apply_filters( 'user_has_cap', bool[] $allcaps, string[] $caps, array $args, WP_User $user )

Dynamically filter a user’s capabilities.


$allcaps bool[]
Array of key/value pairs where keys represent a capability name and boolean values represent whether the user has that capability.
$caps string[]
Required primitive capabilities for the requested capability.
$args array
Arguments that accompany the requested capability check.
  • string
    Requested capability.
  • 1 int
    Concerned user ID.
  • ...$2 mixed
    Optional second and further parameters, typically object ID.
$user WP_User
The user object.

Top ↑

More Information

Passing in a numeric value to WP_User::has_cap() object has been deprecated. Passing a numeric value will generate a deprecated option warning if debugging mode is enabled via wp_config.php:

Usage of user levels by plugins and themes is deprecated. Use roles and capabilities instead.

This will occur if a plugin or a theme calls has_cap directly. The plugin or theme needs to be updated to use the new roles and capabilities classes.

Top ↑


File: wp-includes/class-wp-user.php. View all references

$capabilities = apply_filters( 'user_has_cap', $this->allcaps, $caps, $args, $this );

Top ↑


Version Description
3.7.0 Added the $user parameter.
2.0.0 Introduced.

Top ↑

User Contributed Notes

  1. Skip to note 1 content
    Contributed by Mayeenul Islam
     * author_cap_filter()
     * Filter on the current_user_can() function.
     * This function is used to explicitly allow authors to edit contributors and other
     * authors posts if they are published or pending.
     * @param array $allcaps All the capabilities of the user
     * @param array $cap     [0] Required capability
     * @param array $args    [0] Requested capability
     *                       [1] User ID
     *                       [2] Associated object ID
    function author_cap_filter( $allcaps, $cap, $args ) {
    	// Bail out if we're not asking about a post:
    	if ( 'edit_post' != $args[0] )
    		return $allcaps;
    	// Bail out for users who can already edit others posts:
    	if ( $allcaps['edit_others_posts'] )
    		return $allcaps;
    	// Bail out for users who can't publish posts:
    	if ( !isset( $allcaps['publish_posts'] ) or !$allcaps['publish_posts'] )
    		return $allcaps;
    	// Load the post data:
    	$post = get_post( $args[2] );
    	// Bail out if the user is the post author:
    	if ( $args[1] == $post->post_author )
    		return $allcaps;
    	// Bail out if the post isn't pending or published:
    	if ( ( 'pending' != $post->post_status ) and ( 'publish' != $post->post_status ) )
    		return $allcaps;
    	// Load the author data:
    	$author = new WP_User( $post->post_author );
    	// Bail out if post author can edit others posts:
    	if ( $author->has_cap( 'edit_others_posts' ) )
    		return $allcaps;
    	$allcaps[$cap[0]] = true;
    	return $allcaps;
    add_filter( 'user_has_cap', 'author_cap_filter', 10, 3 );

You must log in before being able to contribute a note or feedback.