[wp-hackers] Display page only to admin..

Jeremy Clarke jer at simianuprising.com
Mon May 18 17:24:54 GMT 2009

On Sun, May 17, 2009 at 4:21 PM, Jordi Canals <jcanals at alkivia.com> wrote:
> If you're checking for admin, I would better
> if ( current_user_can('administrator') ) {
> do_stuff();
> }

Unless you are creating special roles specifically and want to check
them (like maybe "Business Owner" or something nonstandard) it is
pretty much always better to check for a capability instead of a role.
For example if there was a new role created called "Site Manager" that
had everything an Admin had but was separate for some other reason
(one missing capability maybe, or because you are using roles for
organizational/managerial reasons) then your check for 'administrator'
would fail.

Checking instead for a capability you think someone should have is far
less likely to cause problems, and gives you much more accuracy. It's
also the official way the system was built to work. WP Roles are
labels and defaults that simplify the system but not its intended
endpoint, as implied by the grammatical failure of the sentence "If
the current user can Administrator".

Also Madalin: You don't need the Role Manager plugin to use
current_user_can(), it's already available in WP, you only need it if
you want to change the default capabilities each role/user has or to
create new roles.

Jeremy Clarke | http://simianuprising.com
Code and Design | http://globalvoicesonline.org

More information about the wp-hackers mailing list