->can(Permissions::EDIT_IMAGE_LOCK))) {
             $event->image->set_owner($event->owner);
         }
     }
@@ -223,7 +223,7 @@ class TagEdit extends Extension
     public function onTagSet(TagSetEvent $event)
     {
         global $user;
-        if ($user->can("edit_image_tag") && (!$event->image->is_locked() || $user->can("edit_image_lock"))) {
+        if ($user->can(Permissions::EDIT_IMAGE_TAG) && (!$event->image->is_locked() || $user->can(Permissions::EDIT_IMAGE_LOCK))) {
             $event->image->set_tags($event->tags);
         }
         $event->image->parse_metatags($event->metatags, $event->image->id);
@@ -232,7 +232,7 @@ class TagEdit extends Extension
     public function onSourceSet(SourceSetEvent $event)
     {
         global $user;
-        if ($user->can("edit_image_source") && (!$event->image->is_locked() || $user->can("edit_image_lock"))) {
+        if ($user->can(Permissions::EDIT_IMAGE_SOURCE) && (!$event->image->is_locked() || $user->can(Permissions::EDIT_IMAGE_LOCK))) {
             $event->image->set_source($event->source);
         }
     }
@@ -240,7 +240,7 @@ class TagEdit extends Extension
     public function onLockSet(LockSetEvent $event)
     {
         global $user;
-        if ($user->can("edit_image_lock")) {
+        if ($user->can(Permissions::EDIT_IMAGE_LOCK)) {
             $event->image->set_locked($event->locked);
         }
     }
@@ -288,13 +288,13 @@ class TagEdit extends Extension
     private function can_tag(Image $image): bool
     {
         global $user;
-        return ($user->can("edit_image_tag") || !$image->is_locked());
+        return ($user->can(Permissions::EDIT_IMAGE_TAG) || !$image->is_locked());
     }
 
     private function can_source(Image $image): bool
     {
         global $user;
-        return ($user->can("edit_image_source") || !$image->is_locked());
+        return ($user->can(Permissions::EDIT_IMAGE_SOURCE) || !$image->is_locked());
     }
 
     private function mass_tag_edit(string $search, string $replace)
diff --git a/ext/tag_edit/theme.php b/ext/tag_edit/theme.php
index ee978e42..fa95d7fa 100644
--- a/ext/tag_edit/theme.php
+++ b/ext/tag_edit/theme.php
@@ -51,7 +51,7 @@ class TagEditTheme extends Themelet
 			<tr>
 				<th width='50px'>Tags</th>
 				<td>
-		".($user->can("edit_image_tag") ? "
+		".($user->can(Permissions::EDIT_IMAGE_TAG) ? "
 					<span class='view'>$h_tag_links</span>
 					<input class='edit autocomplete_tags' type='text' name='tag_edit__tags' value='$h_tags' id='tag_editor' autocomplete='off'>
 		" : "
@@ -68,12 +68,12 @@ class TagEditTheme extends Themelet
         $h_owner = html_escape($image->get_owner()->name);
         $h_av = $image->get_owner()->get_avatar_html();
         $h_date = autodate($image->posted);
-        $h_ip = $user->can("view_ip") ? " (".show_ip($image->owner_ip, "Image posted {$image->posted}").")" : "";
+        $h_ip = $user->can(Permissions::VIEW_IP) ? " (".show_ip($image->owner_ip, "Image posted {$image->posted}").")" : "";
         return "
 			<tr>
 				<th>Uploader</th>
 				<td>
-		".($user->can("edit_image_owner") ? "
+		".($user->can(Permissions::EDIT_IMAGE_OWNER) ? "
 					<span class='view'><a class='username' href='".make_link("user/$h_owner")."'>$h_owner</a>$h_ip, $h_date</span>
 					<input class='edit' type='text' name='tag_edit__owner' value='$h_owner'>
 		" : "
@@ -95,7 +95,7 @@ class TagEditTheme extends Themelet
 			<tr>
 				<th>Source</th>
 				<td>
-		".($user->can("edit_image_source") ? "
+		".($user->can(Permissions::EDIT_IMAGE_SOURCE) ? "
 					<div class='view' style='$style'>$f_source</div>
 					<input class='edit' type='text' name='tag_edit__source' value='$h_source'>
 		" : "
@@ -132,7 +132,7 @@ class TagEditTheme extends Themelet
 			<tr>
 				<th>Locked</th>
 				<td>
-		".($user->can("edit_image_lock") ? "
+		".($user->can(Permissions::EDIT_IMAGE_LOCK) ? "
 					<span class='view'>$b_locked</span>
 					<input class='edit' type='checkbox' name='tag_edit__locked'$h_locked>
 		" : "
diff --git a/ext/tag_editcloud/main.php b/ext/tag_editcloud/main.php
index 24e6d1a3..0ae9088c 100644
--- a/ext/tag_editcloud/main.php
+++ b/ext/tag_editcloud/main.php
@@ -180,6 +180,6 @@ class TagEditCloud extends Extension
     private function can_tag(Image $image): bool
     {
         global $user;
-        return ($user->can("edit_image_tag") && (!$image->is_locked() || $user->can("edit_image_lock")));
+        return ($user->can(Permissions::EDIT_IMAGE_TAG) && (!$image->is_locked() || $user->can(Permissions::EDIT_IMAGE_LOCK)));
     }
 }
diff --git a/ext/tag_history/main.php b/ext/tag_history/main.php
index 618bd85a..6e241c3e 100644
--- a/ext/tag_history/main.php
+++ b/ext/tag_history/main.php
@@ -35,13 +35,13 @@ class Tag_History extends Extension
 
         if ($event->page_matches("tag_history/revert")) {
             // this is a request to revert to a previous version of the tags
-            if ($user->can("edit_image_tag")) {
+            if ($user->can(Permissions::EDIT_IMAGE_TAG)) {
                 if (isset($_POST['revert'])) {
                     $this->process_revert_request($_POST['revert']);
                 }
             }
         } elseif ($event->page_matches("tag_history/bulk_revert")) {
-            if ($user->can("bulk_edit_image_tag") && $user->check_auth_token()) {
+            if ($user->can(Permissions::BULK_EDIT_IMAGE_TAG) && $user->check_auth_token()) {
                 $this->process_bulk_revert_request();
             }
         } elseif ($event->page_matches("tag_history/all")) {
@@ -85,7 +85,7 @@ class Tag_History extends Extension
     public function onUserBlockBuilding(UserBlockBuildingEvent $event)
     {
         global $user;
-        if ($user->can("bulk_edit_image_tag")) {
+        if ($user->can(Permissions::BULK_EDIT_IMAGE_TAG)) {
             $event->add_link("Tag Changes", make_link("tag_history/all/1"));
         }
     }
diff --git a/ext/tag_history/theme.php b/ext/tag_history/theme.php
index dfa1ab41..9e51ccb8 100644
--- a/ext/tag_history/theme.php
+++ b/ext/tag_history/theme.php
@@ -25,7 +25,7 @@ class Tag_HistoryTheme extends Themelet
             $current_tags = html_escape($fields['tags']);
             $name = $fields['name'];
             $date_set = autodate($fields['date_set']);
-            $h_ip = $user->can("view_ip") ? " ".show_ip($fields['user_ip'], "Tagging Image #$image_id as '$current_tags'") : "";
+            $h_ip = $user->can(Permissions::VIEW_IP) ? " ".show_ip($fields['user_ip'], "Tagging Image #$image_id as '$current_tags'") : "";
             $setter = "<a href='".make_link("user/".url_escape($name))."'>".html_escape($name)."</a>$h_ip";
 
             $selected = ($n == 2) ? " checked" : "";
@@ -84,7 +84,7 @@ class Tag_HistoryTheme extends Themelet
             $image_id = $fields['image_id'];
             $current_tags = html_escape($fields['tags']);
             $name = $fields['name'];
-            $h_ip = $user->can("view_ip") ? " ".show_ip($fields['user_ip'], "Tagging Image #$image_id as '$current_tags'") : "";
+            $h_ip = $user->can(Permissions::VIEW_IP) ? " ".show_ip($fields['user_ip'], "Tagging Image #$image_id as '$current_tags'") : "";
             $setter = "<a href='".make_link("user/".url_escape($name))."'>".html_escape($name)."</a>$h_ip";
 
             $history_list .= '
diff --git a/ext/tagger/main.php b/ext/tagger/main.php
index 631da7b4..2653634c 100644
--- a/ext/tagger/main.php
+++ b/ext/tagger/main.php
@@ -12,7 +12,7 @@ class Tagger extends Extension
     {
         global $page, $user;
 
-        if ($user->can("edit_image_tag") && ($event->image->is_locked() || $user->can("edit_image_lock"))) {
+        if ($user->can(Permissions::EDIT_IMAGE_TAG) && ($event->image->is_locked() || $user->can(Permissions::EDIT_IMAGE_LOCK))) {
             $this->theme->build_tagger($page, $event);
         }
     }
diff --git a/ext/trash/main.php b/ext/trash/main.php
index 89be2aee..bb1b766f 100644
--- a/ext/trash/main.php
+++ b/ext/trash/main.php
@@ -37,7 +37,7 @@ class Trash extends Extension
     {
         global $page, $user;
 
-        if ($event->page_matches("trash_restore") && $user->can("view_trash")) {
+        if ($event->page_matches("trash_restore") && $user->can(Permissions::VIEW_TRASH)) {
             // Try to get the image ID
             $image_id = int_escape($event->get_arg(0));
             if (empty($image_id)) {
@@ -59,7 +59,7 @@ class Trash extends Extension
     {
         global $user, $page;
 
-        if($event->image->trash===true && !$user->can("view_trash")) {
+        if($event->image->trash===true && !$user->can(Permissions::VIEW_TRASH)) {
             $page->set_mode(PageMode::REDIRECT);
             $page->set_redirect(make_link("post/list"));
         }
@@ -87,7 +87,7 @@ class Trash extends Extension
 
 
         if (preg_match(self::SEARCH_REGEXP, strtolower($event->term), $matches)) {
-            if($user->can("view_trash")) {
+            if($user->can(Permissions::VIEW_TRASH)) {
                 $event->add_querylet(new Querylet($database->scoreql_to_sql("trash = SCORE_BOOL_Y ")));
             }
         }
@@ -114,7 +114,7 @@ class Trash extends Extension
     public function onImageAdminBlockBuilding(ImageAdminBlockBuildingEvent $event)
     {
         global $config, $database, $user;
-        if($event->image->trash===true && $user->can("view_trash")) {
+        if($event->image->trash===true && $user->can(Permissions::VIEW_TRASH)) {
             $event->add_part($this->theme->get_image_admin_html($event->image->id));
         }
     }
@@ -123,7 +123,7 @@ class Trash extends Extension
     {
         global $user;
 
-        if ($user->can("view_trash")&&in_array("in:trash", $event->search_terms)) {
+        if ($user->can(Permissions::VIEW_TRASH)&&in_array("in:trash", $event->search_terms)) {
             $event->add_action("bulk_trash_restore","(U)ndelete", "u");
         }
     }
@@ -134,7 +134,7 @@ class Trash extends Extension
 
         switch ($event->action) {
             case "bulk_trash_restore":
-                if ($user->can("view_trash")) {
+                if ($user->can(Permissions::VIEW_TRASH)) {
                     $total = 0;
                     foreach ($event->items as $image) {
                         self::set_trash($image->id, false);
diff --git a/ext/upload/main.php b/ext/upload/main.php
index e0274346..ed13c96b 100644
--- a/ext/upload/main.php
+++ b/ext/upload/main.php
@@ -155,7 +155,7 @@ class Upload extends Extension
     {
         global $database, $page, $user;
 
-        if ($user->can("create_image")) {
+        if ($user->can(Permissions::CREATE_IMAGE)) {
             if ($this->is_full) {
                 $this->theme->display_full($page);
             } else {
@@ -165,7 +165,7 @@ class Upload extends Extension
 
         if ($event->page_matches("upload/replace")) {
             // check if the user is an administrator and can upload files.
-            if (!$user->can("replace_image")) {
+            if (!$user->can(Permissions::REPLACE_IMAGE)) {
                 $this->theme->display_permission_denied();
             } else {
                 if ($this->is_full) {
@@ -221,7 +221,7 @@ class Upload extends Extension
                 }
             }
         } elseif ($event->page_matches("upload")) {
-            if (!$user->can("create_image")) {
+            if (!$user->can(Permissions::CREATE_IMAGE)) {
                 $this->theme->display_permission_denied();
             } else {
                 /* Regular Upload Image */
@@ -371,7 +371,7 @@ class Upload extends Extension
         $ok = true;
 
         // Checks if user is admin > check if you want locked.
-        if ($user->can("edit_image_lock") && !empty($_GET['locked'])) {
+        if ($user->can(Permissions::EDIT_IMAGE_LOCK) && !empty($_GET['locked'])) {
             $locked = bool_escape($_GET['locked']);
         }
 
diff --git a/ext/user/main.php b/ext/user/main.php
index b918a845..f7d202af 100644
--- a/ext/user/main.php
+++ b/ext/user/main.php
@@ -127,7 +127,7 @@ class UserPage extends Extension
                     $a["name"] = '%' . $_GET['username'] . '%';
                 }
 
-                if ($user->can('delete_user') && @$_GET['email']) {
+                if ($user->can(Permissions::DELETE_USER) && @$_GET['email']) {
                     $q .= " AND SCORE_STRNORM(email) LIKE SCORE_STRNORM(:email)";
                     $a["email"] = '%' . $_GET['email'] . '%';
                 }
@@ -212,7 +212,7 @@ class UserPage extends Extension
         global $user, $config;
 
         $h_join_date = autodate($event->display_user->join_date);
-        if ($event->display_user->can("hellbanned")) {
+        if ($event->display_user->can(Permissions::HELLBANNED)) {
             $h_class = $event->display_user->class->parent->name;
         } else {
             $h_class = $event->display_user->class->name;
@@ -250,7 +250,7 @@ class UserPage extends Extension
             $this->theme->display_user_links($page, $user, $ubbe->parts);
         }
         if (
-            ($user->can("view_ip") || ($user->is_logged_in() && $user->id == $event->display_user->id)) && # admin or self-user
+            ($user->can(Permissions::VIEW_IP) || ($user->is_logged_in() && $user->id == $event->display_user->id)) && # admin or self-user
             ($event->display_user->id != $config->get_int('anon_id')) # don't show anon's IP list, it is le huge
         ) {
             $this->theme->display_ip_list(
@@ -309,7 +309,7 @@ class UserPage extends Extension
     {
         global $user;
         $event->add_link("My Profile", make_link("user"));
-        if ($user->can("edit_user_class")) {
+        if ($user->can(Permissions::EDIT_USER_CLASS)) {
             $event->add_link("User List", make_link("user_admin/list"), 98);
         }
         $event->add_link("Log Out", make_link("user_admin/logout"), 99);
@@ -337,7 +337,7 @@ class UserPage extends Extension
         } elseif (preg_match("/^(?:poster|user)_id[=|:]([0-9]+)$/i", $event->term, $matches)) {
             $user_id = int_escape($matches[1]);
             $event->add_querylet(new Querylet("images.owner_id = $user_id"));
-        } elseif ($user->can("view_ip") && preg_match("/^(?:poster|user)_ip[=|:]([0-9\.]+)$/i", $event->term, $matches)) {
+        } elseif ($user->can(Permissions::VIEW_IP) && preg_match("/^(?:poster|user)_ip[=|:]([0-9\.]+)$/i", $event->term, $matches)) {
             $user_ip = $matches[1]; // FIXME: ip_escape?
             $event->add_querylet(new Querylet("images.owner_ip = '$user_ip'"));
         }
@@ -517,8 +517,8 @@ class UserPage extends Extension
 
         if (
             ($a->name == $b->name) ||
-            ($b->can("protected") && $a->class->name == "admin") ||
-            (!$b->can("protected") && $a->can("edit_user_info"))
+            ($b->can(Permissions::PROTECTED) && $a->class->name == "admin") ||
+            (!$b->can(Permissions::PROTECTED) && $a->can(Permissions::EDIT_USER_INFO))
         ) {
             return true;
         } else {
@@ -544,7 +544,7 @@ class UserPage extends Extension
     {
         global $user;
 
-        if ($user->can('edit_user_name') && $this->user_can_edit_user($user, $duser)) {
+        if ($user->can(Permissions::EDIT_USER_NAME) && $this->user_can_edit_user($user, $duser)) {
             $duser->set_name($name);
             flash_message("Username changed");
             // TODO: set login cookie if user changed themselves
@@ -652,7 +652,7 @@ class UserPage extends Extension
         $page->set_heading("Error");
         $page->add_block(new NavBlock());
         
-        if (!$user->can("delete_user")) {
+        if (!$user->can(Permissions::DELETE_USER)) {
             $page->add_block(new Block("Not Admin", "Only admins can delete accounts"));
         } elseif (!isset($_POST['id']) || !is_numeric($_POST['id'])) {
             $page->add_block(new Block(
diff --git a/ext/user/theme.php b/ext/user/theme.php
index 45f6f08f..c773dd0e 100644
--- a/ext/user/theme.php
+++ b/ext/user/theme.php
@@ -26,7 +26,7 @@ class UserPageTheme extends Themelet
 
         $html .= "<tr>";
         $html .= "<td>Name</td>";
-        if ($user->can('delete_user')) {
+        if ($user->can(Permissions::DELETE_USER)) {
             $html .= "<td>Email</td>";
         }
         $html .= "<td>Class</td>";
@@ -39,7 +39,7 @@ class UserPageTheme extends Themelet
 
         $html .= "<tr>" . make_form("user_admin/list", "GET");
         $html .= "<td><input type='text' name='username' value='$h_username'/></td>";
-        if ($user->can('delete_user')) {
+        if ($user->can(Permissions::DELETE_USER)) {
             $html .= "<td><input type='text' name='email' value='$h_email'/></td>";
         }
         $html .= "<td><input type='text' name='class' value='$h_class'/></td>";
@@ -55,7 +55,7 @@ class UserPageTheme extends Themelet
 
             $html .= "<tr>";
             $html .= "<td><a href='$u_link'>$h_name</a></td>";
-            if ($user->can('delete_user')) {
+            if ($user->can(Permissions::DELETE_USER)) {
                 $html .= "<td>$h_email</td>";
             }
             $html .= "<td>$h_class</td>";
@@ -256,7 +256,7 @@ class UserPageTheme extends Themelet
         $html = "";
         if ($duser->id != $config->get_int('anon_id')) {  //justa fool-admin protection so they dont mess around with anon users.
         
-            if ($user->can('edit_user_name')) {
+            if ($user->can(Permissions::EDIT_USER_NAME)) {
                 $html .= "
 				<p>".make_form(make_link("user_admin/change_name"))."
 					<input type='hidden' name='id' value='{$duser->id}'>
@@ -298,7 +298,7 @@ class UserPageTheme extends Themelet
 
             $i_user_id = int_escape($duser->id);
 
-            if ($user->can("edit_user_class")) {
+            if ($user->can(Permissions::EDIT_USER_CLASS)) {
                 global $_shm_user_classes;
                 $class_html = "";
                 foreach ($_shm_user_classes as $name => $values) {
@@ -319,7 +319,7 @@ class UserPageTheme extends Themelet
 				";
             }
 
-            if ($user->can("delete_user")) {
+            if ($user->can(Permissions::DELETE_USER)) {
                 $html .= "
 					<p>".make_form(make_link("user_admin/delete_user"))."
 						<input type='hidden' name='id' value='$i_user_id'>
diff --git a/ext/view/theme.php b/ext/view/theme.php
index 82bd51f4..de1694ac 100644
--- a/ext/view/theme.php
+++ b/ext/view/theme.php
@@ -81,8 +81,8 @@ class ViewImageTheme extends Themelet
             $html .= $part;
         }
         if (
-            (!$image->is_locked() || $user->can("edit_image_lock")) &&
-            $user->can("edit_image_tag")
+            (!$image->is_locked() || $user->can(Permissions::EDIT_IMAGE_LOCK)) &&
+            $user->can(Permissions::EDIT_IMAGE_TAG)
         ) {
             $html .= "
 						<tr><td colspan='4'>
diff --git a/ext/wiki/main.php b/ext/wiki/main.php
index 7279b630..65d29ae0 100644
--- a/ext/wiki/main.php
+++ b/ext/wiki/main.php
@@ -206,7 +206,7 @@ class Wiki extends Extension
         }
 
         // anon / user can edit if allowed by config
-        if ($user->can("edit_wiki_page")) {
+        if ($user->can(Permissions::EDIT_WIKI_PAGE)) {
             return true;
         }
 
diff --git a/themes/danbooru/comment.theme.php b/themes/danbooru/comment.theme.php
index 03e094bc..0b40f418 100644
--- a/themes/danbooru/comment.theme.php
+++ b/themes/danbooru/comment.theme.php
@@ -104,7 +104,7 @@ class CustomCommentListTheme extends CommentListTheme
 
         $h_userlink = "<a class='username' href='".make_link("user/$h_name")."'>$h_name</a>";
         $h_del = "";
-        if ($user->can("delete_comment")) {
+        if ($user->can(Permissions::DELETE_COMMENT)) {
             $comment_preview = substr(html_unescape($tfe->stripped), 0, 50);
             $j_delete_confirm_message = json_encode("Delete comment by {$comment->owner_name}:\n$comment_preview");
             $h_delete_script = html_escape("return confirm($j_delete_confirm_message);");
diff --git a/themes/danbooru/view.theme.php b/themes/danbooru/view.theme.php
index f113541a..3b448c2e 100644
--- a/themes/danbooru/view.theme.php
+++ b/themes/danbooru/view.theme.php
@@ -23,7 +23,7 @@ class CustomViewImageTheme extends ViewImageTheme
         $h_filesize = to_shorthand_int($image->filesize);
 
         global $user;
-        if ($user->can("view_ip")) {
+        if ($user->can(Permissions::VIEW_IP)) {
             $h_ownerlink .= " ($h_ip)";
         }
 
diff --git a/themes/danbooru2/comment.theme.php b/themes/danbooru2/comment.theme.php
index f043f445..94d56eda 100644
--- a/themes/danbooru2/comment.theme.php
+++ b/themes/danbooru2/comment.theme.php
@@ -105,7 +105,7 @@ class CustomCommentListTheme extends CommentListTheme
 
         $h_userlink = "<a class='username' href='".make_link("user/$h_name")."'>$h_name</a>";
         $h_del = "";
-        if ($user->can("delete_comment")) {
+        if ($user->can(Permissions::DELETE_COMMENT)) {
             $comment_preview = substr(html_unescape($tfe->stripped), 0, 50);
             $j_delete_confirm_message = json_encode("Delete comment by {$comment->owner_name}:\n$comment_preview");
             $h_delete_script = html_escape("return confirm($j_delete_confirm_message);");
diff --git a/themes/danbooru2/view.theme.php b/themes/danbooru2/view.theme.php
index 237f1a8c..3e588307 100644
--- a/themes/danbooru2/view.theme.php
+++ b/themes/danbooru2/view.theme.php
@@ -22,7 +22,7 @@ class CustomViewImageTheme extends ViewImageTheme
         $h_filesize = to_shorthand_int($image->filesize);
 
         global $user;
-        if ($user->can("view_ip")) {
+        if ($user->can(Permissions::VIEW_IP)) {
             $h_ownerlink .= " ($h_ip)";
         }
 
diff --git a/themes/futaba/comment.theme.php b/themes/futaba/comment.theme.php
index 2fd0a6ad..7647c322 100644
--- a/themes/futaba/comment.theme.php
+++ b/themes/futaba/comment.theme.php
@@ -78,7 +78,7 @@ class CustomCommentListTheme extends CommentListTheme
         $h_userlink = "<a href='".make_link("user/$h_name")."'>$h_name</a>";
         $h_date = $comment->posted;
         $h_del = "";
-        if ($user->can("delete_comment")) {
+        if ($user->can(Permissions::DELETE_COMMENT)) {
             $comment_preview = substr(html_unescape($tfe->stripped), 0, 50);
             $j_delete_confirm_message = json_encode("Delete comment by {$comment->owner_name}:\n$comment_preview");
             $h_delete_script = html_escape("return confirm($j_delete_confirm_message);");
diff --git a/themes/lite/view.theme.php b/themes/lite/view.theme.php
index a4613467..aea9b028 100644
--- a/themes/lite/view.theme.php
+++ b/themes/lite/view.theme.php
@@ -23,7 +23,7 @@ class CustomViewImageTheme extends ViewImageTheme
         $h_filesize = to_shorthand_int($image->filesize);
 
         global $user;
-        if ($user->can("view_ip")) {
+        if ($user->can(Permissions::VIEW_IP)) {
             $h_ownerlink .= " ($h_ip)";
         }
 
diff --git a/themes/material/view.theme.php b/themes/material/view.theme.php
index eafdf3f4..71edf7c6 100644
--- a/themes/material/view.theme.php
+++ b/themes/material/view.theme.php
@@ -57,8 +57,8 @@ class CustomViewImageTheme extends ViewImageTheme
             $html .= $part;
         }
         if (
-            (!$image->is_locked() || $user->can("edit_image_lock")) &&
-            $user->can("edit_image_tag")
+            (!$image->is_locked() || $user->can(Permissions::EDIT_IMAGE_LOCK)) &&
+            $user->can(Permissions::EDIT_IMAGE_TAG)
         ) {
             $html .= "
   						<tr><td colspan='4'>