If the current user is an administrator or editor

  • How can I check to see if the current logged-in user is an administrator or an editor?

    I know how to do each individually:

    <?php if(current_user_can('editor')) { ?> 
        <!-- Stuff here for editors -->
    <?php } ?>
    <?php if(current_user_can('administrator')) { ?>
        <!-- Stuff here for administrators -->
    <?php } ?>

    But how do I work those in together? I.e., the user is an administrator or editor?

    `if( current_user_can('editor') || current_user_can('administrator') )`

  • gmazzap

    gmazzap Correct answer

    7 years ago

    First answer, not WordPress-related because it is just only PHP: Use the logic "OR" operator:

    <?php if( current_user_can('editor') || current_user_can('administrator') ) {  ?>
        // Stuff here for administrators or editors
    <?php } ?>

    If you want to check more than two roles, you can check if the roles of the current user is inside an array of roles, something like:

    $user = wp_get_current_user();
    $allowed_roles = array('editor', 'administrator', 'author');
    <?php if( array_intersect($allowed_roles, $user->roles ) ) {  ?>
       // Stuff here for allowed roles
    <?php } ?>

    However, current_user_can can be used not only with users' role name, but also with capabilities.

    So, once both editors and administrators can edit pages, your life can be easier checking for those capabilities:

    <?php if( current_user_can('edit_others_pages') ) {  ?>
        // Stuff here for user roles that can edit pages: editors and administrators
    <?php } ?>

    Have a look here for more information on capabilities.

    do you need to check if `is_logged_in();` ?

    @RobBenz no, in any of the cases. Because `current_user_can()` always returns false if the user is not logged in, and `wp_get_current_user()` will return an user without any role if the user is not logged in, so the `array_intersect()` will always be false.

    In the PHPDoc of the `current_user_can()` function, we can see the line "_While checking against particular roles in place of a capability is supported in part, this practice is discouraged as it may produce unreliable results_". So I think it would be better to avoid using roles while checking for a user's capability :-)

    When I use the `array_intersect` method, I get a PHP warning in our server error log saying `array_intersect(): Argument #2 is not an array`. Is this because the user(s) it's checking only have one Role?

    @Garconis normally it should be an array. For some reason it seems for you is not an array. `array_intersect($allowed_roles, (array)$user->roles )` will work with no issues.

    I'd advise against checking against roles... and rather against capabilities. It's easier to remove or add a capability to a set of roles... it's more explicit. `current_user_can('edit_orderform')` for example... maybe a Salesrep should ONLY be able to edit the order form... but not have the rights to add content. Explicitly granting that capability is a more explicit permissions structure than what role a user is. People wear multiple hats in larger organizations. you can have subscribers that have more access than just reading.

License under CC-BY-SA with attribution

Content dated before 6/26/2020 9:53 AM