Roles for Custom Post Types

I’m sure you could specify some capabilities while registering the Post Type itself. Although, here is a more robust version that can be used widely across the administration dashboard.

/**
 * Hide dashboard administrator menus from disallowed user roles.
 *
 * @author Michael Ecklund
 * @author_url https://www.michaelbrentecklund.com/
 *
 * @return void
 */
function mbe_hide_menus() {

    global $current_user, $menu;

    # Set list of disallowed user roles.
    $disallowed_roles = array( 'subscriber', 'author', 'editor' );
    $disallowed       = false;

    # Check current user role against all disallowed roles.
    foreach ( $disallowed_roles as $disallowed_role ) {

        # Current user role must not be disallowed.
        if ( in_array( $disallowed_role, $current_user->roles ) ) {

            $disallowed = true;// User role disallowed.
            break;

        }

    }

    # User passed the check. Bail before hiding the menu.
    if ( $disallowed === false ) {
        return;
    }

    # Set list of disallowed dashboard administration menus.
    $restricted = array(
        __( 'INSERT MENU NAME HERE' )// Text as it appears in the admin menu.
    );

    # Attempt to hide admin menus.
    foreach ( $menu as $index => $menu_data ) {

        if ( in_array( $menu_data[0], $restricted ) ) {
            unset( $menu[ $index ] );
        }

    }

}

In order to fire the function, you must add the action.

add_action('admin_menu', 'mbe_hide_menus', 101);

The above code only goes as far as hiding the admin menus form displaying to the user. They can still directly access the pages if they know the correct URLs.

You can use this to deny specific admin pages from being accessed by unprivileged users.

/**
 * Restrict admin pages from unprivileged users.
 *
 * @author Michael Ecklund
 * @author_url https://www.michaelbrentecklund.com/
 *
 * @return void
 */
function mbe_disallow_admin_pages() {

    global $pagenow;

    # Skip checking administrative users.
    if ( current_user_can( 'administrator' ) ) {
        return;
    }

    # Set denyable & hookable list of admin pages.
    $page_slugs = apply_filters( 'mbe_disallowed_admin_pages', array(
        'admin.php'           => 'jetpack',
        'options-general.php' => ''
    ) );

    # Page parameter isn't always present.
    if ( ! isset( $_GET['page'] ) ) {
        $page="";
    }

    # Check current admin page against denied admin page list.
    if ( array_key_exists( $pagenow, $page_slugs ) && in_array( $page, $page_slugs ) ) {
        wp_die( 'You do not have sufficient permissions to access this page.' );
    }

}

In order to fire the function, you must add the action.

add_action( 'admin_init', 'mbe_disallow_admin_pages' );

Related Posts:

  1. How to restrict specific post types from being read or added by specific user roles (eg. author)?
  2. Disable user from updating certain posts
  3. Preventing role reading others posts
  4. Why “Mine” is the default view when adding ‘capability_type’ in register_post_type
  5. Allow member to have access to custom post type only. Permission to only edit their own posts
  6. Possible to hide Custom Post Type UI/Menu from specific User Roles?
  7. Custom post type role permissions won’t let me read
  8. Allowing custom role access to custom post type in back end
  9. Add Custom User Capabilities Before or After the Custom User Role has Been Added?
  10. How to assign specific users the capability to edit specific pages / posts / custom post types
  11. Allow user to Edit Posts but not Add New?
  12. Defining capabilities for custom post type
  13. Confusion with adding meta capabilities to a role after registering a Custom Post Type with corresponding ‘capability_type’ parameter
  14. Can I make user role that can only access a certian content type?
  15. Create user role restricted to specific CPT
  16. How to set individual capabilities on a taxonomy? Or how to re-register an existing taxonomy?
  17. User roles – enable custom posts disable posts
  18. Add Capabilities to Custom Post Type after it has been created [duplicate]
  19. How to not allow custom roles to edit published custom post types?
  20. Allow User to Edit Page Based on their Email
  21. How can I get the last posts by user role?
  22. How do I code access to the built-in UI of a CPT when it’s placed as submenu of another CPT that is protected by role?
  23. WordPress allow access only one custom post type “xyz” to custom user role but need to hide all admin panels
  24. Is there a simple way to manage capabilities per user?
  25. Prevent author role from editing all posts in custom post type?
  26. How to allow “Add New” capability of CPT when links to its UI are placed as a submenu?
  27. Custom Role can’t trash Custom Post Type
  28. Limit access to page depending on user level
  29. Role Capabilities: Add New Ones?
  30. Custom post type capabilities require “create_posts” to access the edit posts list page
  31. Registration and Custom Post Types – How to synchronize information?
  32. Add custom capabilities to existing custom post type
  33. allow edit of custom post type but not regular posts?
  34. Allow Administrator role access to custom capabilities [duplicate]
  35. Why is my Custom Post Type not showing up after adding capabilities?
  36. Cannot attach media when capabilities added to custom post type
  37. How to restrict CPT post’s fronted view only for specific user roles?
  38. Are User Levels Still Currently Used?
  39. current_user_can() return FALSE but debugging says TRUE
  40. Role capability delete multiple post type posts doesn’t work
  41. map_meta_cap woes
  42. can’t see custom post content filtered under “mine” filter in admin panel
  43. Define new user capability for custom post types?
  44. Custom post types as sub menu pages and role capabilities issue
  45. Hiding posts by other users and non-logged in
  46. How to set individual capability of post type in individual category
  47. Restrict Access to Posts based on Custom User and Post Meta Data
  48. Giving permission to anyone (non-users as well) with a password to edit a post, possible?
  49. read_post meta capability for anonymous users
  50. WooCommerce Customer Role Delete Custom Post Type
  51. Users create/join groups
  52. “Submit for review” for updates on existing posts
  53. Access to CPT but not to ‘post’ post type
  54. Allow add new post access to custom post but not wp post for some role
  55. How to restrict author to only access one custom post type ?
  56. Create custom post with custom user rules
  57. Allow user to only access custom post type
  58. WordPress custom post type capabilities issue
  59. Custom User role not working with custom post type
  60. how to associate several authors to a custom post type
  61. Role capabilities issue
  62. WordPress: Custom User Role cannot access Custom Post Type | “Sorry, you are not allowed to access this page”
  63. Select other roles as custom post authors
  64. Roles and Capabilities in Custom Post Types
  65. How to fix the Post Preview Button (CPT & map_meta_cap)
  66. Restrict Custom Post Type per role in Dashboard
  67. Restrict access to custom post type based on its taxonomy terms
  68. Clone wp-admin/users.php (Users Admin Page)
  69. How to only display all posts to a custom User Role?
  70. Allowing custom role user to edit post assigned to them but don’t let them create new custom type post
  71. Multiple useres editing specified content
  72. Front-end submitted post is published with admin ID as author
  73. WooThemes – Vendors / Bookings – Allow Vendors to manage resources
  74. Capibilities of CPT WordPress
  75. How can I remove “Add new” button on custom post type
  76. Capabilities and mapping required for a role to be able to edit other’s posts of a custom type, BUT only be able to edit their own blog posts
  77. Remove Custom Capability
  78. Allow viewing the edit screen for a post type, but not make/save/publish/update changes
  79. Weird capabilities / roles behavior
  80. Control what custom posts a user can see
  81. Prevent author role from editing others posts
  82. creating different edit screens for different roles
  83. Display and Allow users to edit their own profiles
  84. Capability to read user’s own draft post of CPT
  85. Custom role, capabilities, and post type: preview button wrecks things
  86. Custom post type & role issues
  87. Read-Only custom post type
  88. current_user_can() returning true for capability when the user and role do not have the capability
  89. Custom post type for ‘staff’ versus using wordpress user profiles?
  90. Assign a Custom Role to a Custom Post?
  91. \WP_User Object | What’s the Difference Between {caps} and {allcaps}?
  92. Custom user role not working as expected
  93. How to enable a custom post type to custom user role in WordPress
  94. Display content based on a users login
  95. WordPress multiple custom post types capability conflict in a single menu
  96. Custom post type submenu capabilities – custom plugin
  97. How to show featured image block in custom post type for Author?
  98. How can i display movies in profile page, added by an user?
  99. See which user role / capability is needed to use a plugin
  100. User Permissions on custom post type