Groups of capabilities: users with multiple roles?

The lack of mutiple roles has irritated me for a long time since the underlying WP_User class supports multiple roles. I have even considered looking for an alternative software solution. @lpryor – after reading your post, I was re-motivated to implement it myself.

It took a surprisingly short number of lines to do although I have had to hack the users.php file since I was too lazy to create a separate plugin to do it for me. Clearly this is the wrong way to do it so if I am motivated enough in future, I may try to do it properly.

If you don’t care about being able to upgrade to the latest version of WordPress (which you should) – you can implement multiple roles with the code snippets below. Please bear in mind that I’m not a wordpress expert. I just opened the relevant files and made the changes without trying to understand the full implications of what I was doing. The code seems reasonable to me but I wouldn’t trust it with my life.

(I am using 3.2 so your line numbers may vary)
In class-wp-users-list-table.php
just before line 150 add some like the following:

<div class="alignleft actions">
    <label class="screen-reader-text" for="remove_role"><?php _e( 'Remove role &hellip;' ) ?></label>
    <select name="remove_role" id="remove_role">
        <option value=""><?php _e( 'Remove role &hellip;' ) ?></option>
        <?php wp_dropdown_roles(); ?>
    </select>
    <?php submit_button( __( 'Remove' ), 'secondary', 'changeit', false ); ?>
</div>

then change the current_account function to look something like this 

function current_action() {
    if ( isset($_REQUEST['changeit']) ) {
        if ( !empty($_REQUEST['new_role']) )
            return 'promote';
        elseif ( !empty($_REQUEST['remove_role']) )
            return 'remove_role';
    }

    return parent::current_action();

}

Now in users.php
Comment out lines 71-76

/*
if ( $id == $current_user->ID && !$wp_roles->role_objects[$_REQUEST['new_role']]->has_cap('promote_users') ) {
    $update="err_admin_role";
    continue;
}
*/

Replace the set_role in line 83 with add_role

$user->add_role($_REQUEST['new_role']);

At line 92 add the following (This is just a lightly edited copy & paste from the promote action – I haven’t checked to ensure that the promote_user capability is appropriate for removing roles)

case 'remove_role':
    check_admin_referer('bulk-users');

    if ( ! current_user_can( 'promote_users' ) )
            wp_die( __( 'You can&#8217;t edit that user.' ) );

    if ( empty($_REQUEST['users']) ) {
            wp_redirect($redirect);
            exit();
    }

    $editable_roles = get_editable_roles();
    if ( empty( $editable_roles[$_REQUEST['remove_role']] ) )
            wp_die(__('You can&#8217;t remove that role'));

    $userids = $_REQUEST['users'];
    $update="remove_role";
    foreach ( $userids as $id ) {
            $id = (int) $id;

            if ( ! current_user_can('promote_user', $id) )
                    wp_die(__('You can&#8217;t edit that user.'));
            // The new role of the current user must also have promote_users caps
            // Need to think this through
            /*
            if ( $id == $current_user->ID && !$wp_roles->role_objects[$_REQUEST['new_role']]->has_cap('promote_users') ) {
                    $update="err_admin_role";
                    continue;
            }
            */

            // If the user doesn't already belong to the blog, bail.
            if ( is_multisite() && !is_user_member_of_blog( $id ) )
                    wp_die(__('Cheatin&#8217; uh?'));

            $user = new WP_User($id);
            $user->remove_role($_REQUEST['remove_role']);
    }

    wp_redirect(add_query_arg('update', $update, $redirect));
    exit();

At line 370 add the following

case 'remove_role':
    $messages[] = '<div id="message" class="updated"><p>' . __('Removed role.') . '</p></div>';
    break;

Related Posts:

  1. Editor can create any new user except administrator
  2. Remove Ability for Other Users to View Administrator in User List?
  3. User-edit role setting distinct from wp_capabilities? [closed]
  4. How to let contributors to create a new revision(draft) editing their published posts
  5. Disallowing Users of a Custom Role from Deleting or Adding Administrators?
  6. How to update user role without logout
  7. How to check user role without using current_user_can()
  8. Do not allow users to create new posts and pages
  9. \WP_User Object | What’s the Difference Between {caps} and {allcaps}?
  10. How to enable the theme editor cap for an editor role?
  11. How to assign capabilities to user NOT to User Role
  12. How-to Delay The Capability To Publish Posts?
  13. Is there a simple way to manage capabilities per user?
  14. Get User Role by ID not working
  15. Getting users by specific capability, not role
  16. Are User Levels Still Currently Used?
  17. Remove Capabilities from WP admin for specific user role
  18. Add a role and give admin priviledges
  19. Where are $current_user->allcaps set?
  20. How can I prevent certain custom roles from seeing other custom roles on the user list page?
  21. What’s the correct way to add capabilites to user roles?
  22. Can I Create a Second Admin Level User Role?
  23. Assigning multiple or additional capabilities to specific users or how to create additional roles like bbpress roles?
  24. how do I add role and capability after I create a new user
  25. How to make WordPress ‘editor’ role to list/view/add/edit users only with the role ‘author’?
  26. fine-grained capabilities for user related capabilities
  27. Disabling user capability to edit_posts or delete_posts in the front-end
  28. Groups roles & capabilities
  29. Subscriber role – blank page
  30. current_user_can() returning true for capability when the user and role do not have the capability
  31. Getting a List of Currently Available Roles on a WordPress Site?
  32. Find out if logged in user is not subscriber
  33. What’s the difference between the capability remove_users and delete_users?
  34. What the user_status column?
  35. Add Custom User Capabilities Before or After the Custom User Role has Been Added?
  36. Hide Admin Menu for Specific User ID who has administrator Role
  37. How to hide media uploads by other users in the Media menu?
  38. Show admin bar only for some USERS roles
  39. Grouping users under parent user
  40. How to programmatically add a user to a role?
  41. Prevent user creating new users with specific roles
  42. How to assign an additional/extra/second user-role to multiple users (of a specific user-role)
  43. How to stop a user from updating the post date
  44. BuddyPress | Check if user is in current group [closed]
  45. WordPress edit_user_profile_update update secondary role
  46. How to restrict specific post types from being read or added by specific user roles (eg. author)?
  47. How to customize wp_signon()
  48. Is it possible to get a user with just the password field?
  49. How to get the Role Name of the current user? (WordPress)
  50. set_role has no effect
  51. WP_User->add_role producing unexpected results
  52. Users roles, make a page belonging to multiple users
  53. How do I list in the backend all users that were assigned to a custom role?
  54. How to add local users to wordpress without email password?
  55. Managing Users and Creating Groups [closed]
  56. Restricted registrations or removing the ability to edit your password/email
  57. Error: How to allow the “contributor” to upload media in wordpress
  58. wordpress user roles are not working
  59. Displaying different in-page content to cliente/admin
  60. Fix permissions for users role
  61. User capability for editing their own comments
  62. What are some best practices for user exit strategy?
  63. Is there a way to identify a user in a custom REST API method? [duplicate]
  64. Problem with automatic role change through cron job
  65. Allow Contributors to Upload Files
  66. How can I allow an User to publish only 5 posts per month?
  67. Is possible to allow user to login with different role?
  68. Disable user from updating certain posts
  69. How change user type from contributor to author
  70. How do I let contributors edit their posts after being approved once?
  71. How to get a users list by who created them?
  72. Load user by specific role
  73. Fix ‘Add Role’ Option not there in wordpress 5.2.2
  74. Allow Users to Modify Some Values of Assigned WordPress Pods [closed]
  75. Customising “user ids” and add to ‘user’ panel in the admin area
  76. Custom capability for a single user
  77. Change User Role based on Point System Issue
  78. Get Authors Role
  79. How do I modify the user role ‘subscriber’ to allow the user to delete posts
  80. Editor role can only create/edit/delete users who have one of two roles
  81. Update user role for expired membership
  82. Find count of WordPress users by role and search string for user name
  83. Hook into add_user_role and update based on new and removed roles
  84. In admin manage users page, how can I stop users with certain privileges from editing users with other privileges?
  85. User Role not showing in Users Screen
  86. Custom User Role: Can Edit Own Page, Cannot Create New
  87. Button for users to upgrade their user role + Button to show current user role!
  88. Access level seems to have gone from admin to editor
  89. Restrict Access to the User Profile
  90. How to get only 1 role from user
  91. Front end login and page restriction
  92. User “none” role
  93. Giving users an editable homepage/business directory
  94. i need to let a user to add a role from a frontend form
  95. Limit user access to installing/configuring a plugin?
  96. No one can edit post/pages by Administrator
  97. Increase by one the user counter on specific role
  98. Show only users with the same role in Dashboard user list
  99. Remove My Account Menu items in Woocommerce based on user roles
  100. WordPress: New user role which is ONLY allowed to manage media

Leave a Comment