#20824 closed defect (bug) (wontfix)
current_user_can() bug with Super Admin
Reported by: | abdessamad idrissi | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | 3.3.2 |
Component: | Users | Keywords: | |
Focuses: | Cc: |
Description
If the logged in user is a super admin this returns true;
if (current_user_can('contributor')) echo 'current user is a contributor';
Normally it should return false as it does for administrator, author, editor and subscriber account types.
I spotted this while working in my localhost Multisite install then figured it doesn't work in the live standalone version!
Attachments (1)
Change History (11)
#1
@
13 years ago
- Milestone Awaiting Review deleted
- Resolution set to invalid
- Status changed from new to closed
#2
@
13 years ago
- Resolution invalid deleted
- Status changed from closed to reopened
But in the codex;
...this function accepts capability or role name.
The same thing is stated in the wp-includes/capabilities.php
So what to believe?
I don't want to check if user is super admin, I want to check if the user is contributor. Of course there's other techniques to make this happen but I just wanted to report a bug in this function as it fails when it comes to super admins.
#3
@
13 years ago
- Milestone set to Awaiting Review
I updated the codex page.
From WP_User::has_cap():
// Multisite super admin has all caps by definition, Unless specifically denied. if ( is_multisite() && is_super_admin( $this->ID ) ) { if ( in_array('do_not_allow', $caps) ) return false; return true; }
current_user_can('contributor')
usually works only because role names are mangled up with capability names. We should update the inline docs.
#5
@
13 years ago
Would be good to update the inline doc too so the codex page won't get wrongly re-modified!
#8
@
11 years ago
Considering comment:10:ticket:22624, should we close this ticket?
You should not pass role names to
current_user_can()
, only capabilities.Also, the only way to test for super-admins is by using is_super_admin().