[wp-hackers] What does user_can really check?

[Kevin Newman]

That's what I figured, however, the example I posted does actually work:
user_can( $user->ID, 'subscriber')

That returns users that have the same set of caps as a subscriber - but 
not those that have subscriber caps, but also additional caps. Well 
actually I'm not sure about that. I am sure it doesn't return true for 
users that have "read" cap - the only cap a subscriber has) plus the 
caps of Administrators, or Contributors, etc. - all of which have the 
"read" cap).

There are clear roles in WP - in user management for example, the user 
filters (Administrators (x), Contributors (x), Subscribers (x) ) - it's 
these roles that I specifically need to target for user pruning, and the 
do seem to be top level concepts in the UI at least.

The only way I can think to do it by caps would be through a method that 
confirms a user *only* has read caps, otherwise I'd delete all the 
users, since they all have read.

Kevin N.


On 11/22/2011 6:17 PM, Erick Hitter wrote:
> user_can() checks capabilities, such as*read*,*edit_posts*, *
> manage_options*, etc., not a user's specific role. If you're trying to
> identify users with a certain role, you need to test what capabilities the
> user has or doesn't have.
>
> You should reference the table at
> http://codex.wordpress.org/Roles_and_Capabilities#Capability_vs._Role_Tablefor
> guidance as to which combination of capabilities will let you isolate
> a
> user's role. Checking for*edit_posts *or *delete_posts*, for example, will
> determine whether or not the current user is a subscriber or more-capable
> user.