Is there a filter for that?
Yup, there is, and the hook name is user_has_cap.
So try this, which worked for me in WordPress 5.6.1 (latest release as of writing):
add_filter( 'user_has_cap', 'wpse_383109', 10, 4 );
function wpse_383109( $allcaps, $caps, $args, $user ) {
if ( empty( $args[2] ) || 'edit_user' !== $args[0] ||
! in_array( 'suporte', $user->roles )
) {
return $allcaps;
}
$user2 = get_userdata( $args[2] );
if ( $user2 && in_array( 'administrator', $user2->roles ) ) {
$allcaps['edit_users'] = false;
}
return $allcaps;
}
And with that, for example on the Users → All Users admin page (wp-admin/users.php), users with the Suporte role can see the list of Administrators on the site, but the Suporte users won’t be able to edit an Administrator.
And if you wonder, here’s what the above code or function does:
-
empty( $args[2] ) || 'edit_user' !== $args[0]— this ensures that the requested capability isedit_userand that a specific user ID ($args[2]) is provided. So for example, the condition is true when callingcurrent_user_can( 'edit_user', 123 ). -
in_array( 'suporte', $user->roles )— this checks if the user who is editing the specific user above has the Suporte role. -
$user2 && in_array( 'administrator', $user2->roles )— this checks if the user who is being edited has the Administrator role. -
$allcaps['edit_users'] = false;— if all of the three conditions above are met, then this code (temporarily) disables theedit_userscapability for the user said in condition #2 above. And if you want, you can also disable other capabilities.. 🙂