Create custom user role (client) that can create another custom user role (employee) of that client

Clients get added by admins, clients have a parent child relationship with employees which makes filtering easy. So all we need to do is remove anything that doesn’t have to do with employees and filter for employees with a certain meta value.

First thing’s first, whenever a new user is registered on the admin side of our CMS we will assign it a parent of the current user IF that user is a client ( assuming clients cannot assign employees to other clients ):

/**
 * Admin New Employee Function
 * @var int $user_id
 * @return void
 */
function client_register( $user_id ) {
    if( ! is_admin() ) {
        return;
    }

    // Grab the current user
    $current_user = wp_get_current_user();

    // IF the current user ID isn't 0 and our current user is a 'client' role
    if( $current_user->ID && in_array( 'client', $current_user->roles ) ) {

        // Update the new user with a 'parent' usermeta value of the current 'client'
        update_user_meta( $user_id, '_user_parent', $current_user->ID );
    }
}
add_action( 'user_register', 'client_register' );

Great, so now whenever a client creates a new user ( of any type ) it gets assigned a parent of whichever client created it. Now we need to filter our user table to only show users with our client parent usermeta:

/**
 * Pre Get Users filter
 * @var WP_Query Object $query
 * @return void
 */
function theme_pgu( $query ) {
    if( ! is_admin() ) {
        return;
    }

    // Grab our current user
    $current_user = wp_get_current_user();

    // IF our user ID is not 0 and our current user has a role of 'client'
    if( $current_user->ID && in_array( 'client', $current_user->roles ) ) {

        // Set the query to only return employee roles
        $query->set( 'role', 'employee' );

        // Which has a usermeta key '_user_parent' set
        $query->set( 'meta_key', '_user_parent' );

        // and has a usermeta value of the current client user
        $query->set( 'meta_value', $current_user->ID );
    }
}
add_action( 'pre_get_users', 'theme_pgu' );

Neat! Now we can address the issue of Clients being able to create roles of any type, so we move onto the cleanup process. The below will remove any selectable role when creating a new user or editing a current user to only employee:

/**
 * Selectable roles on the new user and user edit screen
 * @var Multi-dimensional Array $roles
 * @return Array $roles
 */
function client_sel_roles( $roles ) {
    // Grab our current user
    $current_user = wp_get_current_user();

    if( in_array( 'client', $current_user->roles ) ) {
        $roles = array( 'employee' => $roles['employee'] );
    }

    return $roles;
}
add_filter( 'editable_roles', 'client_sel_roles' );

On the All Users screen we can see the filter views still show other user roles so we need to fix that too:

/**
 * All Users screen filterable views
 * @var Array $views
 * @return Array $views
 */
function client_user_views( $views ) {
    // Grab our current user
    $current_user = wp_get_current_user();

    if( in_array( 'client', $current_user->roles ) ) {
        if( isset( $views['employee'] ) ) {
            $views = array( 'employee' => $views['employee'] );
        } else {
            $views = array();
        }
    }

    return $views;
}
add_filter( 'views_users', 'client_user_views' );

Finally, one oversight is that the user could potentially change the URL to view other users profiles which may not be their own employees, so we need to fix that by adding this little redirect:

/**
 * Stop clients from changing the URL to get to other profiles
 * @var WP_Screen Object $screen
 * @return void
 */
function edit_employees_only( $screen ) {

    // Check if we're on the correct screen
    if( 'user-edit' === $screen->base ) {

        // Ensure our desired user ID is set
        if( isset( $_GET['user_id'] ) && is_numeric( $_GET['user_id'] ) ) {
            $user_id        = absint( $_GET['user_id'] );
            $current_user   = wp_get_current_user();
            $parent         = get_user_meta( $user_id, '_user_parent', true );

            // Ensure that we're viewing a profile that is not our own
            if( $current_user->ID && in_array( 'client', $current_user->roles ) && $user_id !== $current_user->ID && $parent !== $current_user->ID ) {

                // We're viewing an incorrect profile - redirect to clients own profile
                wp_redirect( admin_url( "user-edit.php?user_id={$current_user->ID}" ) );
            }
        }
    }
}
add_action( 'current_screen', 'edit_employees_only' );

And that should do it. Client roles can only see and edit employees with the parent assigned as their ID.

Related Posts:

  1. wp_update_user not updating
  2. How to loop through each user id?
  3. Ordering users of a specific role by last name
  4. how to add custom user capabilities using add_user_meta or something else?
  5. WordPress missing user roles on local dev machine. Live site works fine
  6. Assign second role to user
  7. Display user meta by different user role
  8. Parent User and Child User – relate users
  9. Assign a role to the user who registers on a form
  10. How to create user specific pages (not user role!)?
  11. How to change user role using hook
  12. Check role of Username then echo something if administrator [closed]
  13. Problems using ‘add_role’
  14. Change auth_cookie_expiration for specific roles and specific login times
  15. Saving user meta “member_id” based on user role
  16. Why does user_can return false for a capability during plugin deactivation?
  17. Hide user fields based off capability
  18. Assign specific editor with custom user meta “A” to all authors with custom user meta “A” and exclude all other author access
  19. update_user_meta on registration but only for default role type
  20. How to assign a custom gender to a user role?
  21. How to create a clone role in wordpress
  22. How do I make a draft post accessible to everyone?
  23. Grouping users under parent user
  24. Allow authors to edit only certain users
  25. Filter available WooCommerce payment gateways by role [closed]
  26. How to programmatically add a user to a role?
  27. How to change role of all users with a specific role to another role?
  28. I need to assign a role to visitors/guests
  29. How to make an author archive only for certain user role and show related CPT
  30. Allow users to publish child pages of the pages they have access to edit
  31. Is there a way to set the user Role based on email domain
  32. pre_get_posts Remove posts based on meta value with ‘post__not_in’
  33. Access on specific pages in wordpress for a specific user
  34. How to get all users with Author role capabilities?
  35. Change the user role after x days
  36. Get (echo) all role names assigned to user
  37. Add Role inherits?
  38. similar to Editor can create any new user except administrator
  39. How to check if a role has a specific capability
  40. Expire a user’s secondary role after X days from it being allocated
  41. Locking Down WordPress Application Password Permissions / Capabilities
  42. Can a user with admin role get ‘Sorry, you are not allowed to move this item to the Trash’ error when trashing a post?
  43. Making shortcode of filtered number of comments by user role
  44. How to stop contributors editing post type but allowing them to edit a custom post type?
  45. Allow Block Editing By User Role
  46. Are there individual memory allocations for different user roles in WordPress?
  47. How to redirect specific post type with user role
  48. Prevent Editors from Editing/Deleting Admin Accounts
  49. create shortcode to list users with specific meta key value
  50. Are User Levels Still Currently Used?
  51. Membership subscription, change user role when subscription runs out
  52. How do I restrict user access to plugins?
  53. Change user role after bulk-import
  54. Show metabox for a special role
  55. Only view/edit/delete CPT made by users with the same role
  56. Restrict Access to Posts based on Custom User and Post Meta Data
  57. Admin User Role Unable to See Private Posts
  58. Custom capabilities to add, edit, remove users of a particular role only?
  59. Undo User Role Name Change
  60. add_role user capability not working
  61. Limit a user to have access to only specified pages?
  62. How can I promote a user to a network administrator?
  63. read_private_pages capability not working for new role
  64. List users of an array of roles
  65. How can I programattically hide all admin notices for everyone except admin users
  66. Want to know parameters that can be passed to user_can() for access control by user capabilities
  67. Block user roles from accessing the WordPress dashboard
  68. Create sub-administrator role that can do everything except use or see the code editor
  69. Can we hook the Customizer on a post or page on the front of the site?
  70. display user roles in comment form
  71. Show global Message in User Profiles with admin only Input field in WordPress Backend
  72. Assigning multiple or additional capabilities to specific users or how to create additional roles like bbpress roles?
  73. Get users with different roles and call function on each of them (user_meta)
  74. Is it proper to build a site supporting blog visitors in WordPress?
  75. User role editor – Add download files capability
  76. Setting an expiration date for wordpress roles
  77. Could we know who published a post on WordPress?
  78. Auto Change WordPress Roles
  79. Error while creating a clone role in wordpress
  80. Infinite redirects at front end if logged in user is not an Admin (Toolset Access)
  81. Set user role, if an specific role created an user
  82. Block access to plugins.php for custom role
  83. Allow user to select role from front end edit profile form
  84. Restrict Author to post only to a specific category
  85. TCPDF only exports .pdf when user is administrator
  86. How to allow suscriber to access specific pages in dashboard?
  87. Enable plugins for a specific user role
  88. Custom User Role – can’t edit or publish pages?
  89. Dropdown of user roles that depend on variable
  90. Add role selector to custom registration page
  91. delete_user_meta for user in spesific group
  92. Why are all roles assigned to a user when using wp_insert_user()?
  93. In admin manage users page, how can I stop users with certain privileges from editing users with other privileges?
  94. Removing Admin Bar Node Based on Role
  95. Create an email address that forwards to users in role
  96. How to update user role totals
  97. Custom user role doesn’t show up in admin
  98. Welcome email specific to user role
  99. New folder and file permissions are not correct
  100. How to change user role setting in members plugin so that user can only edit his own post?

Leave a Comment