I'm looking to restrict all users (other than admins) to only be able to upload images e.g JPG's and PNGs allowed for all users but still allow admins to upload pdfs etc. (Or even better would be to only prevent unregistered users from uploading anything other than JPGs and PNGs!)

I've been trying the following functions.php code but it still seems to restrict admins from uploading PDFs:

add_filter('upload_mimes','restict_mime'); 
function restict_mime($mimes) { 
if(!current_user_can(‘administrator’)){
    $mimes = array( 
                'jpg|jpeg|jpe' => 'image/jpeg', 
                'png' => 'image/png', 
    ); 
}
    return $mimes;
}

Any ideas?

I'm looking to restrict all users (other than admins) to only be able to upload images e.g JPG's and PNGs allowed for all users but still allow admins to upload pdfs etc. (Or even better would be to only prevent unregistered users from uploading anything other than JPGs and PNGs!)

I've been trying the following functions.php code but it still seems to restrict admins from uploading PDFs:

add_filter('upload_mimes','restict_mime'); 
function restict_mime($mimes) { 
if(!current_user_can(‘administrator’)){
    $mimes = array( 
                'jpg|jpeg|jpe' => 'image/jpeg', 
                'png' => 'image/png', 
    ); 
}
    return $mimes;
}

Any ideas?

• php
• functions
• uploads

• Hi, welcome to SE. Did you exactly copy this code to your functions.php? The input value for current_user_can() is wrapped with ‘ and ’, you should use ' instead. – Johansson Commented Apr 18, 2017 at 8:33
• I can't believe I overlooked such a simple thing @JackJohansson. Thankyou! That's done the trick as far as I can tell :) – Ctyldsley Commented Apr 18, 2017 at 15:19
• You are welcome! Happens sometimes, hours of investigation ends into a single period or comma! :D – Johansson Commented Apr 18, 2017 at 16:47
• I've posted an answer for future visitors. If it fully solved your problem, please do consider marking it as accepted. – Johansson Commented Apr 18, 2017 at 18:10
• 1 using a user role in current_user_can() will likely trigger a _doing_it_wrong() in the near future. Instead of a role, you should be using a capability with that function. – Nathan Johnson Commented Apr 18, 2017 at 18:12

2 Answers 2

There is a syntax error in your conditional:

current_user_can(‘administrator’)

The input value is wrapped in ‘ ’, which should be wrapped in ' ' instead. Right now, because ‘administrator’ is neither a role nor capability, the above will always return a false value, therefore

if(!current_user_can(‘administrator’))

will always return true, which will restrict the mime type for everyone, including administrators. The correct form will be :

if( !current_user_can('administrator') ) { 
    //CODE HERE
}

The reason your code wasn't working is because you have a typographical error in your code. That code is actually triggering an error. You can enable debug mode to see the error.

But that's not really what's wrong with you code. What's really wrong is that you are using a function that checks a user capability and trying to check a user's role. This works because of how WordPress handles roles and capabilities, but it is not the correct way to check a user's role.

In fact, using a user role in current_user_can() will likely trigger a _doing_it_wrong() in the near future. See #38653 Trigger a doing it wrong when checking a role name as a capability. Using current_user_can() to check a user role has been wrong for a very long time. See this 2006 post, How to check if a WordPress user is an “administrator”, by WordPress lead developer Mark Jaquith

Instead of a role, you should be using a capability with that function.

If you want to check a user's role, then you should do something like the following. There's really no good way to check what role a user has, because they can have multiple roles, and because the user capabilities are not guaranteed to be the same as the roles they are a part of.

add_filter( 'upload_mimes', 'wpse_263936_upload_mimes' ); 
function wpse_263936_upload_mimes( $mimes ) { 
  if( ! in_array( 'administrator', wp_get_current_user()->roles ) ) {
    $mimes = array( 
      'jpg|jpeg|jpe' => 'image/jpeg', 
      'png' => 'image/png', 
    );
  }
  return $mimes;
}

If you want to continue using current_user_can(), you should check a capability such as promote_users or manage_options which by default is only applied to the administrator role.

add_filter( 'upload_mimes', 'wpse_263936_upload_mimes' ); 
function wpse_263936_upload_mimes( $mimes ) { 
  if( ! current_user_can( 'promote_users' ) ) {
    $mimes = array( 
      'jpg|jpeg|jpe' => 'image/jpeg', 
      'png' => 'image/png', 
    );
  }
  return $mimes;
}

Or you could even define the ALLOW_UNFILTERED_UPLOADS constant in your wp-config.php and add the unfiltered_upload capability to the administrator role and check for that.