WordPress uses a combination of Roles and Capabilities to determine site access for admins, logged in users, and guests.
Capabilities determine what permissions or access a particular user has to parts of the WordPress code and/or plugin functionality.
A Role is essentially a group of permissions that define a set of tasks a user assigned the role is allowed to perform. The codex has a great deal more information. It’s a complex are of WordPress that gives a great deal of power to plugins.
WordPress has a set number of user roles: Subscriber, Contributor, Author, Editor, Administrator. For WordPress multi-site set-ups there is also the Super Admin / Network Admin.
Each user role has an increasing number of capabilities based on the CRUD philosophy: Create, Read, Update, Delete. The subscriber has the basic read only access, and the administrator full CRUD access to posts, pages, themes, plugins. Other roles are somewhere in-between.
Code snippets
Getting the logged in user’s role is relatively easy. WordPress sets a global variable: $current_user. There are other functions also capable of retrieving some or all of the user data. WordPress also sets a variable $wp_roles which contains all of the currently available roles – default and custom. Again there are built-in functions to access these:
/**
* Retrieve a list of available roles to build checkboxes
*
* @return array
*/
function get_roles() {
global $wp_roles;
$the_roles = $wp_roles->roles;
$roles = array();
foreach ( $the_roles as $k=>$v ) {
$roles[$k] = __( $v['name'], $this->text );
}
return $roles;
}
/**
* Get a user role. Assumes only one role, otherwise brings back first on list
*
* @return string
*/
function get_user_role() {
global $current_user;
$user_roles = $current_user->roles;
$user_role = array_shift($user_roles);
return $user_role;
}
/**
* Returns the translated role of the current user. If that user has
* no role for the current blog, it returns false.
*
* @return string The name of the current role
**/
function get_user_role_translate() {
global $wp_roles;
$current_user = wp_get_current_user();
$roles = $current_user->roles;
$role = array_shift($roles);
return ( isset( $wp_roles->role_names[$role] ) ) ? translate_user_role( $wp_roles->role_names[$role] ) : false;
}
/**
* Returns current user's role. Assumes single main role
*
* @return string
*/
function get_user_role() {
global $current_user;
//sometimes not set
if ( !($current_user instanceof WP_User) ) { return; }
// try again
$current_user = wp_get_current_user();
//last chance
if ( !($current_user instanceof WP_User) ) { return; }
//ok... has role get one
$user_roles = $current_user->roles;
$user_role = array_shift($user_roles);
return $user_role;
}
/**
* Sanitise roles
*
* @param array $values
* @return array
* @access public
*/
public function sanitize_roles( $values ) {
$multi_values = ( !is_array( $values ) ) ? explode( ',', $values ) : $values;
return ( empty( $multi_values ) ) ? array() : array_map( 'sanitize_text_field', $multi_values );
}
Users with multiple roles? Possible, though can get somewhat messy.