Note to self: user_has_cap doesn’t do what you think it does.

The WordPress filter user_has_cap is a bit misleading. It doesn’t (as the name suggested to me) return a boolean indicating whether the user has a given capability. Instead it allows last minute filtering of the capabilities that a user has, allowing you to add and remove caps just before they are checked against those required for the particular action.

The arguments are:

  • $allcaps
    • The array of caps that the given user has assigned to them
  • $caps
    • The array of caps required for the current action
    • Has already been filtered through map_meta_caps
  • $args
    • Additional arguments passed to the has_cap() method of the user object
    • May contain post ID or other info needed for cap check

A user_has_cap filter might make additional checks against the user and then set or unset the relevant capability in the $allcaps array before returning it.

Leave a Reply