current_user_can() WP 2.0.0
Whether the current user has a specific capability.
This function should be used after the plugins_loaded action. By default WordPress setups current user on the init hook.
Use user_can() to check the capabilities of the specified user.
No Hooks.
Return
true|false. Whether the current user has the given capability. If $capability is a meta cap and $object_id is passed, whether the current user has the given meta capability for the given object.
Usage
current_user_can( $capability );
- $capability(string) (required)
- Capability name. See here for the list of roles and capabilities.
- $object_id(int) (required)
ID of the specific object to check against if $capability is a "meta" cap.
"Meta" capabilities, e.g. 'edit_post', 'edit_user', etc., are capabilities used by map_meta_cap() to map to other "primitive" capabilities, e.g. 'edit_posts', 'edit_others_posts', etc. Accessed via func_get_args() and passed to WP_User::has_cap(), then map_meta_cap().
Basic capabilities
| Capability | Super Admin | Admin | Editor | Author | Contributor | Subscriber |
|---|---|---|---|---|---|---|
| setup_network (WP 4.8) | yes | |||||
| upgrade_network (WP 4.8) | yes | |||||
| manage_network | yes | |||||
| manage_sites | yes | |||||
| manage_network_users | yes | |||||
| manage_network_plugins | yes | |||||
| manage_network_themes | yes | |||||
| manage_network_options | yes | |||||
| Capability | Super Admin | Admin | Editor | Author | Contributor | Subscriber |
| activate_plugins | yes | yes (single site or enabled by network setting) | ||||
| deactivate_plugins (WP 4.9) | yes | yes | ||||
| create_users | yes | yes (single site) | ||||
| delete_plugins | yes | yes (single site) | ||||
| delete_themes | yes | yes (single site) | ||||
| delete_users | yes | yes (single site) | ||||
| edit_files | yes | yes (single site) | ||||
| edit_plugins | yes | yes (single site) | ||||
| edit_theme_options | yes | yes | ||||
| edit_themes | yes | yes (single site) | ||||
| edit_users | yes | yes (single site) | ||||
| export | yes | yes | ||||
| import | yes | yes | ||||
| install_plugins | yes | yes (single site) | ||||
| install_themes | yes | yes (single site) | ||||
| install_languages (WP 4.9) | yes | yes (single site) | ||||
| update_languages (WP 4.9) | yes | yes (single site) | ||||
| list_users | yes | yes | ||||
| manage_options | yes | yes | ||||
| promote_users | yes | yes | ||||
| remove_users | yes | yes | ||||
| switch_themes | yes | yes | ||||
| update_core | yes | yes (single site) | ||||
| update_plugins | yes | yes (single site) | ||||
| update_themes | yes | yes (single site) | ||||
| edit_dashboard | yes | yes | ||||
| Capability | Super Admin | Admin | Editor | Author | Contributor | Subscriber |
| unfiltered_html | yes | yes (single site) | yes (single site) | |||
| moderate_comments | yes | yes | yes | |||
| manage_categories | yes | yes | yes | |||
| manage_links | yes | yes | yes | |||
| edit_others_posts | yes | yes | yes | |||
| edit_pages | yes | yes | yes | |||
| edit_others_pages | yes | yes | yes | |||
| edit_published_pages | yes | yes | yes | |||
| publish_pages | yes | yes | yes | |||
| delete_pages | yes | yes | yes | |||
| delete_others_pages | yes | yes | yes | |||
| delete_published_pages | yes | yes | yes | |||
| delete_others_posts | yes | yes | yes | |||
| delete_private_posts | yes | yes | yes | |||
| edit_private_posts | yes | yes | yes | |||
| read_private_posts | yes | yes | yes | |||
| delete_private_pages | yes | yes | yes | |||
| edit_private_pages | yes | yes | yes | |||
| read_private_pages | yes | yes | yes | |||
| Capability | Super Admin | Admin | Editor | Author | Contributor | Subscriber |
| edit_published_posts | yes | yes | yes | yes | ||
| upload_files | yes | yes | yes | yes | ||
| publish_posts | yes | yes | yes | yes | ||
| delete_published_posts | yes | yes | yes | yes | ||
| edit_posts | yes | yes | yes | yes | yes | |
| delete_posts | yes | yes | yes | yes | yes | |
| read | yes | yes | yes | yes | yes | yes |
More details here
menuMeta capabilities
Above is a list of primitive capabilities, but there are also meta capabilities – they have additional parameters, for example edit_post (the capability to edit the specified post) need ID of the post:
if( current_user_can('edit_post', 123) ) {
echo 'Current user can edit post 123'.
}
The list of meta-capabilities:
delete_user edit_user remove_user promote_user delete_post delete_page edit_post edit_page edit_comment read_post read_page edit_term — WP 4.7. delete_term — WP 4.7 — assign_term — WP 4.7 — activate_plugin — WP 4.9 — current_user_can( 'activate_plugin', 'my-plugin/my-plugin.php' ) deactivate_plugin — WP 4.9 — current_user_can( 'deactivate_plugin', 'my-plugin/my-plugin.php' ) export_others_personal_data — WP 4.9.6 — is_multisite() ? 'manage_network' : 'manage_options' erase_others_personal_data — WP 4.9.6 — is_multisite() ? 'manage_network' : 'manage_options' manage_privacy_options — WP 4.9.6 — is_multisite() ? 'manage_network' : 'manage_options'
Learn more about meta-capabilities here: map_meta_cap()
menuExamples
#1 Whether a user is an administrator
if( current_user_can('manage_options') ){
echo "The user can manage options!";
}
#2 Use user_can() to check the capabilities of the current user
global $user;
if( user_can($user->ID, 'manage_options') ){
// do something
};
manage_options - administrator's capibility
#3 Using $object_id
if( current_user_can('edit_post', 123) ) {
echo 'Current user can edit post 123'.
}
#4 Check the capability for specific taxonomy item
Since 4.7 you can check the capabilities for specific terms using edit_term, delete_term, assign_term.
This example displays a link for editing term item only if the user has specific capability:
if( current_user_can('edit_term', $term_id) ){
echo '<a href="'. get_edit_term_link( $term_id ) .'">Edit.</a>';
}
Verify the role of the current user
Don't pass the name of the role to this function because the verification may work incorrectly. An example of how not to do it:
// if the current user is editor, the function returns:
current_user_can('administrator') // false
current_user_can('editor') // true
current_user_can('contributor') // false
current_user_can('subscriber') // false
Instead, you can use:
#1 First function
/**
* Checks the role of a specific user.
*
* @param string $role Name of the role.
* @param bool $user_id (optional) User ID to check the role against.
* @return bool
*/
function is_user_role( $role, $user_id = null ) {
$user = is_numeric( $user_id ) ? get_userdata( $user_id ) : wp_get_current_user();
if( ! $user )
return false;
return in_array( $role, (array) $user->roles );
}
// Using for the current user
if( is_user_role( 'customer' ) )
echo "Yeap";
else
echo "Nope";
// Using for the specific user.
$user_id = 23;
if ( is_user_role( 'customer', $user_id ) )
echo "Yeap";
else
echo "Nope";
#2 Second function
I wrote this function in the process of working on one of the projects, now I use it periodically:
## Checks if the specified role is in the roles of the current (or specified) user
## $roles string/array - name of the role to check the user against
function is_user_role_in( $roles, $user = false ){
if( ! $user ) $user = wp_get_current_user();
if( is_numeric($user) ) $user = get_userdata( $user );
if( empty($user->ID) )
return false;
foreach( (array) $roles as $role )
if( isset($user->caps[ $role ]) || in_array($role, $user->roles) )
return true;
return false;
}
// Examples of usage
if( is_user_role_in(['new_role','new_role2']) )
echo 'The current user has role "new_role" or "new_role2"';
if( is_user_role_in(['new_role','new_role2'], 5) )
echo 'User 5 has role "new_role" or "new_role2"';Notes
- See: WP_User::has_cap()
- See: map_meta_cap()
Changelog
| Since 2.0.0 | Introduced. |
| Since 5.3.0 | Formalized the existing and already documented ...$args parameter by adding it to the function signature. |
| Since 5.8.0 | Converted to wrapper for the user_can() function. |
Code of current_user_can() current user can WP 5.8
function current_user_can( $capability, ...$args ) {
return user_can( wp_get_current_user(), $capability, ...$args );
}
