CorePlugin Development

WordPress Function – current user can()

By December 17, 2018 No Comments

WordPress Function – current_user_can()

When building a custom wordpress plugin knowing how to review and see what the current user can access is an important function to use. In many cases this function is one you will use when checking the user’s permissions within your plugin. This is important because you want to make sure that is there is a subscriber who might have access to the plugin, that they can’t change or manage information that they shouldn’t.

current_user_can( string $capability )

While checking against particular roles in place of a capability is supported in part, this practice is discouraged as it may produce unreliable results.

Note: Will always return true if the current user is a super admin, unless specifically denied.

Parameters

$capability

(string) (Required) Capability name.

$object_id

(int) (Optional) ID of the specific object to check against if $capability is a “meta” cap. “Meta” capabilities, e.g. ‘edit_post’, ‘edit_user’, etc., are capabilities used by map_meta_cap() to map to other “primitive” capabilities, e.g. ‘edit_posts’, ‘edit_others_posts’, etc. Accessed via func_get_args() and passed to WP_User::has_cap(), then map_meta_cap().

 

Return

(bool) Whether the current user has the given capability. If $capability is a meta cap and $object_id is passed, whether the current user has the given meta capability for the given object.

Below is an example of how the function can be used.

function current_user_can( $capability ) {
    $current_user = wp_get_current_user();
 
    if ( empty( $current_user ) )
        return false;
 
    $args = array_slice( func_get_args(), 1 );
    $args = array_merge( array( $capability ), $args );
 
    return call_user_func_array( array( $current_user, 'has_cap' ), $args );
}

Leave a Reply