Add your plugin with a capability argument. So, if your plugin entry point is an admin page menu, you can use something like this: add_menu_page(page_title, menu_title, capability, handle, [function], [icon_url]) You can set the “capability” to “upload_files”. that function sees that capability argument as “The minimum capability required to display and use this menu page”. … Read more
I did not test the following code, but it should do what you want (or point you in the right direction, at least). function captains_user_row_actions($actions, $user) { // remove the ability to edit a non-team-member $cap_team_id = get_user_meta(wp_get_current_user()->ID, ‘team-meta’, true); $user_team_id = get_user_meta($user->ID, ‘team-meta’, true); if (‘users.php’ === $GLOBALS[‘pagenow’] && $cap_team_id !== $user_team_id) unset($actions[‘edit’]); return … Read more
Try this – rather than redo all the hard work that WordPress does for the view links, just calculate all the posts for the admin you want to “hide” and subtract from the existing post counts: function wpse_229427_get_hidden_admin_id() { return 3; // You could make this a setting or return a value conditionally } function … Read more
Here’s a solution that will remove the original author meta box and replace it with a similar, but customized version which includes users with the contributor role. The logic for adding/removing the author meta box is pulled directly from the core. The meta box display callback is also cloned from the core, but we use … Read more
Well, you have to ask yourself “Secure enough for what?” I doubt you are a bank or other institution that needs exceptionally high security. If you were you’d a team of $100,000+ per year experts to answer this question for you. With that in mind… You’d have to subvert the WordPress login system to get … Read more
This is totally possible by registering your own rest field into the response. Here’s some documentation on modifying response data. https://developer.wordpress.org/rest-api/extending-the-rest-api/modifying-responses/ Here’s how to add roles to the endpoint: function get_user_roles($object, $field_name, $request) { return get_userdata($object[‘id’])->roles; } add_action(‘rest_api_init’, function() { register_rest_field(‘user’, ‘roles’, array( ‘get_callback’ => ‘get_user_roles’, ‘update_callback’ => null, ‘schema’ => array( ‘type’ => ‘array’ … Read more
Good question! The capability checking is probably done quite early in the loading process. By looking at /wp-admin/users.php you can tell that one of the first things to happen is current_user_can( ‘list_users’ ), so that one is clearly needed or you’ll get the “Cheatin’ uh?” warning. But right before that, /wp-admin/admin.php is included, and at … Read more
This first step to making this happen is add the capability to create_users to a given role. You do this be calling get_role, then using the add_cap method. This only needs to be done once. Here’s an example that does it on plugin activation. <?php register_activation_hook( __FILE__, ‘wpse42003_activation’ ); function wpse42003_activation() { foreach( array( ‘editor’, … Read more
Yes. WordPress has robust built-in Roles and Capabilities system desgined to do exactly what you are looking for. To add a new role, use the add_role() function in your theme’s functions.php or a plug-in like so: $role = add_role( ‘event_manager’, ‘Event Manager’, array( ‘read’ => true, // True allows that capability ) ); if ( … Read more
Clients get added by admins, clients have a parent child relationship with employees which makes filtering easy. So all we need to do is remove anything that doesn’t have to do with employees and filter for employees with a certain meta value. First thing’s first, whenever a new user is registered on the admin side … Read more