I have set up a WordPress site for a client. The client has the Editor role, however I have installed the Members plugin and given the client the capability to add new users to the WP admin. This is working just fine.
The question I have is that I would like for the client to have the ability to create new user as with the roles of a Contributor, Subscriber, Editor and Author, but NOT Administrator. The new users the client creates should not have the Administrator role. Is it possible to hide this option somehow?
Thanks Vayu
I have set up a WordPress site for a client. The client has the Editor role, however I have installed the Members plugin and given the client the capability to add new users to the WP admin. This is working just fine.
The question I have is that I would like for the client to have the ability to create new user as with the roles of a Contributor, Subscriber, Editor and Author, but NOT Administrator. The new users the client creates should not have the Administrator role. Is it possible to hide this option somehow?
Thanks Vayu
Share Improve this question edited Nov 26, 2010 at 16:58 Jan Fabry 30.5k4 gold badges90 silver badges136 bronze badges asked Nov 24, 2010 at 10:34 VayuVayu 5191 gold badge5 silver badges7 bronze badges 1- 2 Please link the plugin you're using, I had problems to find out which one you are referring to. – hakre Commented Nov 24, 2010 at 12:22
4 Answers
Reset to default 45It's actually pretty easy. You need to filter into map_meta_caps and stop editors from creating/editing admins, and remove the administrator role from the 'editable roles' array. This class, as a plugin or in your theme's functions.php file would do it:
class JPB_User_Caps {
// Add our filters
function __construct(){
add_filter( 'editable_roles', array($this, 'editable_roles'));
add_filter( 'map_meta_cap', array($this, 'map_meta_cap'), 10, 4);
}
// Remove 'Administrator' from the list of roles if the current user is not an admin
function editable_roles( $roles ){
if( isset( $roles['administrator'] ) && !current_user_can('administrator') ){
unset( $roles['administrator']);
}
return $roles;
}
// If someone is trying to edit or delete and admin and that user isn't an admin, don't allow it
function map_meta_cap( $caps, $cap, $user_id, $args ){
switch( $cap ){
case 'edit_user':
case 'remove_user':
case 'promote_user':
if( isset($args[0]) && $args[0] == $user_id )
break;
elseif( !isset($args[0]) )
$caps[] = 'do_not_allow';
$other = new WP_User( absint($args[0]) );
if( $other->has_cap( 'administrator' ) ){
if(!current_user_can('administrator')){
$caps[] = 'do_not_allow';
}
}
break;
case 'delete_user':
case 'delete_users':
if( !isset($args[0]) )
break;
$other = new WP_User( absint($args[0]) );
if( $other->has_cap( 'administrator' ) ){
if(!current_user_can('administrator')){
$caps[] = 'do_not_allow';
}
}
break;
default:
break;
}
return $caps;
}
}
$jpb_user_caps = new JPB_User_Caps();
EDIT
Ok, so I took a look into why it was letting user deletion slip through. It looks like delete_user is handled slightly differently from edit_user; I've modified the map_meta_cap method to work around this. I've tested on 3.0.3 and this will prevent anybody but administrators from actually deleting, editing, or creating an administrator.
EDIT 2
I updated the code to reflect @bugnumber9 's answer below. Please go give that answer an upvote!
Despite of being ~7 years old, this thread can be googled easily and still provides a working solution. I mean the code provided by @John P Bloch.
That said, under PHP 7 it produces a non-critical error (PHP Deprecated) as follows:
PHP Deprecated: Methods with the same name as their class will not be constructors in a future version of PHP; JPB_User_Caps has a deprecated constructor in ...
In order to fix this simply replace this piece:
// Add our filters
function JPB_User_Caps(){
add_filter( 'editable_roles', array(&$this, 'editable_roles'));
add_filter( 'map_meta_cap', array(&$this, 'map_meta_cap'),10,4);
}
with this:
// Add our filters
function __construct() {
add_filter( 'editable_roles', array(&$this, 'editable_roles') );
add_filter( 'map_meta_cap', array(&$this, 'map_meta_cap'), 10, 4 );
}
This will fix the problem.
I was looking for a solution where the Editor could edit only menus AND create/edit users without needing a plugin. So I ended up making it for those who are interested.
// Customizes 'Editor' role to have the ability to modify menus, add new users
// and more.
class Custom_Admin {
// Add our filters
public function __construct(){
// Allow editor to edit theme options (ie Menu)
add_action('init', array($this, 'init'));
add_filter('editable_roles', array($this, 'editable_roles'));
add_filter('map_meta_cap', array($this, 'map_meta_cap'), 10, 4);
}
public function init() {
if ($this->is_client_admin()) {
// Disable access to the theme/widget pages if not admin
add_action('admin_head', array($this, 'modify_menus'));
add_action('load-themes.php', array($this, 'wp_die'));
add_action('load-widgets.php', array($this, 'wp_die'));
add_action('load-customize.php', array($this, 'wp_die'));
add_filter('user_has_cap', array($this, 'user_has_cap'));
}
}
public function wp_die() {
_default_wp_die_handler(__('You do not have sufficient permissions to access this page.'));
}
public function modify_menus()
{
remove_submenu_page( 'themes.php', 'themes.php' ); // hide the theme selection submenu
remove_submenu_page( 'themes.php', 'widgets.php' ); // hide the widgets submenu
// Appearance Menu
global $menu;
global $submenu;
if (isset($menu[60][0])) {
$menu[60][0] = "Menus"; // Rename Appearance to Menus
}
unset($submenu['themes.php'][6]); // Customize
}
// Remove 'Administrator' from the list of roles if the current user is not an admin
public function editable_roles( $roles ){
if( isset( $roles['administrator'] ) && !current_user_can('administrator') ){
unset( $roles['administrator']);
}
return $roles;
}
public function user_has_cap( $caps ){
$caps['list_users'] = true;
$caps['create_users'] = true;
$caps['edit_users'] = true;
$caps['promote_users'] = true;
$caps['delete_users'] = true;
$caps['remove_users'] = true;
$caps['edit_theme_options'] = true;
return $caps;
}
// If someone is trying to edit or delete and admin and that user isn't an admin, don't allow it
public function map_meta_cap( $caps, $cap, $user_id, $args ){
// $args[0] == other_user_id
foreach($caps as $key => $capability)
{
switch ($cap)
{
case 'edit_user':
case 'remove_user':
case 'promote_user':
if(isset($args[0]) && $args[0] == $user_id) {
break;
}
else if(!isset($args[0])) {
$caps[] = 'do_not_allow';
}
// Do not allow non-admin to edit admin
$other = new WP_User( absint($args[0]) );
if( $other->has_cap( 'administrator' ) ){
if(!current_user_can('administrator')){
$caps[] = 'do_not_allow';
}
}
break;
case 'delete_user':
case 'delete_users':
if( !isset($args[0])) {
break;
}
// Do not allow non-admin to delete admin
$other = new WP_User(absint($args[0]));
if( $other->has_cap( 'administrator' ) ){
if(!current_user_can('administrator')){
$caps[] = 'do_not_allow';
}
}
break;
break;
}
}
return $caps;
}
// If current user is called admin or administrative and is an editor
protected function is_client_admin() {
$current_user = wp_get_current_user();
$is_editor = isset($current_user->caps['editor']) ? $current_user->caps['editor'] : false;
return ($is_editor);
}
}
new Custom_Admin();
@John P Blochs solution still works fine, but I thought I would throw in my little filter for 'map_meta_cap' as well. Just a little shorter and cleaner, at least for my eyes ;)
function my_map_meta_cap( $caps, $cap, $user_id, $args ) {
$check_caps = [
'edit_user',
'remove_user',
'promote_user',
'delete_user',
'delete_users'
];
if( !in_array( $cap, $check_caps ) || current_user_can('administrator') ) {
return $caps;
}
$other = get_user_by( 'id', $args[0] ?? false ); // PHP 7 check for variable in $args...
if( $other && $other->has_cap('administrator') ) {
$caps[] = 'do_not_allow';
}
return $caps;
}
add_filter('map_meta_cap', 'my_map_meta_cap', 10, 4 );
发布者:admin,转转请注明出处:http://www.yc00.com/questions/1745551178a4632584.html
评论列表(0条)