Disallowing Users of a Custom Role from Deleting or Adding Administrators?

Hi @NetConstructor:

I think this is what you need. Note that I didn’t include the full setup of your 'website_owner' role, just the addition of a new capability called 'manage_administrators'.

Also, I only attempted to remove the “Delete” link from any users that don’t have the 'manage_administrators' capability (which you’ll need to add to the administrator role, of course) and I also simply removed the Administrator as a role option on the “Add New User” page. I didn’t attempt to ensure they can’t delete or add administrators via some nefarious method, and I didn’t disable any other feature that might allow them to add or delete administrators. That said, maybe this is sufficient?

add_action('user_row_actions','yoursite_user_row_actions',10,2);
function yoursite_user_row_actions($actions, $user_object) {  // remove the ability to delete an administrator
  global $pagenow;
  if ($pagenow=='users.php' && isset($user_object->caps['administrator']) && !current_user_can('manage_administrators'))
    unset($actions['edit']);
    unset($actions['delete']);
  return $actions;
}
add_action('editable_roles','yoursite_editable_roles');
function yoursite_editable_roles($all_roles) { // remove the ability to add an administrator
  global $pagenow;
if (in_array($pagenow,array('user-edit.php','user-new.php')) &&           
       !current_user_can('manage_administrators'))
    unset($all_roles['administrator']);
  return $all_roles;
}
add_action('admin_init','yoursite_admin_init');
function yoursite_admin_init() {
  $wp_roles = new WP_Roles();
  $wp_roles->use_db = true;
  $administrator = $wp_roles->get_role('administrator');
  if (!$administrator->has_cap('manage_administrators'))
    $wp_roles->add_cap('administrator','manage_administrators');

  $website_owner = $wp_roles->get_role('website_owner');
  if (!$website_owner) {
    //let's use the editor as the base capabilities
    $caps = get_role('editor')->capabilities;
    $caps = array_merge( $caps, array(
      'install_plugins'               => false,
      'activate_plugins'              => false,
      'update_plugins'                => false,
      'delete_plugins'                => false,
      'list_users'                    => true,
      'add_users'                     => true,
      'create_users'                  => true,
      'edit_users'                    => true,
      'delete_users'                  => true,
      'remove_users'                  => true,
      'unfiltered_upload'             => true,
      'install_themes'                => false,
      'update_themes'                 => false,
      'delete_themes'                 => false,
      'switch_themes'                 => false,
      'edit_theme_options'            => true,
      'manage_options'                => false,
      'import'                        => false,
      'update_core'                   => false,
      'edit_dashboard'                => false,
      'gravityforms_view_entries'     => true,
      'gravityforms_edit_entries'     => true,
      'gravityforms_delete_entries'   => true,
      'gravityforms_export_entries'   => true,
      'gravityforms_view_entry_notes' => true,
      'gravityforms_edit_entry_notes' => true,
      'gravityforms_feed'             => true,
      'manage_administrators'         => false,
    ));
    $wp_roles->add_role('website_owner','Website Owner',$caps);
  }
}

Related Posts:

  1. Where are $current_user->allcaps set?
  2. Can I Create a Second Admin Level User Role?
  3. Editor can create any new user except administrator
  4. Remove Ability for Other Users to View Administrator in User List?
  5. Groups of capabilities: users with multiple roles?
  6. User-edit role setting distinct from wp_capabilities? [closed]
  7. Allowing users to edit only their page and nobody else’s
  8. How to let contributors to create a new revision(draft) editing their published posts
  9. Hide Admin Menu for Specific User ID who has administrator Role
  10. How to update user role without logout
  11. How to check user role without using current_user_can()
  12. Do not allow users to create new posts and pages
  13. \WP_User Object | What’s the Difference Between {caps} and {allcaps}?
  14. How to enable the theme editor cap for an editor role?
  15. How to assign capabilities to user NOT to User Role
  16. How-to Delay The Capability To Publish Posts?
  17. How to customize wp_signon()
  18. Is there a simple way to manage capabilities per user?
  19. Can I create users that have access to *some* other users posts instead of all other users posts?
  20. Set default page for user account in admin
  21. Hide everything on site for visitors except specific page IDs
  22. Get User Role by ID not working
  23. Getting users by specific capability, not role
  24. Managing Users and Creating Groups [closed]
  25. How to disable a specific page for a specific user
  26. Are User Levels Still Currently Used?
  27. Remove Capabilities from WP admin for specific user role
  28. wordpress user roles are not working
  29. Displaying different in-page content to cliente/admin
  30. Problem with automatic role change through cron job
  31. How can I allow an User to publish only 5 posts per month?
  32. Add a role and give admin priviledges
  33. How can I prevent certain custom roles from seeing other custom roles on the user list page?
  34. What’s the correct way to add capabilites to user roles?
  35. Allow admins to login as other users
  36. Redirect admin 403 “Cheatin uh?” admin pages
  37. Assigning multiple or additional capabilities to specific users or how to create additional roles like bbpress roles?
  38. how do I add role and capability after I create a new user
  39. WordPress user role with create user capability?
  40. Update user role for expired membership
  41. How to make WordPress ‘editor’ role to list/view/add/edit users only with the role ‘author’?
  42. fine-grained capabilities for user related capabilities
  43. Disabling user capability to edit_posts or delete_posts in the front-end
  44. Groups roles & capabilities
  45. Custom User Role: Can Edit Own Page, Cannot Create New
  46. WordPress install checking permissions of user id 0
  47. Allowing users to edit only their page and nobody else’s
  48. How to bulk change user role to “No role for this site”
  49. Restrict Access to the User Profile
  50. Subscriber role – blank page
  51. Control Category of each user can post
  52. Limit user access to installing/configuring a plugin?
  53. current_user_can() returning true for capability when the user and role do not have the capability
  54. Getting a List of Currently Available Roles on a WordPress Site?
  55. How to hide media uploads by other users in the Media menu?
  56. Show admin bar only for some USERS roles
  57. Prevent user creating new users with specific roles
  58. Add user capability and check against it
  59. BuddyPress | Check if user is in current group [closed]
  60. Return ID of authors who have at least one post
  61. Front end user meta options for users
  62. How to restrict specific post types from being read or added by specific user roles (eg. author)?
  63. WP_User->add_role producing unexpected results
  64. Capability for allowing user to post own comments without moderation
  65. how to assign more permission to wordpress author
  66. Upgrade Nightmare – No Posts, Permissions Issues and Can’t Create a new post
  67. Restricted registrations or removing the ability to edit your password/email
  68. remove/hide pages from users backend
  69. How to restrict CPT post’s fronted view only for specific user roles?
  70. Fix permissions for users role
  71. Disable user from updating certain posts
  72. How change user type from contributor to author
  73. Create a User Role with permissions to only upload files to the media library?
  74. How to get a users list by who created them?
  75. Does wordpress support natively the concept of logging-in users? (not admins, but users of the website)
  76. How to hide user profile fields based on the role of the viewed user?
  77. Allow Users to Modify Some Values of Assigned WordPress Pods [closed]
  78. Customising “user ids” and add to ‘user’ panel in the admin area
  79. Privilege to recover trashed posts
  80. One Click Access To Users Account In WordPress?
  81. Get Authors Role
  82. Editor role can only create/edit/delete users who have one of two roles
  83. Find count of WordPress users by role and search string for user name
  84. Hook into add_user_role and update based on new and removed roles
  85. Updated user role inncorrect when using wp_get_current_user()
  86. How to use url formatter with integer
  87. Show user details only
  88. A different role for each site in a multisite
  89. Access level seems to have gone from admin to editor
  90. post acces for guests / unregistered users only
  91. Front end login and page restriction
  92. view and update form only for registered users
  93. i need to let a user to add a role from a frontend form
  94. file upload user profile
  95. How to give different user access to different people?
  96. Redirect user based on role when they try access a particular page
  97. determine active user browser at the same time
  98. MySQL query to list users who never signed in
  99. Send email to user if their role is changed to Author
  100. Remove My Account Menu items in Woocommerce based on user roles

Leave a Comment