current_user_can() returning true for capability when the user and role do not have the capability


I’ve been trying to remove the “Customize” from the admin bar by removing the capability from the ‘tt_editor’ role by adding this to the bottom of the init action function:

$editor = get_role('tt_editor');

This seems to remove the capability, but at the beginning of wp_admin_bar_customize_menu() in wp-includes/admin-bar.php current_user_can('customize') still returns true.

I’ve even tried moving it to the beginning of the admin bar function directly before it calls current_user_can().

I’ve even tried removing the capability from the current user, that doesn’t work either.

I fail to see how even with all these different methods, current_user_can() still returns true:

global $wp_roles;
$wp_roles->remove_cap('tt_editor', 'customize');

$role = get_role('tt_editor');


var_dump(current_user_can('customize')); // STILL RETURNS TRUE?

I suppose this could be a bug in WordPress Core? We’re on version 5.8.6.

As a workaround I’m using $wp_admin_bar->remove_menu('customize') but I would like to do it by removing the capability really.

Jerome Beckett 1 month 2022-10-19T07:33:44-05:00 0 Answers 0 views 0

Leave an answer