user-roles - Read For Learn

Temporarily disable user role login and replace with message

With a some digging and learning, I managed to combine various help and create these 2 functions… // MAINTAINANCE MODE function site_maintenance() { if ( current_user_can(‘media’) || current_user_can(‘genpo’) ) { $logout_url = wp_login_url().’?mode=maintainance’; wp_logout(); wp_redirect( $logout_url, 302 ); } } add_action(‘get_header’, ‘site_maintenance’); // CUSTOM LOGIN MESSAGES function my_login_message() { if( $_GET[‘mode’] == ‘maintainance’ ){ $message=”<p … Read more

Allow editors access to added plugins

Please add the following code. function activate_plugin_name() { $role = get_role( ‘editor’ ); $role->add_cap( ‘manage_options’ ); // capability } // Register our activation hook register_activation_hook( __FILE__, ‘activate_plugin_name’ ); function deactivate_plugin_name() { $role = get_role( ‘editor’ ); $role->remove_cap( ‘manage_options’ ); // capability } // Register our de-activation hook register_deactivation_hook( __FILE__, ‘deactivate_plugin_name’ );` Refer my tutorial for … Read more

How to update role capabilities

add_role() will not do anything if the role already exists, so it can’t be used to modify capabilities. To modify capabilities use the add_cap() and remove_cap() method of the WP_Role object. You can get a WP_Role for your role using get_role(): $role = get_role( ‘event-planner’ ); $role->add_cap( ‘edit_others_events’ ); Here’s the thing though, roles are … Read more

How do I allow a specific Role in WordPress 3+ to only see certain plugins?

Add your plugin with a capability argument. So, if your plugin entry point is an admin page menu, you can use something like this: add_menu_page(page_title, menu_title, capability, handle, [function], [icon_url]) You can set the “capability” to “upload_files”. that function sees that capability argument as “The minimum capability required to display and use this menu page”. … Read more

Allow authors to edit only certain users

I did not test the following code, but it should do what you want (or point you in the right direction, at least). function captains_user_row_actions($actions, $user) { // remove the ability to edit a non-team-member $cap_team_id = get_user_meta(wp_get_current_user()->ID, ‘team-meta’, true); $user_team_id = get_user_meta($user->ID, ‘team-meta’, true); if (‘users.php’ === $GLOBALS[‘pagenow’] && $cap_team_id !== $user_team_id) unset($actions[‘edit’]); return … Read more

Hide specific admin users’ posts

Try this – rather than redo all the hard work that WordPress does for the view links, just calculate all the posts for the admin you want to “hide” and subtract from the existing post counts: function wpse_229427_get_hidden_admin_id() { return 3; // You could make this a setting or return a value conditionally } function … Read more

How to force listing contributors in authors dropdown menu

Here’s a solution that will remove the original author meta box and replace it with a similar, but customized version which includes users with the contributor role. The logic for adding/removing the author meta box is pulled directly from the core. The meta box display callback is also cloned from the core, but we use … Read more

Is WordPress’ is_user_logged_in() secure?

Well, you have to ask yourself “Secure enough for what?” I doubt you are a bank or other institution that needs exceptionally high security. If you were you’d a team of $100,000+ per year experts to answer this question for you. With that in mind… You’d have to subvert the WordPress login system to get … Read more

REST API, get user role?

This is totally possible by registering your own rest field into the response. Here’s some documentation on modifying response data. https://developer.wordpress.org/rest-api/extending-the-rest-api/modifying-responses/ Here’s how to add roles to the endpoint: function get_user_roles($object, $field_name, $request) { return get_userdata($object[‘id’])->roles; } add_action(‘rest_api_init’, function() { register_rest_field(‘user’, ‘roles’, array( ‘get_callback’ => ‘get_user_roles’, ‘update_callback’ => null, ‘schema’ => array( ‘type’ => ‘array’ … Read more

Temporarily give ‘manage_options’ capability

Good question! The capability checking is probably done quite early in the loading process. By looking at /wp-admin/users.php you can tell that one of the first things to happen is current_user_can( ‘list_users’ ), so that one is clearly needed or you’ll get the “Cheatin’ uh?” warning. But right before that, /wp-admin/admin.php is included, and at … Read more

+ More