Admin hierarchy - wordpress

Can any user in Wordpress with full admin privileges (ALL capabilities turned on) be hidden from other users with admin privileges (with comparatively lesser capabilities turned on) in the ‘Users’ area (list_users)?
I want to create a sort of hierarchy of administrator roles and users, where the user with the top admin role with ALL capabilities should be hidden from other users with lesser admin roles and capabilities – in the ‘Users’ area.
How can I achieve / implement this?
Thanx.

To entirely hide the user will be very hard and would require a lot of hooking and filtering, even if the super admin is only passively active (no post editing, publishing, etc.)
If you just want to hide the user from the backend users list the pre_user_query hook will probably be helpful:
https://developer.wordpress.org/reference/hooks/pre_user_query/
Alternative solution: Do not make the other users admins. Create a custom role with custom capabilities. An admin is intended to do/see everything on a wordpress site except for a multisite installation, where the network admin is even stronger.

The code below seems to work for users list ONLY:
add_action('pre_user_query','yoursite_pre_user_query');
function yoursite_pre_user_query($user_search) {
global $current_user;
$username = $current_user->user_login;
if ($username == 'DESIRED USERNAME GOES HERE') {
}
else {
global $wpdb;
$user_search->query_where = str_replace('WHERE 1=1',
"WHERE 1=1 AND {$wpdb->users}.user_login != 'DESIRED USERNAME GOES HERE'",$user_search->query_where);
}
}
function hide_user_count(){
?>
<style>
.wp-admin.users-php span.count {display: none;}
</style>
<?php
}
add_action('admin_head','hide_user_count');
[Disclaimer: Code not mine, source forgotten.]

Related

Wordpress roles don't upgrade unless refresh users page in admin panel

Hello so I'm using Ultimate Member plugin with S2member pro plugin and ultimate members has their own roles called community roles. Also S2member has their own roles called s2member_level1 i'm trying to combine those 2 that whenever s2member_level1role has some user ultimate member community role also would change to premium for example. i'm using this code to achieve that.
global $ultimatemember;
$user_id = get_current_user_id();
if( current_user_is(s2member_level1) ) {
update_user_meta($user_id, 'role', 'premium');
} elseif ( current_user_is(s2member_level0) ){
update_user_meta($user_id, 'role', 'member');
} else {
}
It works like if some person has s2member_level1 role than it would update ultimate member role to premium and if S2member_level0 that means member is without membership or its already expired than it would change also ultimate member role back to memberwhich is subscriber for wordpress role.
Problem:
It works only if i refresh wordpress admin panel user section than everything updates if i don't refresh that and user s2member role changed it does not react user can still access to only premium users section but when i refresh or access users wordpress admin panel section all roles that should update without this action updates.
Why this happens and how to fix it?
For people like me solution:
global $ultimatemember;
$user_id = get_current_user_id();
if( current_user_is(s2member_level1) ) {
update_user_meta($user_id, 'role', 'premium');
delete_option( "um_cache_userdata_{$user_id}" );
} elseif ( current_user_is(s2member_level0) ){
update_user_meta($user_id, 'role', 'member');
delete_option( "um_cache_userdata_{$user_id}" );
} else {
}
I have added delete_option( "um_cache_userdata_{$user_id}" );
You may ask whats this, well plugin ultimate member has very stupid caching system that if you want use some custom things it does not include their cache cleaning so whenever u go to users its one of the places where ultimate member cleans cache when page is loaded, better include this code to all custom codes that u will do in future because it wont work simply because of cache problem...
I don't undestand why they need to cache user data, anyway i got the same problem wit advanced custom field.
I use ACF to display and manage custom user field on user profile page.
But every changes on this page will not be visible on their modal info page because there is their cache.
I have deleted all old cache then i turned off:
Ultimate Member -> Settings -> Advanced -> Stop caching user’s profile data
Then they get data every time from usermeta with key submitted.

Turn advertisements off or on for members on Wordpress website?

Does anyone know how I could enable members who created an account on my WordPress website (http://developergenius.com) to be able to disable disable advertisements in the My Account (http://developergenius.com/my-account) page on my website? I want it where they could just hit a check box and then hit save and advertisements would disappear, then they could always turn them on again.
Please note that I am kind of a beginner, sorry about that!
The thing you are looking for is:
is user logged in
this is a built in wordpress function you can use.
for example:
<?php
if ( is_user_logged_in() ) {
echo 'Welcome, registered user!';
} else {
echo 'Welcome, visitor!';
}
?>
you can play with it and add functions to the control panel, to the actual site and more.
if you want more options you should also see:
Roles and Capabilities
This feature gives you the power to what kind of user is logged. (admin, user, subscriber and so)

Wordpress - Erase "Roles" on Profile Page

I'm new at Wordpress plugin creation and still trying to get the concept of action hook or filter hook.
I've created a custom role for "moderator". What I want for this role:
- in charge of users with specific role, e.g. subscribers.
- able to change users password.
- NOT able to change other users roles.
the problem is this: to be able to change other users password the moderators will need to have access to user profile page. But, on the user profile page, the moderators can change the other user role. I'm able to hide it by changing the wp-admin/user-edit.php but I think it's better done by plugin. So, how to hide / modify the "roles" selection with a plugin?
Thanks for the help.
To make it more clear, I'm attaching a picture for it.
There are no hooks to remove that. It has to be solved with CSS and/or jQuery.
Here, both CSS and jQuery do almost the same, you can choose one or another, or use both.
The current_user_can has to be adjusted to your roles/capabilities setup.
Note that the hook admin_head can have a suffix, so it'll only run in that specific /wp-admin/WP-PAGE.php address.
add_action( 'admin_head-user-edit.php', 'so_13598192_remove_roles_dropbox' );
function so_13598192_remove_roles_dropbox()
{
// Admins can edit that, exit without printing scripts
if ( current_user_can( 'administrator' ) )
return;
?>
<style>
label[for=role], #role
{
display:none;
}
</style>
<script>
jQuery(document).ready(function($)
{
$('label[for=role]').parent().parent().remove();
});
</script>
<?php
}

disable "Purge from Page Cache" for specific roles on w3-total-cache

with the plugin w3-total cache, in the overview of wordpress-posts there is the ability to "Purge from Page Cache" for each post.
this function is also available for users of the role "author". this is nothing to worry about if this were possible only on their own posts. but as an "author" you can do this also on other users posts .
so, is there a way to configure w3tc to not allow this for specific user-groups?
This removes the link for all roles, put it in functions.php
function remove_purge_from_page_cache_link($actions, $post){
unset($actions['pgcache_purge']);
return $actions;
}
add_filter('post_row_actions', 'remove_purge_from_page_cache_link',1000,2);
add_filter('page_row_actions', 'remove_purge_from_page_cache_link',1000,2);
To make it only remove for authors you'll want to use something like this
if (!current_user_can('publish_posts')) {
unset($actions['pgcache_purge']);
}
You can tweak the logic to target the user group(s) you want.

Hide other domains' menus from node edit form on a Drupal site using domain access

I'm in the process of making some improvements to a live Drupal site that's using the Domain Access module to run a number of microsites. I'm trying to find a way of restricting the menus a user can post content to from the node edit screen. A user on one of the domains should only be able to post content to menus associated with that domain.
Is there a simple way of achieving this? I'm guessing there are some hooks I could use, but so far I have been unable to identify them. I'd prefer not to have to install further modules to achieve this and to be able to add some code to the current site to alter the forms. The site is struggling with the large number of modules we've had to install on it already.
According to the readme for the module, you need to set some specific permissions in user management:
To enable this feature, you should grant the 'edit domain nodes' and
(optionally) the 'delete domain nodes' permission to some roles. Then assign
individual users accounts to specific domains to assign them as Domain Editors.
From my experience many moons ago with the module, you can check the global $user object and figure out what domains the user should have access to. You can then use a form alter to remove any options from the select box that you don't want them seeing. As always with Drupal though, it's better to let someone else write the code - so if the Domain module provides this functionality, use it!
Here is some updated code for Drupal 7:
/**
* Implements hook_form_FORM_ID_alter().
*/
function MYMODULE_form_page_node_form_alter(&$form, &$form_state) {
global $_domain;
if (isset($_domain['domain_id'])) { // only display domain's primary links
$menus[domain_conf_variable_get($_domain['domain_id'], 'menu_main_links_source')] = $_domain['sitename'].' Main menu';
}
if (isset($menus)) {
$options = menu_parent_options($menus, $form['#node']->type);
$form['menu']['link']['parent']['#options'] = $options;
}
}
Eventually found a way of fixing this for the particular project I have been working on: in module_form_alter I've added the following:-
global $_domain;
if (isset($_domain['domain_id'])) { // only display domain's primary links
$menus[domain_conf_variable_get($_domain['domain_id']
,'menu_primary_links_source')] = $_domain['sitename'].' Primary links';
}
if ( isset($menus) ) {
$options = menu_parent_options($menus, $form['menu']['#item']);
$form['menu']['parent']['#options'] = $options;
}
This restricts the menu options to just the current domain's primary links menu which is just what we wanted.
Thanks to Fabian who pointed me in the right direction earlier.

Resources