current_user_can() returning true for capability when user and role do not have capability

I’m trying to remove “customize” from the admin bar by removing the capability from the ‘tt_editor’ role by adding at the bottom of the init action function:

$editor = get_role('tt_editor');
$editor->remove_cap('customize');

The ability seems to have been removed, but initially wp_admin_bar_customize_menu() in wp-includes/admin-bar.php current_user_can('customize') still returns true.

I’ve also tried moving it directly to the start of the admin bar function before calling it current_user_can(),

I’ve also tried removing the capability from the current user, that doesn’t work either.

I fail to see how current_user_can() still returns true, even with all these different methods:

global $wp_roles;
$wp_roles->remove_cap('tt_editor', 'customize');

$role = get_role('tt_editor');
$role->remove_cap('customize');

wp_get_current_user()->remove_cap('customize');

var_dump(current_user_can('customize')); // STILL RETURNS TRUE?

I think it may be a bug in wordpress core? We are on version 5.8.

as a solution i am using $wp_admin_bar->remove_menu('customize') But I really want to do it by removing the capability.

Leave a Comment