Closed robbinrietdijk closed 2 years ago
Ah, yeah. Good spot. I remember using current_user_can
in another project for that same reason. I do recall finding it a bit vague in which capabilities one needs to evaluate. If you have suggestions, please add them to this issue 👍
Renamed the issue and assigned myself to it
Closing as #123 was merged.
In the PluginConfiguration class the function userIsAdmin() suggests a check for the current user having an admin role in WordPress. The WordPress function is_admin() doesn't check a users role, this function returns true for admin pages.
"Determines whether the current request is for an administrative interface page. Does not check if the user is an administrator; use current_user_can() for checking roles and capabilities."
See https://developer.wordpress.org/reference/functions/is_admin/