How can I check to see if the current logged-in user is an administrator or an editor?
I know how to do each individually:
<?php if(current_user_can('editor')) { ?> <!-- Stuff here for editors --> <?php } ?> <?php if(current_user_can('administrator')) { ?> <!-- Stuff here for administrators --> <?php } ?> But how do I work those in together? I.e., the user is an administrator or editor?
First answer, not WordPress-related because it is just only PHP: Use the logic "OR" operator:
<?php if( current_user_can('editor') || current_user_can('administrator') ) { ?> // Stuff here for administrators or editors <?php } ?> If you want to check more than two roles, you can check if the roles of the current user is inside an array of roles, something like:
$user = wp_get_current_user(); $allowed_roles = array('editor', 'administrator', 'author'); <?php if( array_intersect($allowed_roles, $user->roles ) ) { ?> // Stuff here for allowed roles <?php } ?> However, current_user_can can be used not only with users' role name, but also with capabilities.
So, once both editors and administrators can edit pages, your life can be easier checking for those capabilities:
<?php if( current_user_can('edit_others_pages') ) { ?> // Stuff here for user roles that can edit pages: editors and administrators <?php } ?> Have a look here for more information on capabilities.
is_logged_in(); ? current_user_can() always returns false if the user is not logged in, and wp_get_current_user() will return an user without any role if the user is not logged in, so the array_intersect() will always be false. current_user_can() function, we can see the line "While checking against particular roles in place of a capability is supported in part, this practice is discouraged as it may produce unreliable results". So I think it would be better to avoid using roles while checking for a user's capability :-) array_intersect($allowed_roles, (array)$user->roles ) will work with no issues. current_user_can for checking roles. It is documented in the API as legitimate usage, end of story. Is it smart to do? depends on the context First, current_user_can() should not be used to check a user's role - it should be used to check if a user has a specific capability.
Second, rather than being concerned with the user's role but instead focusing on capabilities, you don't have to bother with doing things like the problem asked about in the original question (which is checking if the user is an administrator OR an editor). Instead, if current_user_can() was being used as intended, which is to check for a user's capabilities, not their role, you wouldn't need the conditional check to contain an "or" (||) test. For example:
if ( current_user_can( 'edit_pages' ) ) { ...
edit_pages is a capability of both administrator and editor roles, but not any lower roles such as authors. This is how current_user_can() was intended to be used.
current_user_can should generally be used for capabilities, not roles. current_user_can(). If you want to check roles by key then perform a role check instead of a cap check :) current_user_can() is not an option. Also, my comment is more security based. For example, if you want to restrict content for specific users in most cases a capability check is sufficient for this task. As @butlerblog reply stated, you should not use current_user_can to check against a role
This notice is specifically added in the PHP documentation of has_cap function which is called by current_user_can
While checking against a role in place of a capability is supported in part, this practice is discouraged as it may produce unreliable results.
The CORRECT way to do this is to get the user and check the $user->roles, like this:
if( ! function_exists( 'current_user_has_role' ) ){ function current_user_has_role( $role ) { $user = get_userdata( get_current_user_id() ); if( ! $user || ! $user->roles ){ return false; } if( is_array( $role ) ){ return array_intersect( $role, (array) $user->roles ) ? true : false; } return in_array( $role, (array) $user->roles ); } } Here's some helper functions I use to do this (as sometimes i don't want just current user):
if( ! function_exists( 'current_user_has_role' ) ){ function current_user_has_role( $role ){ return user_has_role_by_user_id( get_current_user_id(), $role ); } } if( ! function_exists( 'get_user_roles_by_user_id' ) ){ function get_user_roles_by_user_id( $user_id ) { $user = get_userdata( $user_id ); return empty( $user ) ? array() : $user->roles; } } if( ! function_exists( 'user_has_role_by_user_id' ) ){ function user_has_role_by_user_id( $user_id, $role ) { $user_roles = get_user_roles_by_user_id( $user_id ); if( is_array( $role ) ){ return array_intersect( $role, $user_roles ) ? true : false; } return in_array( $role, $user_roles ); } } Then you can just do this:
current_user_has_role( 'editor' );
or
current_user_has_role( array( 'editor', 'administrator' ) );
current_user_can is perfectly fine, actually, that's exactly the way to go. The fact that is preferable to use capabilities to "protect" operations is a different topic. Knowing the role of a user might be a legitimate thing, and in that case, current_user_can is perfectly fine to use. current_user_can documentation page. Seems the documentation and your comment are contradicting, although I do understand what you're saying. With that said though, $roles is a public property on WP_User object and has been since 2.0.0. developer.wordpress.org/reference/functions/current_user_can current_user_can with role name is just fine. current_user_can has filters, for example, developer.wordpress.org/reference/hooks/user_has_cap or developer.wordpress.org/reference/hooks/map_meta_cap. If a plugin or anything is using those filters to change what current_user_can returns, by directly checking roles property you're gonna miss the filters, and thus reducing the compatibility of your code with others code. For admin
$current_user = wp_get_current_user(); if (!in_array('administrator', $current_user->roles)) { //do something } For editor
$current_user = wp_get_current_user(); if (!in_array('editor', $current_user->roles)) { //do something } Please note that is only working if you want to check the roles of the current user, if you need to check for any other specific user, you need to use get_user_by (https://developer.wordpress.org/reference/functions/get_user_by/) or similar methods to retrieve the user you want to check
<?php if( current_user_can('editor')) : echo "welcome"; elseif( current_user_can('member')) : echo "welcome"; else : wp_die("<h2>To view this page you must first <a href='". wp_login_url(get_permalink()) ."' title='Login'>log in</a></h2>"); endif; ?> The correct answers to the above solution-question are by else programming basic:
if( current_user_can('administrator')) { <!-- only administrator will see this message --> } else { if( wp_get_current_user('editor')) { <!-- only editor but no administrator will see this message --> ?> <style type="text/css">#perhapsDIVremovalidentifier{ display:none; </style> } <?php } else { <!-- the user is neither editor or administrator --> }} Brief: The administrator is found, but if we push editor the administrator is as well found. So we just let the administrator pass through and identify the editor only.
Remember you should always use this code to call that above to minimize cpu code usage:
if(is_user_logged_in()){} 
if( current_user_can('editor') || current_user_can('administrator') )