一，使用 user_can() 函数验证角色权限

user_can( $user->ID, 'edit_posts' );
user_can( $user->ID, 'edit_post', $post->ID );
user_can( $user->ID, 'edit_post_meta', $post->ID, $meta_key );

二，使用 current_user_can( $capability ) 验证当前用户权限

current_user_can( 'edit_posts' );
current_user_can( 'edit_post', $post->ID );
current_user_can( 'edit_post_meta', $post->ID, $meta_key );

三，WordPress 的角色

WordPress所有者可以控制用户写文章、创建页面、管理插件、管理主题，以及管理其他用户的权限。博客所有者可以分配用户权限。

WordPress 有五个预定义的角色: 管理员（Administrator ）、编辑（Editor）、作者（Author）、投稿者（Contributor）和订阅者（Subscriber）。每一种角色被允许执行一系列被称作为功能的任务（capability）。

四，WordPress 的权限

管理员

activate_plugins
add_users
create_users
delete_others_pages
delete_others_posts
delete_pages
delete_plugins
delete_posts
delete_private_pages
delete_private_posts
delete_published_pages
delete_published_posts
delete_themes
delete_users
edit_dashboard
edit_files
edit_others_pages
edit_others_posts
edit_pages
edit_plugins
edit_posts
edit_private_pages
edit_private_posts
edit_published_pages
edit_published_posts
edit_theme_options
edit_themes
edit_users
export
import
install_plugins
install_themes
list_users
manage_categories
manage_links
manage_options
moderate_comments
promote_users
publish_pages
publish_posts
read_private_pages
read_private_posts
read
remove_users
switch_themes
unfiltered_html (not with Multisite. See Unfiltered MU)
unfiltered_upload
update_core
update_plugins
update_themes
upload_files

编辑

delete_others_pages
delete_others_posts
delete_pages
delete_posts
delete_private_pages
delete_private_posts
delete_published_pages
delete_published_posts
edit_others_pages
edit_others_posts
edit_pages
edit_posts
edit_private_pages
edit_private_posts
edit_published_pages
edit_published_posts
manage_categories
manage_links
moderate_comments
publish_pages
publish_posts
read
read_private_pages
read_private_posts
unfiltered_html (not with Multisite. See Unfiltered MU)
upload_files

作者

delete_posts
delete_published_posts
edit_posts
edit_published_posts
publish_posts
read
upload_files

投稿人

delete_posts
edit_posts
read

订阅者

read