If you use the Members plugin, you can set it up like you want. It also has the possibility to add custom roles (your edit_cpt and so on) also a lot of plugins also work that way: <?php if ( current_user_can(‘manage_options’) ) { do_something(); } ?>
Without a plugin something like this should work //functions.php function get_user_role() { global $current_user; $user_roles = $current_user->roles; $user_role = array_shift($user_roles); return $user_role; } //page template $role = get_user_role(); if($role == “subscriber”){ //cool you can see this } else { //sorry not allowed } A BETTER way would be to use something like the Members Plugins … Read more
Yes, but you might need a plugin like ‘User Role Editor‘. You can then edit the capabilities of roles, including contributors. So they can edit their own posts/drafts, but not the posts/drafts of others you should ensure that core capabilities: edit_posts is checked. edit_others_posts is unchecked
Have you tried TDO Mini Forms? It allows users posting content from the frontend. I don’t know if it allows submitting custom types, but at least can give you a hint.
Just add a meta record that tracks the state of the username-changing actions: $user = wp_get_current_user(); $did_one_change = get_user_meta($user->ID, ‘changed_username’, true); if($did_one_change !== false) wp_die(‘You already changed your user name once!’); wp_update_user(array( ‘ID’ => $user->ID, ‘first_name’ => $_POST[‘first_name’], ‘last_name’ => $_POST[‘last_name’], )); // here add a meta entry that suggests the user has changed their … Read more
The easiest php solution would be to make a download script. It checks if the user has the right permissions and serves the file to the webclient. Or my preference setup a folder outside your web root and put the files there. Set the file permissions with no anonymous access and let the webserver read … Read more
If your database is set up to deny remote connections (i.e. only applications on the same server can interact with the database) then there’s no danger in giving your WordPress user full access. As a matter of fact, most automated installation scripts used by web hosts grant full access to their WordPress user by default. … Read more
Here’s a solution that worked for me: http://thereforei.am/2011/03/15/how-to-allow-administrators-to-edit-users-in-a-wordpress-network/ Pretty elegant and doesn’t involve messing with core.
If you did want to lock things down…. a normal wordpress site will usually only require the database user to have SELECT, INSERT, UPDATE and DELETE. If you want to use the automatic update feature it will also require CREATE and ALTER. Some plugins may require other permissions but most won’t.
Editing the privacy policy page is restricted to manage_privacy_options as pointed out in a comment in the WordPress core file wp-includes/capabilities.php: /* * Setting the privacy policy page requires `manage_privacy_options`, * so editing it should require that too. */ if ( (int) get_option( ‘wp_page_for_privacy_policy’ ) === $post->ID ) { $caps = array_merge( $caps, map_meta_cap( ‘manage_privacy_options’, … Read more