theme-check icon indicating copy to clipboard operation
theme-check copied to clipboard

Published 20 hours ago verified publisher icon WordPress

Do not use to use roles to check capability [Required]

Open grappler opened this issue 9 years ago • 1 comments

"Use edit_theme_options capability for determining user permission to edit options, rather than rely on a role (e.g. “administrator”), or a different capability (e.g. “edit_themes”, “manage_options”)."

Check for current_user_can('administrator'), user_can('administrator'), current_user_can_for_blog('administrator') and add_theme_page( 'Page title', 'menu title', 'administrator',) with roles andget_role().

The list of roles to check are: super_admin administrator editor author contributor subscriber

grappler avatar Mar 22 '16 19:03 grappler

manage_options is (correctly) used for example for admin notices, while edit_theme_options should be used for

  • Widgets
  • Menus
  • Customizer

The check can't differentiate between the types of options, manage_options can't be blocked because it would prevent valid use cases.

There are a large amount of themes using current_user_can( 'administrator' ) https://wpdirectory.net/search/01FFH4577PREDMNK0905DMYNVT

carolinan avatar Sep 14 '21 03:09 carolinan