Make WordPress Core

Opened 13 years ago

Closed 11 years ago

Last modified 11 years ago

#20824 closed defect (bug) (wontfix)

current_user_can() bug with Super Admin

Reported by: abdessamad-idrissi's profile abdessamad idrissi Owned by:
Milestone: Priority: normal
Severity: normal Version: 3.3.2
Component: Users Keywords:
Focuses: Cc:

Description

If the logged in user is a super admin this returns true;

if (current_user_can('contributor')) echo 'current user is a contributor';

Normally it should return false as it does for administrator, author, editor and subscriber account types.

I spotted this while working in my localhost Multisite install then figured it doesn't work in the live standalone version!

Attachments (1)

capabilities.php.patch (3.8 KB) - added by rodrigosprimo 11 years ago.
Implementation of WP_Users->has_role() and current_user_has_role()

Download all attachments as: .zip

Change History (11)

#1 @scribu
13 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to invalid
  • Status changed from new to closed

You should not pass role names to current_user_can(), only capabilities.

Also, the only way to test for super-admins is by using is_super_admin().

Version 0, edited 13 years ago by scribu (next)

#2 @abdessamad idrissi
13 years ago

  • Resolution invalid deleted
  • Status changed from closed to reopened

But in the codex;

...this function accepts capability or role name.

The same thing is stated in the wp-includes/capabilities.php

So what to believe?

I don't want to check if user is super admin, I want to check if the user is contributor. Of course there's other techniques to make this happen but I just wanted to report a bug in this function as it fails when it comes to super admins.

#3 @scribu
13 years ago

  • Milestone set to Awaiting Review

I updated the codex page.

From WP_User::has_cap():

		// Multisite super admin has all caps by definition, Unless specifically denied.
		if ( is_multisite() && is_super_admin( $this->ID ) ) {
			if ( in_array('do_not_allow', $caps) )
				return false;
			return true;
		}

current_user_can('contributor') usually works only because role names are mangled up with capability names. We should update the inline docs.

#4 @scribu
13 years ago

In general, it would be nice to have WP_User->has_role('contributor').

Last edited 13 years ago by scribu (previous) (diff)

#5 @abdessamad idrissi
13 years ago

Would be good to update the inline doc too so the codex page won't get wrongly re-modified!

#7 @rodrigosprimo
11 years ago

  • Cc rodrigosprimo@… added

@rodrigosprimo
11 years ago

Implementation of WP_Users->has_role() and current_user_has_role()

#8 @rodrigosprimo
11 years ago

Considering comment:10:ticket:22624, should we close this ticket?

#9 @rodrigosprimo
11 years ago

  • Resolution set to wontfix
  • Status changed from reopened to closed

Nacin mentioned on a similar ticket that this is not going to be implemented:

comment:10:ticket:22624

#10 @DrewAPicture
11 years ago

  • Milestone Awaiting Review deleted
Note: See TracTickets for help on using tickets.