科技改变生活-雨落星辰 - 所有的伟大,都源于一个勇敢的开始

    最新消息:雨落星辰是一个专注网站SEO优化、网站SEO诊断、搜索引擎研究、网络营销推广、网站策划运营及站长类的自媒体原创博客
    你的位置: 首页>programmer>rest api - current_user_can('administrator') returns false when I'm logged in

    rest api - current_user_can('administrator') returns false when I'm logged in

    programmeradmin2浏览0评论
      protected function isAdmin() : bool {
    $check = current_user_can('administrator');
    return $check; 
    // returns false as I am logged in as superadmin, refreshing the page for xdebug to run
  }

    $check also evaluates to false when using current_user_can('delete_site');

    My wordpress install is hosted on my local machine, Lubuntu 18.04 with apache2. Php 7.2. I can access the site by navigating to http://localhost/folderName in Google Chrome.

    I have cookie auth enabled and see my user cookie is present with the EditThisCookie Chrome extension.

    In the xdebug console (of Phpstorm 2019.2) I also get a false response:

    current_user_can('delete_site');
false

‌‌current_user_can('administrator');
‌false

    I have no issues navigating around the front or back end of the wordpress site as an Admin. I feel like this might be an environment issue due to the discrepency betwen the Chrome experience and what the plugin and Xdebug are catching.

    Does anyone know why I am running into this issue? 

      protected function isAdmin() : bool {
    $check = current_user_can('administrator');
    return $check; 
    // returns false as I am logged in as superadmin, refreshing the page for xdebug to run
  }

    $check also evaluates to false when using current_user_can('delete_site');

    My wordpress install is hosted on my local machine, Lubuntu 18.04 with apache2. Php 7.2. I can access the site by navigating to http://localhost/folderName in Google Chrome.

    I have cookie auth enabled and see my user cookie is present with the EditThisCookie Chrome extension.

    In the xdebug console (of Phpstorm 2019.2) I also get a false response:

    current_user_can('delete_site');
false

‌‌current_user_can('administrator');
‌false

    I have no issues navigating around the front or back end of the wordpress site as an Admin. I feel like this might be an environment issue due to the discrepency betwen the Chrome experience and what the plugin and Xdebug are catching.

    Does anyone know why I am running into this issue?

    • rest-api
    • authentication
    Share Improve this question asked Sep 1, 2019 at 17:45 Sean DSean D 3878 silver badges21 bronze badges 4
    • Where are you running this code? If you’re running it too early the current user won’t be set. – Jacob Peattie Commented Sep 2, 2019 at 3:34
    • @JacobPeattie It is being run in a rest api request handler callback. The admin user clicks on a delete icon next to a table row which executes the request. the request handler is hooked as an action to rest_api_init – Sean D Commented Sep 2, 2019 at 11:25
    • 1 You need to send a nonce with REST requests for the current user to be recognised: developer.wordpress/rest-api/using-the-rest-api/… – Jacob Peattie Commented Sep 2, 2019 at 15:12
    • @JacobPeattie the nonce solution turned out to be the right one, thank you – Sean D Commented Sep 2, 2019 at 15:22
    Add a comment  | 

    1 Answer 1

    Reset to default 1

    Normally for checking for administration privileges you have to check the “manage_options” capability, such as:

    current_user_can('manage_options')

    Alternatively, you want to list the roles with wp_get_current_user()->roles and ensure the “Administrator” role is in that array.

    The capabilities you are checking for do not exist in a vanilla install of wp.

    与本文相关的文章

    发布评论

    评论列表(0)

    1. 暂无评论