[wp-hackers] What does user_can really check?

Erick Hitter ehitter at gmail.com
Tue Nov 22 23:17:52 UTC 2011


user_can() checks capabilities, such as *read*, *edit_posts*, *
manage_options*, etc., not a user's specific role. If you're trying to
identify users with a certain role, you need to test what capabilities the
user has or doesn't have.

You should reference the table at
guidance as to which combination of capabilities will let you isolate
user's role. Checking for *edit_posts *or *delete_posts*, for example, will
determine whether or not the current user is a subscriber or more-capable


On Tue, Nov 22, 2011 at 18:04, Kevin Newman <CaptainN at unfocus.com> wrote:

> I wrote a plugin to prune users, and one of the checks I do is this:
> user_can( $user->ID, 'subscriber')
> It worked for my case, but I'm concerned that it may be too broad for
> general use. That does not return true for other roles - like contributor
> and admin - but the question is, would it return true for modified
> "subscribers" or does changing a user's capabilities automatically make
> them fail this check?
> thanks,
> Kevin N.
> P.S. Here is it the plugin:
> https://github.com/unFocus/**Prune-Users/blob/master/**unfocus-prune.php<https://github.com/unFocus/Prune-Users/blob/master/unfocus-prune.php>
> ______________________________**_________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.**com <wp-hackers at lists.automattic.com>
> http://lists.automattic.com/**mailman/listinfo/wp-hackers<http://lists.automattic.com/mailman/listinfo/wp-hackers>

More information about the wp-hackers mailing list