I am working on a website where I have student guardian relationships. So when a guardian is visiting his student profile, he should be able to edit, delete all the fields that a user itself can do. I am using buddypress and have used rtmedia plugin. Now For example, student uploads media, images. By default, other user can't delete or edit the media. But in my case, guardian should be capable of editing and deleting students media. I am thinking that if I assign the admin role to guardian when he is viewing students profile then my problem can be solved. But I don't know how to assign a user amdin role. Thanks
I would recommend reading up on the User admin screen in the WordPress codex:
https://codex.wordpress.org/Users_Screen#Change_Roles_to
It explains how to switch roles for existing users, as well as assigning roles to existing ones:
https://codex.wordpress.org/Users_Add_New_Screen
You don't want to give them an admin role.
You want to check for a student/guardian relationship and if found allow edit access.
To allow such access, you'll have to do various operations, for example, in BP, filter the profile screens loop to allow editing.
Create php file to plugins directory and add below content
<?php
/* Plugin Name: Add role */
function add_roles() {
$result = add_role(
'admin',
__( 'Admin' ),
array(
'edit_posts' => true, // true allows this capability
'read' => true,
'delete_posts' => false, // Use false to explicitly deny
)
);
if ( $result !== null ) {
echo 'New role created';
}
else {
echo 'Role already exists..';
}
}
register_activation_hook( __FILE__, 'add_roles' );
Above more capabilities can be added accordingly
More about capabilities at http://code.tutsplus.com/articles/wordpress-roles-and-capabilities-the-basics--wp-25921
Activate plugin and check under users to assign admin role
for guardian role assign capabilities to delete or edit the media.
For guardian (after visiting his student profile to edit or delete all the fields that a user itself can do) assign admin role and assign capabilities same as student by editing capabilities of plugin.
Then after reactivate plugin.
Related
I've defined a custom role in Woocommerce. This user ONLY needs access to urls to edit shop_orders and inspect individual shop orders. Like:
/wp-admin/edit.php?post_type=shop_order
/wp-admin/post.php?post=124&action=edit
/wp-admin/post-new.php?post_type=shop_order
If they go anywhere else I want to redirect them to:
/wp-admin/edit.php?post_type=shop_order
In effect they should only see orders, modify orders, and create orders. I've added all the right permissions for this, and modified the menus drastically so they can't see 'products', 'my profile', etc. However, if they accessed some links directly they would still load (the 'dashboard' for one and 'my settings'). Removing them from dashboard != removing access to them.
I'm trying to harden my security a bit by redirecting on everything except a few whitelisted routes with wildcards. Any thoughts on how to approach? Thanks.
This sounds like something you may be able to do with this filter:
https://codex.wordpress.org/Plugin_API/Filter_Reference/user_has_cap
My understanding of it is that when wordpress queries whether or not the user has the capability to do something on the site e.g. edit_posts, then you can apply further logic (in your example, checking whether or not their role is the custom role you defined) to decide to restrict or enhance that capability if you wish. In your case, if the user didn't meet your criteria (they are not requesting a pre-defined page), you could redirect.
Quick proof of concept (I think):
function only_let_user100_see( $allcaps, $cap, $args ) {
if($args[0] === 'edit_posts' && is_admin()) {
if(get_current_user_id() !== 100) {
echo "No way";
exit;
}
} else {
return $allcaps;
}
}
add_filter( 'user_has_cap', 'only_let_user100_see', 10, 3 );
I Have plugin for image lazy load, and i need to disable this plugin in any attachment page.
How can do that ?
By default admin has the access to manage the plugins page in WP.
But you can make this accessible by public also.
Just need to add a capability to subscriber role
function add_theme_caps() {
// gets the subscriber role
$role = get_role( 'subscriber' );
//add capability to this role
$role->add_cap( 'activate_plugins' );
}
add_action( 'admin_init', 'add_theme_caps');
activate_plugins is a capability provided to admin user only by WordPress.
but we can add the capability to any other user role. And Subscriber is considered as the public of WP site, So this code will do the needful.
Note : This can be dangerous in terms of security.
I have created extra profile fields for WP users but I want to make sure they are only editable by admins, is this possible?
Thnaks
Pam
While adding the fields, you need to check if logged in user has admin capabilities or not.
if ( current_user_can( 'manage_options' ) ) {
/* A user with admin privileges */
} else {
/* A user without admin privileges */
}
accordingly you can show/hide the fields as per the user role.
I'm developing a WP network which will include many sites, all of which will be edited by the same largish group of users. I'd very much prefer to not give super-administrator privileges to all of these users, though, so I'm wondering if it's possible to create a "super-editor" role/user group that would allow users to edit/author all sites within the network, but not be able to actually administer the network, etc.
I've found plugins that allow for cloning blogs and copying users from one blog to another, but it would be great to be able to simply create user once and give them appropriate network wide privs, and similarly delete a user once from the network to revoke privs.
Any clues? My Google-Fu is failing on this one.
Thanks in advance!
Paste this code in your themes function.php file and customize as your need.
/* Add member role to the site */
add_role('member', 'Member', array(
'read' => true,
'edit_posts' => true,
'delete_posts' => true,
));
/* Add snypher role to the site */
add_role('snypher', 'Snypher', array(
'read' => true,
'edit_posts' => true,
'delete_posts' => true,
));
/* remove the unnecessary roles */
remove_role('subscriber');
remove_role('editor');
remove_role('author');
remove_role('contributor');
Hope this two links helps you more:
[1] http://codex.wordpress.org/Function_Reference/add_role
[2] http://codex.wordpress.org/Function_Reference/add_cap
Thanks.
Create a custom role with many powers, as per Krunai Shah answer. Then create a Must Use plugin and polish the following code to your needs:
<?
/**
* Plugin Name: Network Access
*/
/**
* Redirect Authors and Subscribers to the site front page
* Except if viewing the Profile page
*/
add_action('admin_init','wpse_53675_block_users');
function wpse_53675_block_users()
{
global $pagenow;
if( 'profile.php' == $pagenow ) // use in_array to put a bunch of prohibited pages
return;
if( !current_user_can('delete_pages') )
{
wp_redirect( get_home_url(), 301 );
exit;
}
}
/**
* Hide all menus from the Admin panel
* Except the profile item
*/
add_action('admin_menu', 'wpse_53675_remove_admin_menus', 999);
function wpse_53675_remove_admin_menus() {
if( !current_user_can('delete_pages') )
{
remove_menu_page('index.php');
remove_menu_page('edit.php');
remove_menu_page('upload.php');
remove_menu_page('link-manager.php');
remove_menu_page('edit.php?post_type=page');
remove_menu_page('edit-comments.php');
remove_menu_page('tools.php');
}
}
Useful Q&A: How to adapt my plugin to Multisite?.
I'm trying to create a plugin where an admin (custom defined user role, not regular administrator) can access an options page, enter a specific username into a textbox, hit submit, and by doing so add a second user role to that user. I know that this code:
$user = new WP_User( null, 'username' );
$user->add_role( 'admin' );
will add the "admin" role to someone with the username "username." So in my plugin's settings page, I have a textbox:
Add an Admin: <input type="text" size="57" name="sscaur_options[txt_admin]" value="<?php echo $options['txt_admin']; ?>" />
and then this at the end:
function sscaur_add_admin($textbox) {
$options = get_option('sscaur_options');
$textbox = $options['txt_admin'];
$user = new WP_User( null, '{$textbox}' );
$user->add_role( 'admin' );
return $textbox;
}
I know that's totally wrong, but don't know how to begin to make it right.
I know that adding second user roles can be done with the User Role Editor plugin, but that's hardcoded to only give access to actual administrators, and I need my custom user roles to be able to add roles to specific users without being full administrators.