One step is to use the
editable_roles
filter to remove roles from the dropdown but this doesn’t prevent the user from modifying the select value and create a user with “not allowed” role.
Yes it does. This filter is not just for the dropdown. Modifying editable_roles
does in fact prevent users from assigning a role they’re not allowed to.
This is because edit_user()
(the function used for adding new users) calls get_editable_roles()
as well and bails when one is not allowed to give users that role.
Here’s a simple example of what you can do:
/**
* Removes Administrator from roles list if user isn't an admin themselves.
*
* This way, only admins can make new admins.
*
* @param array $all_roles List of roles.
* @return array Modified list of roles.
*/
function wpse_293133_filter_editable_roles( $all_roles ) {
if ( ! is_super_admin( get_current_user_id() ) ) {
unset( $all_roles['administrator'] );
}
return $all_roles;
}
add_filter( 'editable_roles', 'wpse_293133_filter_editable_roles' );
Related Posts:
- A different role for each site in a multisite
- WPMU – new users are automatically subscribed to the main blog – how to prevent that?
- How to change a user role after registering in multisite?
- Easily adding multiple existing users to a multisite site
- Why are my roles not visible in a Multi-site/Network?
- wordpress multisite, how to keep user on subdomain throughout registration process?
- How to enable a site administrator to edit users in a WordPress network/ multisite setup?
- Possible to make custom role in multisite that can add sites?
- How to add multiple existing users to a multisite site?
- In MultiSite, can some users automatically have Site Admin rights on all sites, without granting them Network Admin access?
- create_users capabilities on a role on multisite
- Update User Role Across Network when Main Site User is Updated
- Assign role to user on first login, if they are first (after admin)
- Get the User ID Who Owns a Given Blog ID in Multisite
- Make a user administrator to a sub directory site and a contributor to main site in multisite network
- Displaying a message upon user registration
- How to change user starting role in WordPress MultiSite?
- Allow Author on Site A capability to upload files on Site B in Multi Site
- Add a user to a specific blog when they register?
- Add menu items/actions for multisite users who are registered on the network but do not have a role or capability in any sites
- Four columns in the wp_users table
- Subsite access without being a member of the subsite in wp multisite network
- Create Custom Multisite User Role to Reduce Capabilities
- Restrict Capability of Administrator to Create, Edit and Delete Pages in Multisite
- Copy user role on multisite so the user can access subsites with same role
- How to fix that new users show up again in subsite of a Multisite?
- WordPress Multisite Add User
- can’t create user without email for an author after converting single site to multisite
- Possible to have duplicate usernames on different two multisites
- Modify new user email notification in network admin screen wp multisite
- Users getting linked unwanted to main mu in WordPress multisite (WPMU)
- Can’t activate a user on multisite install
- Multisite “Skip Confirmation Email” Log Out Problem
- How to create child/sub user under parent user
- How create a multisite setup with “phantom” accounts and passwords?
- Is there any way to give all users access to one blog in a multisite network without using a plugin?
- How to give “author” user role appropriate capabilities to add PollDaddy polls? WordPress multisite
- Using a number for limiting registering or banning on multisite
- How To Add Custom Form Fields To The User Profile Page?
- How to allow an user role to create a new user under a role which lower than his level only?
- Remove Ability for Other Users to View Administrator in User List?
- How to use same email for multiple users
- Where can I find documentation on what characters are allowed in user names and why?
- How to let contributors to create a new revision(draft) editing their published posts
- Troubleshooting a “You do not have sufficient permissions to access this page” error
- Allowing periods in usernames
- Different back-end colour scheme for the different sites of a multisite
- Remove Site Name from register form – Multisite
- Set up collaborative site
- Integrating WordPress to my website, while keeping my own authentication system
- Add role across network in multisite
- Restrict users on multisite WordPress install
- \WP_User Object | What’s the Difference Between {caps} and {allcaps}?
- How to enable the theme editor cap for an editor role?
- Is there a wordpress function to cleanly delete an entry in the signups table?
- How-to Delay The Capability To Publish Posts?
- WordPress Multisite Layered Admins
- WordPress 3.2(Multisite) – How to add custom user meta fields to signup form?
- the blog owner multisite
- How can I get multisite primary blog (url or path) for current user?
- User role permissions based on taxonomies
- Avoid having infinite loops
- Create custom role, multisite, add users/sites?
- Multisite – One user allowed access to all sites?
- Roles for Custom Post Types
- Add a role and give admin priviledges
- WordPress stuck in deleting user
- How to display users with posts published between two dates (Sorted by Post-Count) [Multisite]
- Multisite – maximum number of users with specific role
- Remove superadmin role from the “change role to” menu in user listing
- How To Disable Add new users On Subsites In Multisite?
- Wait ajax to complete before continue loop
- How to hide some users to unlogged users [closed]
- How to delete user from MU site when the user is removed from their site?
- Redirect admin 403 “Cheatin uh?” admin pages
- WordPress multisite, allow non super admins to create sites
- How to share User Database between Two Multisite Installations + More
- Remove specific administrator’s capability
- Creating teams of users in WordPress
- Multisite ‘Welcome User Email’ SITE_NAME returns ‘network’ name, not the name of the blog
- Give users acces to admin a single post or set up WP network?
- Restrict users of site 1 to login in site 2 in wordpress multisite
- “My Sites” incorrectly showing all network sites for all logged in users
- Allow a user or role to view drafts and previews, but not other admin privileges?
- User registration on wordpress multisite
- Admin users not able to see network menus
- User Roles in multisite – odd behavior
- Multisite – site user limited only for this site
- WordPress single sign on using cookies with shared user role functionality between more than 2 wordpress subdomains
- Activation of new Registered site fails on multisite
- Get current user outside of WordPress Multisite
- Multisite – User creation for second site from first site?
- WordPress MU users – how are they organized?
- Get users from all/specific blog by user_role and current_user role
- Possible to set new user’s site time zone at user creation using Gravity Forms?
- multisite registration: check existing subdomains while typing
- Registration Page
- Unsure of my options, Multi-blog?
- WordPress Multisite (Network) some site users added to main site users list as subscriber
- Change a subsite Admin role of a WordPress Multisite after 24 hours registering