How to allow an user role to create a new user under a role which lower than his level only?

Firstly, you need to add the following capabilities to the Doctor and Receptionist role:

  • list_users
  • edit_users
  • create_users
  • delete_users

Now we can get to work with controlling which users they can create/edite/delete. Let’s start with a “helper” function that will return which roles a user is allowed to edit:

/**
 * Helper function get getting roles that the user is allowed to create/edit/delete.
 *
 * @param   WP_User $user
 * @return  array
 */
function wpse_188863_get_allowed_roles( $user ) {
    $allowed = array();

    if ( in_array( 'administrator', $user->roles ) ) { // Admin can edit all roles
        $allowed = array_keys( $GLOBALS['wp_roles']->roles );
    } elseif ( in_array( 'Doctor', $user->roles ) ) {
        $allowed[] = 'Receptionist';
        $allowed[] = 'Guest';
    } elseif ( in_array( 'Receptionist', $user->roles ) ) {
        $allowed[] = 'Guest';
    }

    return $allowed;
}

And to set which roles they can assign a user:

/**
 * Remove roles that are not allowed for the current user role.
 */
function wpse_188863_editable_roles( $roles ) {
    if ( $user = wp_get_current_user() ) {
        $allowed = wpse_188863_get_allowed_roles( $user );

        foreach ( $roles as $role => $caps ) {
            if ( ! in_array( $role, $allowed ) )
                unset( $roles[ $role ] );
        }
    }

    return $roles;
}

add_filter( 'editable_roles', 'wpse_188863_editable_roles' );

And finally, limit which users they can edit/delete based on their role:

/**
 * Prevent users deleting/editing users with a role outside their allowance.
 */
function wpse_188863_map_meta_cap( $caps, $cap, $user_ID, $args ) {
    if ( ( $cap === 'edit_user' || $cap === 'delete_user' ) && $args ) {
        $the_user = get_userdata( $user_ID ); // The user performing the task
        $user     = get_userdata( $args[0] ); // The user being edited/deleted

        if ( $the_user && $user && $the_user->ID != $user->ID /* User can always edit self */ ) {
            $allowed = wpse_188863_get_allowed_roles( $the_user );

            if ( array_diff( $user->roles, $allowed ) ) {
                // Target user has roles outside of our limits
                $caps[] = 'not_allowed';
            }
        }
    }

    return $caps;
}

add_filter( 'map_meta_cap', 'wpse_188863_map_meta_cap', 10, 4 );

Related Posts:

  1. What the user_status column?
  2. How to customize wp_signon()
  3. Displaying different in-page content to cliente/admin
  4. Customising “user ids” and add to ‘user’ panel in the admin area
  5. How to hide some users to unlogged users [closed]
  6. If the current user is an administrator or editor
  7. Find out if logged in user is not subscriber
  8. How do I programmatically set default role for new users?
  9. Whats the best way to share user data across multiple WordPress websites?
  10. User-edit role setting distinct from wp_capabilities? [closed]
  11. Disallowing Users of a Custom Role from Deleting or Adding Administrators?
  12. Hide Admin Menu for Specific User ID who has administrator Role
  13. Problem with Hebrew characters in username
  14. Remove email verification when new user register
  15. How to let user set password on registration
  16. How to display custom user meta from registration in backend?
  17. Grouping users under parent user
  18. How to update user role without logout
  19. Do not allow users to create new posts and pages
  20. How to assign an additional/extra/second user-role to multiple users (of a specific user-role)
  21. Copy a user from one WordPress site to another
  22. Can I hook into the invite user process to verify their email address is from a certain domain?
  23. WordPress edit_user_profile_update update secondary role
  24. Get user info outside WordPress
  25. ACF Upload Image in front-end with custom form
  26. Is there a simple way to manage capabilities per user?
  27. Is it possible to get a user with just the password field?
  28. How to get the Role Name of the current user? (WordPress)
  29. How Do I Prevent Junk Account Creation?
  30. Can I bulk register contributors for a new blog
  31. New user notification doesn’t include activation link
  32. WordPress to use Drupal users’ credentials
  33. Users roles, make a page belonging to multiple users
  34. Redirect after users complete profile form
  35. Front End Registration Form Code – Password Field Not Saving
  36. How to add local users to wordpress without email password?
  37. How can I verify users facebook ID that he provides during signup process
  38. Getting users by specific capability, not role
  39. Creating user in Firebase after WordPress user registration
  40. How to disable a specific page for a specific user
  41. Error: How to allow the “contributor” to upload media in wordpress
  42. Remove Capabilities from WP admin for specific user role
  43. wordpress user roles are not working
  44. Can i add password field into my wp registration form?
  45. User capability for editing their own comments
  46. What are some best practices for user exit strategy?
  47. Is there a way to identify a user in a custom REST API method? [duplicate]
  48. wordpress disable login for unverified user
  49. Problem with automatic role change through cron job
  50. Allow Contributors to Upload Files
  51. Register user when after filling contact form
  52. Is possible to allow user to login with different role?
  53. Creating user without username and password
  54. Limit number of users a role can create
  55. Check for valid email after user inactivity?
  56. How do I let contributors edit their posts after being approved once?
  57. How can I prevent certain custom roles from seeing other custom roles on the user list page?
  58. Assign random (and unique) user meta upon registration
  59. What is correct way to change user’s email?
  60. Load user by specific role
  61. What’s the correct way to add capabilites to user roles?
  62. Fix ‘Add Role’ Option not there in wordpress 5.2.2
  63. User roles not displaying
  64. Allow admins to login as other users
  65. How to programmatically read the plan text password when user register?
  66. Adding more fields to the add user page on dashboard
  67. Assigning multiple or additional capabilities to specific users or how to create additional roles like bbpress roles?
  68. Change User Role based on Point System Issue
  69. How do I modify the user role ‘subscriber’ to allow the user to delete posts
  70. Can I add a unique code for each user based on the location?
  71. Send user auto generated password on different email
  72. How to make WordPress ‘editor’ role to list/view/add/edit users only with the role ‘author’?
  73. How to hide “Change role to” dropdown on Users admin menu
  74. How can i display pagination in custom comment list?
  75. hide page menu from admin panel for specific users
  76. Safely changing UserID’s, re-using deleted UserID’s and automatically using deleted userID’s instead of an increment
  77. Single Sign On (SSO) between two WordPress websites
  78. Disable emails for new user registration
  79. Disabling user capability to edit_posts or delete_posts in the front-end
  80. User / membership Plugin [closed]
  81. In admin manage users page, how can I stop users with certain privileges from editing users with other privileges?
  82. User Role not showing in Users Screen
  83. Groups roles & capabilities
  84. Button for users to upgrade their user role + Button to show current user role!
  85. Allowing users to edit only their page and nobody else’s
  86. How to bulk change user role to “No role for this site”
  87. Restrict Access to the User Profile
  88. Subscriber role – blank page
  89. How to get only 1 role from user
  90. User “none” role
  91. Disallow user registration/checkout via Hotmail/Yahoo
  92. Retrieve New user’s ID
  93. Let admin users edit member profiles from front end
  94. Giving users an editable homepage/business directory
  95. New User Registration email
  96. Increase by one the user counter on specific role
  97. current_user_can() returning true for capability when the user and role do not have the capability
  98. How to create a specific role to manage users
  99. Wordpres password as plain text in email
  100. WordPress password as plain text in email

Leave a Comment