current_user_can() WP 2.0.0

Whether the current user has a specific capability.

No Hooks.

Return

true/false. Whether the current user has the given capability. If $capability is a meta cap and $object_id is passed, whether the current user has the given meta capability for the given object.

Usage

current_user_can( $capability );

$capability(string) (required)

Capability name. See here for the list of roles and capabilities.

$object_id(int) (required)

ID of the specific object to check against if $capability is a "meta" cap.

"Meta" capabilities, e.g. 'edit_post', 'edit_user', etc., are capabilities used by map_meta_cap() to map to other "primitive" capabilities, e.g. 'edit_posts', 'edit_others_posts', etc. Accessed via func_get_args() and passed to WP_User::has_cap(), then map_meta_cap().

Basic capabilities

More details here

Meta capabilities

Above is a list of primitive capabilities, but there are also meta capabilities – they have additional parameters, for example edit_post (the capability to edit the specified post) need ID of the post:

if( current_user_can('edit_post', 123) ) {
	 echo 'Current user can edit post 123'.
}

The list of meta-capabilities:

delete_user
edit_user
remove_user
promote_user
delete_post
delete_page
edit_post
edit_page
edit_comment
read_post
read_page

edit_term                   — WP 4.7.
delete_term                 — WP 4.7 —
assign_term                 — WP 4.7 —
activate_plugin             — WP 4.9 — current_user_can( 'activate_plugin', 'my-plugin/my-plugin.php' )
deactivate_plugin           — WP 4.9 — current_user_can( 'deactivate_plugin', 'my-plugin/my-plugin.php' )

export_others_personal_data — WP 4.9.6 — is_multisite() ? 'manage_network' : 'manage_options'
erase_others_personal_data  — WP 4.9.6 — is_multisite() ? 'manage_network' : 'manage_options'
manage_privacy_options      — WP 4.9.6 — is_multisite() ? 'manage_network' : 'manage_options'

Learn more about meta-capabilities here: map_meta_cap()

Examples

#1 Whether a user is an administrator

if( current_user_can('manage_options') ){
	echo "The user can manage options!";
}

#2 Use user_can() to check the capabilities of the current user

global $user;
if( user_can($user->ID, 'manage_options') ){
	// do something
};

manage_options - administrator's capibility

#3 Using $object_id

if( current_user_can('edit_post', 123) ) {
	 echo 'Current user can edit post 123'.
}

#4 Check the capability for specific taxonomy item

Since 4.7 you can check the capabilities for specific terms using edit_term, delete_term, assign_term.

This example displays a link for editing term item only if the user has specific capability:

if( current_user_can('edit_term', $term_id) ){
	echo '<a href="'. get_edit_term_link( $term_id ) .'">Edit.</a>';
}

Verify the role of the current user

Don't pass the name of the role to this function because the verification may work incorrectly. An example of how not to do it:

// if the current user is editor, the function returns:
current_user_can('administrator') // false
current_user_can('editor') // true
current_user_can('contributor') // false
current_user_can('subscriber') // false

Instead, you can use:

#1 First function

/**
 * Checks the role of a specific user.
 *
 * @param string $role Name of the role.
 * @param bool $user_id (optional) User ID to check the role against.
 * @return bool
 */
function is_user_role( $role, $user_id = null ) {
	$user = is_numeric( $user_id ) ? get_userdata( $user_id ) : wp_get_current_user();

	if( ! $user )
		return false;

	return in_array( $role, (array) $user->roles );
}

// Using for the current user
if( is_user_role( 'customer' ) )
	echo "Yeap";
else
	echo "Nope";

// Using for the specific user.
$user_id = 23;

if ( is_user_role( 'customer', $user_id ) )
	echo "Yeap";
else
	echo "Nope";

#2 Second function

I wrote this function in the process of working on one of the projects, now I use it periodically:

## Checks if the specified role is in the roles of the current (or specified) user
## $roles string/array - name of the role to check the user against
function is_user_role_in( $roles, $user = false ){
	if( ! $user )           $user = wp_get_current_user();
	if( is_numeric($user) ) $user = get_userdata( $user );

	if( empty($user->ID) )
		return false;

	foreach( (array) $roles as $role )
		if( isset($user->caps[ $role ]) || in_array($role, $user->roles) )
			return true;

	return false;
}

// Examples of usage
if( is_user_role_in(['new_role','new_role2']) )
	echo 'The current user has role "new_role" or "new_role2"';

if( is_user_role_in(['new_role','new_role2'], 5) )
	echo 'User 5 has role "new_role" or "new_role2"';

Notes

• See: WP_User::has_cap()
• See: map_meta_cap()

Changelog

Code of current_user_can() current user can ^{WP 5.5.1}

<?php
function current_user_can( $capability, ...$args ) {
	$current_user = wp_get_current_user();

	if ( empty( $current_user ) ) {
		return false;
	}

	return $current_user->has_cap( $capability, ...$args );
}

Related Functions

From tag: Roles capabilities

More from tag: Site security (safety)

More from tag: Users (_user)