如果当前用户是管理员或编辑者

Question

如果当前用户是管理员或编辑者

- 124
- 270939 2014-01-30
如何查看当前登录用户是管理员还是编辑者?

我知道每个人如何做:

<?php if(current_user_can('editor')) { ?>  <?php } ?> <?php if(current_user_can('administrator')) { ?>  <?php } ?>

但是我如何一起工作呢?即用户是管理员还是编辑者?
How can I check to see if the current logged-in user is an administrator or an editor?

I know how to do each individually:

<?php if(current_user_can('editor')) { ?>  <?php } ?> <?php if(current_user_can('administrator')) { ?>  <?php } ?>

But how do I work those in together? I.e., the user is an administrator or editor?
users user-roles
- 原文
- andy

- `if(current_user_can('editor')|| current_user_can('administrator'))`
  
  `if( current_user_can('editor') || current_user_can('administrator') )`
  - 10
  - 2014-01-30
  - Shazzad

5 个回答

投票数

- 12
- 2019-01-06
首先,不应使用current_user_can()检查用户的角色-应该使用它检查用户是否具有特定的功能.

第二,您不必担心用户的角色,而是专注于功能,而不必费心做诸如原始问题(即检查用户是管理员还是其他用户)中的问题之类的事情.编辑).相反,如果按预期使用current_user_can()(用于检查用户的功能,而不是不),则不需要条件检查就可以包含"或"(||)测试.例如:

if ( current_user_can( 'edit_pages' ) ) { ...

edit_pages具有管理员和编辑者角色的功能,但不能具有任何较低的角色,例如作者.这就是打算使用current_user_can()的方式.

First, current_user_can() should not be used to check a user's role - it should be used to check if a user has a specific capability.

Second, rather than being concerned with the user's role but instead focusing on capabilities, you don't have to bother with doing things like the problem asked about in the original question (which is checking if the user is an administrator OR an editor). Instead, if current_user_can() was being used as intended, which is to check for a user's capabilities, not their role, you wouldn't need the conditional check to contain an "or" (||) test. For example:

if ( current_user_can( 'edit_pages' ) ) { ...

edit_pages is a capability of both administrator and editor roles, but not any lower roles such as authors. This is how current_user_can() was intended to be used.
- **请注意**:高级WP开发人员同意此答案.您应尽量避免角色检查,使用功能.我目前正在一个只有多个角色的项目中,这些角色仅具有"读取"上限.唯一的解决方案是为我检查角色.抱歉,找不到链接,这是有关WP Github的公开讨论.
  
  **Please note**: High level WP devs agree with this answer. You should try to avoid role checking as much as possible, use capabilties. I'm currently working on a project with multiple roles that only have the 'read' cap. The only solution is role checking for me. Sorry, I can't find the link, it was an open discussion on the WP Github.
  - 3
  - 2019-04-26
  - Bjorn
- IMO,这应该是公认的答案.通常,current_user_can应该用于功能,而不是角色.
  
  This should be the accepted answer, IMO. `current_user_can` should generally be used for capabilities, not roles.
  - 1
  - 2019-05-13
  - Armstrongest
- 为此+1,避免通过current_user_can()检查角色.如果要按键检查角色,请执行角色检查而不是上限检查:)
  
  +1 to this, avoid checking roles via `current_user_can()`. If you want to check roles by key then perform a role check instead of a cap check :)
  - 0
  - 2020-03-05
  - William Patton
- 那么,用于显式且安全地检查用户角色的正确功能是什么?似乎很难找到(如果存在).@比约恩
  
  What is the proper function then, for checking user roles explicitly & safely? It seems, it's a bit hard to find that (if exists). @Bjorn
  - 0
  - 2020-04-15
  - Viktor Borítás
- @ViktorBorítás此页面上有多个有效的解决方案.但是仅当" current_user_can()"不是一个选项时才使用它们.另外,我的评论更多基于安全性.例如,如果您想在大多数情况下限制特定用户的内容,则功能检查足以完成此任务.
  
  @Viktor Borítás There are multiple valid solutions on this page. But only use them if `current_user_can()` is not an option. Also, my comment is more security based. For example, if you want to restrict content for specific users in most cases a capability check is sufficient for this task.
  - 1
  - 2020-04-16
  - Bjorn

2

2019-08-26

正如@butlerblog回复所述,您不应使用current_user_can检查角色

此声明专门添加在has_cap函数的PHP文档中,该文档由current_user_can

调用

虽然部分支持针对角色代替功能进行检查,但不鼓励这种做法,因为它可能会产生不可靠的结果.

正确的方法是获取用户并检查$user->roles,如下所示:

 if( ! function_exists( 'current_user_has_role' ) ){
    function current_user_has_role( $role ) {

        $user = get_userdata( get_current_user_id() );
        if( ! $user || ! $user->roles ){
            return false;
        }

        if( is_array( $role ) ){
            return array_intersect( $role, (array) $user->roles ) ? true : false;
        }

        return in_array( $role, (array) $user->roles );
    }
}

以下是我用来执行此操作的一些辅助功能(因为有时我不想要当前用户):

 if( ! function_exists( 'current_user_has_role' ) ){
    function current_user_has_role( $role ){
        return user_has_role_by_user_id( get_current_user_id(), $role );
    }
}

if( ! function_exists( 'get_user_roles_by_user_id' ) ){
    function get_user_roles_by_user_id( $user_id ) {
        $user = get_userdata( $user_id );
        return empty( $user ) ? array() : $user->roles;
    }
}

if( ! function_exists( 'user_has_role_by_user_id' ) ){
    function user_has_role_by_user_id( $user_id, $role ) {

        $user_roles = get_user_roles_by_user_id( $user_id );

        if( is_array( $role ) ){
            return array_intersect( $role, $user_roles ) ? true : false;
        }

        return in_array( $role, $user_roles );
    }
}

然后您可以执行以下操作:

current_user_has_role( 'editor' );

或

current_user_has_role( array( 'editor', 'administrator' ) );

As @butlerblog reply stated, you should not use current_user_can to check against a role

This notice is specifically added in the PHP documentation of has_cap function which is called by current_user_can

While checking against a role in place of a capability is supported in part, this practice is discouraged as it may produce unreliable results.

The CORRECT way to do this is to get the user and check the $user->roles, like this:

if( ! function_exists( 'current_user_has_role' ) ){
    function current_user_has_role( $role ) {

        $user = get_userdata( get_current_user_id() );
        if( ! $user || ! $user->roles ){
            return false;
        }

        if( is_array( $role ) ){
            return array_intersect( $role, (array) $user->roles ) ? true : false;
        }

        return in_array( $role, (array) $user->roles );
    }
}

Here's some helper functions I use to do this (as sometimes i don't want just current user):

if( ! function_exists( 'current_user_has_role' ) ){
    function current_user_has_role( $role ){
        return user_has_role_by_user_id( get_current_user_id(), $role );
    }
}

if( ! function_exists( 'get_user_roles_by_user_id' ) ){
    function get_user_roles_by_user_id( $user_id ) {
        $user = get_userdata( $user_id );
        return empty( $user ) ? array() : $user->roles;
    }
}

if( ! function_exists( 'user_has_role_by_user_id' ) ){
    function user_has_role_by_user_id( $user_id, $role ) {

        $user_roles = get_user_roles_by_user_id( $user_id );

        if( is_array( $role ) ){
            return array_intersect( $role, $user_roles ) ? true : false;
        }

        return in_array( $role, $user_roles );
    }
}

Then you can just do this:

current_user_has_role( 'editor' );

or

current_user_has_role( array( 'editor', 'administrator' ) );

- -1
- 2016-09-29
<?php if( current_user_can('editor')) : echo "welcome"; elseif( current_user_can('member')) : echo "welcome"; else : wp_die("<h2>To view this page you must first <a href='". wp_login_url(get_permalink()) ."' title='Login'>log in</a></h2>"); endif; ?>
<?php if( current_user_can('editor')) : echo "welcome"; elseif( current_user_can('member')) : echo "welcome"; else : wp_die("<h2>To view this page you must first <a href='". wp_login_url(get_permalink()) ."' title='Login'>log in</a></h2>"); endif; ?>
- 如果您能解释一下它如何帮助OP,那就太好了.
  
  It would be great if you could explain as how it helps OP.
  - 1
  - 2016-09-29
  - bravokeyl
- 您可以只查看该页面的"编辑者"或"成员",您可以直接在generic-page.php中发布此代码
  
  You can allow to see the page only "editor" or "member" you can post this code direct in generic-page.php
  - 0
  - 2016-09-29
  - seowmx
- 请不要只是丢弃代码.添加评论和一些解释,这将如何解决发问者问题.
  
  Please don't just drop code. Add comments and some explanation how this solves the askers problem.
  - 5
  - 2016-09-29
  - kraftner
- 那么您的答案是每个角色的代码重复吗?
  
  So your answer is code duplication for each role?
  - 0
  - 2019-10-22
  - Julix
- -1
- 2020-06-03
上述解决方案问题的正确答案是通过其他方式进行编程:

if( current_user_can('administrator')) {  } else { if( wp_get_current_user('editor')) {  ?> <style type="text/css">#perhapsDIVremovalidentifier{ display:none; </style> } <?php } else {  }}

简述:找到了管理员,但是如果我们按下编辑器,也会找到管理员.因此,我们只允许管理员通过并仅标识编辑器.

请记住,您应该始终使用此代码在上面进行调用,以最大程度地减少cpu代码的使用:

if(is_user_logged_in()){}
The correct answers to the above solution-question are by else programming basic:

if( current_user_can('administrator')) {  } else { if( wp_get_current_user('editor')) {  ?> <style type="text/css">#perhapsDIVremovalidentifier{ display:none; </style> } <?php } else {  }}

Brief: The administrator is found, but if we push editor the administrator is as well found. So we just let the administrator pass through and identify the editor only.

Remember you should always use this code to call that above to minimize cpu code usage:

if(is_user_logged_in()){}
- 这正是"问题"中所说的,也是作者所不希望的.
  
  That is exactly what is stated in the **question**, and what the author doesn't want.
  - 0
  - 2020-06-03
  - fuxia
- 我添加了简短的信息,以免造成误会.我很难遵循其他规则.
  
  I've added brief so that we have no misunderstanding. It was hard to follow the else rules I believe.
  - 0
  - 2020-06-04
  - Dealazer

gmazzap · Accepted Answer · 2014-01-30

238

2014-01-30

第一个答案,而不是与WordPress相关的,因为它只是PHP:使用逻辑"或"运算符:

 <?php if( current_user_can('editor') || current_user_can('administrator') ) {  ?>
    // Stuff here for administrators or editors
<?php } ?>

如果要检查两个以上的角色,则可以检查当前用户的角色是否在一系列角色中,例如:

 $user = wp_get_current_user();
$allowed_roles = array('editor', 'administrator', 'author');
<?php if( array_intersect($allowed_roles, $user->roles ) ) {  ?>
   // Stuff here for allowed roles
<?php } ?>

但是, current_user_can 不仅可以用于用户角色名称,还具有功能.

因此,一旦编辑者和管理员都可以编辑页面,则可以更轻松地检查这些功能:

 <?php if( current_user_can('edit_others_pages') ) {  ?>
    // Stuff here for user roles that can edit pages: editors and administrators
<?php } ?>

在此处中查看有关功能的更多信息.

>

First answer, not WordPress-related because it is just only PHP: Use the logic "OR" operator:

<?php if( current_user_can('editor') || current_user_can('administrator') ) {  ?>
    // Stuff here for administrators or editors
<?php } ?>

If you want to check more than two roles, you can check if the roles of the current user is inside an array of roles, something like:

$user = wp_get_current_user();
$allowed_roles = array('editor', 'administrator', 'author');
<?php if( array_intersect($allowed_roles, $user->roles ) ) {  ?>
   // Stuff here for allowed roles
<?php } ?>

However, current_user_can can be used not only with users' role name, but also with capabilities.

So, once both editors and administrators can edit pages, your life can be easier checking for those capabilities:

<?php if( current_user_can('edit_others_pages') ) {  ?>
    // Stuff here for user roles that can edit pages: editors and administrators
<?php } ?>

Have a look here for more information on capabilities.

您是否需要检查`is_logged_in();`吗?

do you need to check if `is_logged_in();` ?
- 1
- 2017-05-01
- RobBenz
@RobBenz不,在任何情况下.因为如果当前用户未登录,那么current_user_can()总是返回false；如果未登录,wp_get_current_user()将返回没有任何角色的用户,因此array_intersect()将始终为false.

@RobBenz no, in any of the cases. Because `current_user_can()` always returns false if the user is not logged in, and `wp_get_current_user()` will return an user without any role if the user is not logged in, so the `array_intersect()` will always be false.
- 3
- 2017-05-01
- gmazzap
在current_user_can()函数的PHPDoc中,我们可以看到"以下内容:_虽然部分支持针对特定角色进行检查,但是不鼓励这种做法,因为它可能会产生不可靠的结果_".因此,我认为最好在检查用户能力时避免使用角色:-)

In the PHPDoc of the `current_user_can()` function, we can see the line "_While checking against particular roles in place of a capability is supported in part, this practice is discouraged as it may produce unreliable results_". So I think it would be better to avoid using roles while checking for a user's capability :-)
- 3
- 2017-09-01
- Erenor Paz
当我使用array_intersect方法时,我在服务器错误日志中收到一条PHP警告:array_intersect():参数2不是数组.这是因为要检查的用户只有一个角色吗?

When I use the `array_intersect` method, I get a PHP warning in our server error log saying `array_intersect(): Argument #2 is not an array`. Is this because the user(s) it's checking only have one Role?
- 0
- 2018-01-23
- Garconis
@Garconis通常它应该是一个数组.由于某种原因,对您来说它似乎不是数组.`array_intersect($ allowed_roles,(array)$ user-> roles)`可以正常工作.

@Garconis normally it should be an array. For some reason it seems for you is not an array. `array_intersect($allowed_roles, (array)$user->roles )` will work with no issues.
- 0
- 2018-01-25
- gmazzap
我建议不要检查角色...而不是检查功能.删除或向一组角色添加功能更容易……更明确.例如," current_user_can('edit_orderform')" ...也许Salesrep应该只能编辑订单...但没有添加内容的权利.显式授予该功能是比用户角色更明确的权限结构.在大型组织中,人们戴着很多帽子.您可以使订阅者拥有比阅读更多的访问权限.

I'd advise against checking against roles... and rather against capabilities. It's easier to remove or add a capability to a set of roles... it's more explicit. `current_user_can('edit_orderform')` for example... maybe a Salesrep should ONLY be able to edit the order form... but not have the rights to add content. Explicitly granting that capability is a more explicit permissions structure than what role a user is. People wear multiple hats in larger organizations. you can have subscribers that have more access than just reading.
- 0
- 2019-05-13
- Armstrongest