[wp-hackers] What does user_can really check?

Erick Hitter ehitter at gmail.com
Tue Nov 22 23:17:52 UTC 2011


Kevin,

user_can() checks capabilities, such as *read*, *edit_posts*, *
manage_options*, etc., not a user's specific role. If you're trying to
identify users with a certain role, you need to test what capabilities the
user has or doesn't have.

You should reference the table at
http://codex.wordpress.org/Roles_and_Capabilities#Capability_vs._Role_Tablefor
guidance as to which combination of capabilities will let you isolate
a
user's role. Checking for *edit_posts *or *delete_posts*, for example, will
determine whether or not the current user is a subscriber or more-capable
user.

Erick

On Tue, Nov 22, 2011 at 18:04, Kevin Newman <CaptainN at unfocus.com> wrote:

> I wrote a plugin to prune users, and one of the checks I do is this:
>
> user_can( $user->ID, 'subscriber')
>
> It worked for my case, but I'm concerned that it may be too broad for
> general use. That does not return true for other roles - like contributor
> and admin - but the question is, would it return true for modified
> "subscribers" or does changing a user's capabilities automatically make
> them fail this check?
>
> thanks,
>
> Kevin N.
>
> P.S. Here is it the plugin:
> https://github.com/unFocus/**Prune-Users/blob/master/**unfocus-prune.php<https://github.com/unFocus/Prune-Users/blob/master/unfocus-prune.php>
>
>
> ______________________________**_________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.**com <wp-hackers at lists.automattic.com>
> http://lists.automattic.com/**mailman/listinfo/wp-hackers<http://lists.automattic.com/mailman/listinfo/wp-hackers>
>


More information about the wp-hackers mailing list