After a quick chat with Magicroundabout who pointed out a useful resource from Justin Tadlock, it turns out that capabilities for custom post types don’t actually exist unless you use add_cap to the role, for example for the following custom post type: add_action( ‘init’, ‘register_cpt_gallery’ ); function register_cpt_gallery() { $labels = array( ‘name’ => __( … Read more
It’s actually pretty easy. You need to filter into map_meta_caps and stop editors from creating/editing admins, and remove the administrator role from the ‘editable roles’ array. This class, as a plugin or in your theme’s functions.php file would do it: class JPB_User_Caps { // Add our filters function __construct(){ add_filter( ‘editable_roles’, array($this, ‘editable_roles’)); add_filter( ‘map_meta_cap’, … Read more
Roles are stored in the global variable $wp_roles. The ideal function is get_editable_roles() from /wp-admin/includes/user.php function get_editable_roles() { global $wp_roles; $all_roles = $wp_roles->roles; $editable_roles = apply_filters(‘editable_roles’, $all_roles); return $editable_roles; } The “editable” part is because it offers other plugins a chance to filter the list in case someone other than admin has ‘edit_users’ privilege (and … Read more