You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
For arcane purposes, user roles are available to be checked using current_user_can() but it definitely is not best practice, even if it works 90% of the time. Usually, managing capabilities is a much better way of going about it.
the common example of why it’s not a great practice to use current_user_can() to check for roles is with super admins in multi-sites: super admins will always pass current_user_can( 'editor' ) but might not actually have that role on the site
Replacing the code above with something like the following would circumvent that issue:
Followed up with @jomurgel privately and it turned out this was not Fieldmanager itself, but rather, some custom code on a site. We audited Fieldmanager's use of current_user_can() and all looks good, so we can resolve this!
Potentially related: #41
When creating fields that are restricted to editors AND/OR administrators, FieldManager will utilize the following syntax:
Flagged by VIP
From @joemcgill
From @dlh01
Replacing the code above with something like the following would circumvent that issue:
NOTE: This may extend to other roles, but these two seem to be the most common.
VIP Pull Request for reference: https://github.com/wpcomvip/brookings/pull/2049
The text was updated successfully, but these errors were encountered: