apply_filters( ‘user_has_cap’, bool[] $allcaps, string[] $caps, array $args, WP_User $user )

Dynamically filter a user’s capabilities.


Array of key/value pairs where keys represent a capability name and boolean values represent whether the user has that capability.
Required primitive capabilities for the requested capability.
Arguments that accompany the requested capability check.
  • string
    Requested capability.
  • 1 int
    Concerned user ID.
  • ...$2 mixed
    Optional second and further parameters, typically object ID.
The user object.

More Information

Passing in a numeric value to WP_User::has_cap() object has been deprecated. Passing a numeric value will generate a deprecated option warning if debugging mode is enabled via wp_config.php:

Usage of user levels by plugins and themes is deprecated. Use roles and capabilities instead.

This will occur if a plugin or a theme calls has_cap directly. The plugin or theme needs to be updated to use the new roles and capabilities classes.


$capabilities = apply_filters( 'user_has_cap', $this->allcaps, $caps, $args, $this );


3.7.0Added the $user parameter.

User Contributed Notes

  1. Skip to note 2 content
     * author_cap_filter()
     * Filter on the current_user_can() function.
     * This function is used to explicitly allow authors to edit contributors and other
     * authors posts if they are published or pending.
     * @param array $allcaps All the capabilities of the user
     * @param array $cap     [0] Required capability
     * @param array $args    [0] Requested capability
     *                       [1] User ID
     *                       [2] Associated object ID
    function author_cap_filter( $allcaps, $cap, $args ) {
    	// Bail out if we're not asking about a post:
    	if ( 'edit_post' != $args[0] )
    		return $allcaps;
    	// Bail out for users who can already edit others posts:
    	if ( $allcaps['edit_others_posts'] )
    		return $allcaps;
    	// Bail out for users who can't publish posts:
    	if ( !isset( $allcaps['publish_posts'] ) or !$allcaps['publish_posts'] )
    		return $allcaps;
    	// Load the post data:
    	$post = get_post( $args[2] );
    	// Bail out if the user is the post author:
    	if ( $args[1] == $post->post_author )
    		return $allcaps;
    	// Bail out if the post isn't pending or published:
    	if ( ( 'pending' != $post->post_status ) and ( 'publish' != $post->post_status ) )
    		return $allcaps;
    	// Load the author data:
    	$author = new WP_User( $post->post_author );
    	// Bail out if post author can edit others posts:
    	if ( $author->has_cap( 'edit_others_posts' ) )
    		return $allcaps;
    	$allcaps[$cap[0]] = true;
    	return $allcaps;
    add_filter( 'user_has_cap', 'author_cap_filter', 10, 3 );

You must log in before being able to contribute a note or feedback.