Disallowing Users of a Custom Role from Deleting or Adding Administrators?

Hi @NetConstructor:

I think this is what you need. Note that I didn’t include the full setup of your 'website_owner' role, just the addition of a new capability called 'manage_administrators'.

Also, I only attempted to remove the “Delete” link from any users that don’t have the 'manage_administrators' capability (which you’ll need to add to the administrator role, of course) and I also simply removed the Administrator as a role option on the “Add New User” page. I didn’t attempt to ensure they can’t delete or add administrators via some nefarious method, and I didn’t disable any other feature that might allow them to add or delete administrators. That said, maybe this is sufficient?

add_action('user_row_actions','yoursite_user_row_actions',10,2);
function yoursite_user_row_actions($actions, $user_object) {  // remove the ability to delete an administrator
  global $pagenow;
  if ($pagenow=='users.php' && isset($user_object->caps['administrator']) && !current_user_can('manage_administrators'))
    unset($actions['edit']);
    unset($actions['delete']);
  return $actions;
}
add_action('editable_roles','yoursite_editable_roles');
function yoursite_editable_roles($all_roles) { // remove the ability to add an administrator
  global $pagenow;
if (in_array($pagenow,array('user-edit.php','user-new.php')) &&           
       !current_user_can('manage_administrators'))
    unset($all_roles['administrator']);
  return $all_roles;
}
add_action('admin_init','yoursite_admin_init');
function yoursite_admin_init() {
  $wp_roles = new WP_Roles();
  $wp_roles->use_db = true;
  $administrator = $wp_roles->get_role('administrator');
  if (!$administrator->has_cap('manage_administrators'))
    $wp_roles->add_cap('administrator','manage_administrators');

  $website_owner = $wp_roles->get_role('website_owner');
  if (!$website_owner) {
    //let's use the editor as the base capabilities
    $caps = get_role('editor')->capabilities;
    $caps = array_merge( $caps, array(
      'install_plugins'               => false,
      'activate_plugins'              => false,
      'update_plugins'                => false,
      'delete_plugins'                => false,
      'list_users'                    => true,
      'add_users'                     => true,
      'create_users'                  => true,
      'edit_users'                    => true,
      'delete_users'                  => true,
      'remove_users'                  => true,
      'unfiltered_upload'             => true,
      'install_themes'                => false,
      'update_themes'                 => false,
      'delete_themes'                 => false,
      'switch_themes'                 => false,
      'edit_theme_options'            => true,
      'manage_options'                => false,
      'import'                        => false,
      'update_core'                   => false,
      'edit_dashboard'                => false,
      'gravityforms_view_entries'     => true,
      'gravityforms_edit_entries'     => true,
      'gravityforms_delete_entries'   => true,
      'gravityforms_export_entries'   => true,
      'gravityforms_view_entry_notes' => true,
      'gravityforms_edit_entry_notes' => true,
      'gravityforms_feed'             => true,
      'manage_administrators'         => false,
    ));
    $wp_roles->add_role('website_owner','Website Owner',$caps);
  }
}

Leave a Comment

Hata!: SQLSTATE[HY000] [1045] Access denied for user 'divattrend_liink'@'localhost' (using password: YES)