Mark on WordPress

How to check if a WordPress user is an “administrator”

Posted in wordpress by Mark Jaquith on March 27th, 2006

WordPress 2.0 transitioned from a simple (but rather cryptic) user level system to a roles/capabilities model. In this new model, capabilities are granted to roles, and users are members of roles. Additionally, capabilities can be granted directly to a user. It’s extendable, flexible, and customizable.

There’s one problem, plugin authors who were used to restricting administration of their plugin to users of levels 8 and 9 have no idea what to do now that roles and capabilities are being used.

Some people are tempted to add their own special capability to the “administrator” role. This is a mistake! The “Administrator” role, while created by default, is not special. It is no different than any other role. You cannot assume that it even exists, or, if it does, that users with that role are the highest “level” of user. The names of the roles are meaningless. What matters is their capabilities… what they are allowed to do.

Other people might use the capability, but not add it to any existing users or roles (there is not yet a way of “registering” new capabilities). Unfortunately (in my mind), role management is not yet built in to WordPress, so for users to give that capability to their users, they’ll have to use a third party plugin. Only one exists that I know of, and it is not yet feature complete… using one particular unfinished feature can screw up your install pretty badly.

So right now, the best option is to tie your plugin to an existing capability. How you do this will depend on the plugin… obviously something related to posting could be tied to the edit_posts capability. But most authentication is used for the options page. The capability that you want to use is called manage_options. This is the closest thing to the old method of using level 8 as the minimum level. Basically, if someone can manage_options, they’re in control of the blog.

My advice on this might change eventually as role management plugins improve and an easy way of registering new capabilities is added to WordPress, but for the time being, this is the way to go.

<?php if ( current_user_can('manage_options') ) { do_something(); } ?>

One Response to 'How to check if a WordPress user is an “administrator”'

Subscribe to comments with RSS or TrackBack to 'How to check if a WordPress user is an “administrator”'.

  1. Abhijit Nadgouda said, on March 27th, 2006 at 11:37 pm

    I came across this when looking at the current_user global variable. I have tried to document the current_user_can function.

Leave a Reply