Replace is_admin() with current_user_can('administrator')

coyote-team / coyote-wp

Wordpress Plug-in for Coyote

2 stars 2 forks source link

Replace is_admin() with current_user_can('administrator') #121

Closed robbinrietdijk closed 2 years ago

robbinrietdijk commented 2 years ago

In the PluginConfiguration class the function userIsAdmin() suggests a check for the current user having an admin role in WordPress. The WordPress function is_admin() doesn't check a users role, this function returns true for admin pages.

"Determines whether the current request is for an administrative interface page. Does not check if the user is an administrator; use current_user_can() for checking roles and capabilities."

See https://developer.wordpress.org/reference/functions/is_admin/

jkva commented 2 years ago

Ah, yeah. Good spot. I remember using current_user_can in another project for that same reason. I do recall finding it a bit vague in which capabilities one needs to evaluate. If you have suggestions, please add them to this issue 👍

robbinrietdijk commented 2 years ago

Renamed the issue and assigned myself to it

jkva commented 2 years ago

Closing as #123 was merged.