map_meta_cap() question.

  • Resolved thescribbler

    (@thescribbler)


    9 years, 12 months ago

    Hi everyone, I have a quick question about a snippet of code in the map_meta_cap() function.

    The code is:

    case 'edit_user':
	case 'edit_users':
		// Allow user to edit itself
		if ( 'edit_user' == $cap && isset( $args[0] ) && $user_id == $args[0] )
			break;

		// If multisite these caps are allowed only for super admins.
		if ( is_multisite() && !is_super_admin( $user_id ) )
			$caps[] = 'do_not_allow';
		else
			$caps[] = 'edit_users'; // edit_user maps to edit_users.
		break;

    I’m confused about the break that occurs directly after if ( 'edit_user' == $cap && isset( $args[0] ) && $user_id == $args[0] ).

    From what I can see, the conditional checks if the current user’s ID is the same as the ID of the user they wish to edit. If it’s true, you would expect it to map ‘edit_user’ to edit_users’ (i.e. they can edit themselves), but the code leads it on to a break instead, i.e. edit_user will NOT be mapped to edit_users if the condition is true.

    Is this not the opposite of what it’s supposed to do? Using current_user_can() shows that it works the correct way (and commenting out the break reverses the functionality), but I can’t understand how it’s working!

    I know it’s minor but it’s driving me mad! I realise that I must be reading the code incorrectly, so any insight would be greatly appreciated. Cheers.

Viewing 1 replies (of 1 total)
  • Thread Starter thescribbler

    (@thescribbler)

    I’ve just realised how it works: map_meta_cap() returns an empty $caps array to WP_User::has_caps if the user wants to edit their own profile. The empty array does not trigger the foreach loop in WP_User::has_caps and thus current_user_can() will return true.

Viewing 1 replies (of 1 total)
  • The topic ‘map_meta_cap() question.’ is closed to new replies.