Editors can only edit Subscribers profiles

  • Resolved WebMaestro.Fr

    (@webmaestrofr)


    11 years, 7 months ago

    Hi fellows,

    I would like my editor to manage the subscribers ONLY. So far I managed to give them the capabilities, and restrict their role attribution to “Subscribers” only. But It’s still possible for them to remove my Admins roles !

    register_activation_hook( __FILE__, 'editors_edit_users_activation' );
function editors_edit_users_activation () {
    foreach ( array( 'editor' ) as $r ) {
        $role = get_role( $r );
        if ( $role ) {
            $role->add_cap( 'create_users' );
            $role->add_cap( 'edit_users' );
            $role->add_cap( 'delete_users' );
            $role->add_cap( 'list_users' );
        }
    }
}

register_deactivation_hook( __FILE__, 'editors_edit_users_deactivation' );
function editors_edit_users_deactivation() {
    foreach ( array( 'editor' ) as $r ) {
        $role = get_role( $r );
        if ( $role ) {
            $role->remove_cap( 'create_users' );
            $role->remove_cap( 'edit_users' );
            $role->remove_cap( 'delete_users' );
            $role->remove_cap( 'list_users' );
        }
    }
}

add_filter( 'editable_roles', 'editors_edit_users_filter_roles' );
function editors_edit_users_filter_roles( $roles ) {
    $user = wp_get_current_user();
    if ( in_array( 'editor', $user->roles ) ) {
        $tmp = array_keys( $roles );
        foreach ( $tmp as $r ) {
            if ( 'subscriber' == $r ) continue;
            unset( $roles[$r] );
        }
    }
    return $roles;
}

    (https://gist.github.com/chrisguitarguy/1804462)

    [Please post code & markup between backticks or use the code button. Your posted code may now have been permanently damaged by the forum’s parser.]

    So I would like to hide other roles profiles (contributors, administrators…) for “editors”… : Is there a way to avoid editors with extended capabilities to see non-subscribers in the users.php part of the admin panel ?

    Thanks for any answer or advice.

Viewing 3 replies - 1 through 3 (of 3 total)
  • Thread Starter WebMaestro.Fr

    (@webmaestrofr)

    I’m always scared not to be clear enough, so let me put it like this :
    How can I allow my Editors to update Subscribers profiles ? How can I make sure they can’t access other roles profiles (Contributors, Administrators…), even with an “edit_users” capability ?

    WebMaestroFr, you can prevent the Editor from accessing the “admin” user.php and user-edit.php pages.

    <?php
add_action( 'admin_init', 'stop_access_admin_profile' );
function stop_access_admin_profile() {
    global $pagenow;

    if (isset($_REQUEST['user_id'])) {
        $user_id = $_REQUEST['user_id'];
    } else if (isset($_REQUEST['user'])) {
        $user_id = $_REQUEST['user'];
    } else {
        $user_id = 0;
    }

    $level = get_user_meta($user_id, 'wp_user_level', true) ;

    $user = wp_get_current_user();
    $blocked_admin_pages = array('user-edit.php', 'users.php');
    if ( in_array( 'editor', $user->roles ) ) {
        if( in_array($pagenow, $blocked_admin_pages) && ($level == 10) ) { // 10 corresponds to admin level.

            wp_die( 'You cannot access the admin user.' );

        }
    }

}
?>
    Thread Starter WebMaestro.Fr

    (@webmaestrofr)

    Thanks Leo’ ! This will surely come in handy on some next projects.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Editors can only edit Subscribers profiles’ is closed to new replies.