I have being looking in internet how can I disable the option of edit profile in Wordpress for a user and I did't find a good way. The problem is that I want that the 95% of users can edit their profiles (address, telephone,...) but there is another 5% that I don't want them to have access to the profile section.
The best solution for me is to select manually the users that I want to disable but I also thought about create a role or a group of users to manage it.
There is no plugin for this and the only thing I have found is the following code but it is not working.
add_action('admin_init', 'user_profile_fields_disable');
function user_profile_fields_disable() {
global $pagenow;
// apply only to user profile or user edit pages
if ($pagenow!=='profile.php' && $pagenow!=='user-edit.php') {
return;
}
// do not change anything for the administrator
if (current_user_can('administrator')) {
return;
}
if (current_user_can('custom_role') {
add_action( 'admin_footer', 'user_profile_fields_disable_js' );
}
}
/**
* Disables selected fields in WP Admin user profile (profile.php, user-edit.php)
*/
function user_profile_fields_disable_js() {
?>
<script>
jQuery(document).ready( function($) {
var fields_to_disable = ['email', 'role'];
for(i=0; i<fields_to_disable.length; i++) {
if ( $('#'+ fields_to_disable[i]).length ) {
$('#'+ fields_to_disable[i]).attr("disabled", "disabled");
}
}
});
</script>
<?php
}
You have to substitude the "custom_role" with the name of the role I have assign to the user.
Is that code obsolete or bad? Any idea of how to solve it?
Thanks.
Related
I am trying to hide the following item from the following sections:
Admin bar: ID = wp-admin-bar-nitropack-top-menu
Plugin list: data-slug="nitropack"
I have tried these methods, but can not get it to work. Maybe i have the wrong IDs/Slugs?
Methods: https://divi.space/wordpress-and-divi-code-snippets/hide-any-plugin-from-the-wordpress-dashboard/
Would really appreciate some help, since a customer should not be able to change the settings within this plugin!
Best regards,
Isac
The css way
<style>
a[data-slug="nitropack"] { //hides all a href's with that data slug
display:none;
}
</style>
normally if its an wp admin menu you would do something like this:
//remove admin page item
function edit_admin_menus() {
remove_menu_page("index.php"); //Dashboard
remove_menu_page("itsec"); // wp-admin.php?page=itsec use this "itsec"
}
add_action("admin_menu", "edit_admin_menus");
or you need to remove admin bar item
//remove tool bar item
function remove_toolbar_node($wp_admin_bar) {
// replace 'updraft_admin_node' with your node id "nitropack" something
$wp_admin_bar->remove_node("avia");
$wp_admin_bar->remove_node("updates");
$wp_admin_bar->remove_menu("wp-logo");
$wp_admin_bar->remove_menu("themes");
$wp_admin_bar->remove_menu("widgets");
$wp_admin_bar->remove_menu("dashboard");
//$wp_admin_bar->remove_node("updraft_admin_node");
}
add_action("admin_bar_menu", "remove_toolbar_node", 999);
FYI, since you need to block access to the plugin you'll need to add a redirect based on member role. The customer may know the actual url and can still access the page.
//Admin or Editor role check, if else send to alt url
function block_pages_for_user() {
$blocked_pages = is_page('slug');
$url = "https://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];
if( !current_user_can('administrator') && !current_user_can('editor') && !current_user_can('subscriber') && $blocked_pages ) {
wp_redirect( 'http://www.example.dev/your-page/', 301 );
exit;
}
}
add_action( 'wp', 'block_pages_for_user', 8 );
Is it possible to customize Wordpress via action, hook or anything, that
only users of role "administrator" or "editor" may trash, spam or edit comments from the backend?
only users of role "administrator" or "editor" may trash, spam or edit comments from mail that will be generated on new comments?
I did not find anything on codex.wordpress.org as well as I did not find a proper plugin. :-/
Thanks!
I would advice using a plugin such as User Role Editor for this, but hey - heres a working code example :):
In the the class WP_Role you'll find a property named ‘edit_comment’ which is mapped to the ‘edit_posts’ thus isn't handled as a separate capability. we can however modify the behaviour by applying a filter to the selected user role we want to restrict editing comments on by using the map_meta_cap function.
Example for:
Only users "administrator" or "editor" may trash, spam or edit comments from the backend:
<?php
// Restrict editing capability of comments using `map_meta_cap`
function restrict_comment_editing( $caps, $cap, $user_id, $args ) {
if ( 'edit_comment' == $cap ) {
// Allowed roles
$allowed_roles = ['editor', 'administrator'];
// Checks for multiple users roles
$user = wp_get_current_user();
$is_allowed = array_diff($allowed_roles, (array)$user->roles);
// Remove editing capabilities on the back-end if the role isn't allowed
if(count($allowed_roles) == count($is_allowed))
$caps[] = 'moderate_comments';
}
}
return $caps;
}
add_filter( 'map_meta_cap', 'restrict_comment_editing', 10, 4 );
// Hide comment editing options on the back-end*
add_action('init', function() {
// Allowed roles
$allowed_roles = ['editor', 'administrator'];
// Checks for multiple users roles
$user = wp_get_current_user();
$is_allowed = array_diff($allowed_roles, (array)$user->roles);
if(count($allowed_roles) == count($is_allowed)) {
add_filter('bulk_actions-edit-comments', 'remove_bulk_comments_actions');
add_filter('comment_row_actions', 'remove_comment_row_actions');
}
});
function remove_bulk_comments_actions($actions) {
unset($actions['unapprove']);
unset($actions['approve']);
unset($actions['spam']);
unset($actions['trash']);
return $actions;
}
function remove_comment_row_actions($actions) {
unset($actions['approve']);
unset($actions['unapprove']);
unset($actions['quickedit']);
unset($actions['edit']);
unset($actions['spam']);
unset($actions['trash']);
return $actions;
}
?>
Code goes into your functions.php file
Thanks to #Kradyy I came around to map_meta_cap and remove_cap.
With the following in the functions.php, the links are removed in the comments section of the dashboard as well as in the email sent to the author (except for admins and editors):
global $wp_roles;
$allowed_roles = ['editor', 'administrator'];
foreach (array_keys($wp_roles->roles) as $role){
if (!in_array($role, $allowed_roles)) {
$wp_roles->remove_cap( $role, 'moderate_comments' );
}
}
I've created an ACF frontend form using acf_form; these fields are added to the User record on the backend; however because this form has required fields this means the admin cannot make basic changes to the user on the backend unless the user has filled in this form.
So I'm wondering if it's possible in certain situations to allow the admin to bypass being required to fill in required fields and if so, how do I go about doing this?
Ok, found a way to do this - this is a way to do it for the User screen, it may differ for other post types.
We not only have to disable server side validation, but also client side validation, to do this, we do something a little like this:
add_action('acf/input/admin_head', 'my_acf_admin_head');
function my_acf_admin_head() {
if (!function_exists('get_current_screen')) {
return;
}
// Get current page/screen
$screen = get_current_screen();
// Get current user
$user = wp_get_current_user();
if (is_object($screen) and is_a($screen, 'WP_Screen')) {
if (($screen->id == 'user-edit' or ($screen->id == 'user' and $screen->action == 'add')) and in_array('administrator', $user->roles)) {
?>
<script type="text/javascript">
window.acf.validation.active = false;
</script>
<?php
}
}
}
This will add some Javascript to any page that matches our qualifers to disable ACF client-side validation.
Now, to disable backend validation, we do something like this:
add_action('acf/validate_save_post', 'my_acf_validate_save_post', 10, 0);
function my_acf_validate_save_post() {
if (!function_exists('get_current_screen')) {
return;
}
// Get current page/screen
$screen = get_current_screen();
// Get current user
$user = wp_get_current_user();
if (is_object($screen) and is_a($screen, 'WP_Screen')) {
if (($screen->id == 'user-edit' or ($screen->id == 'user' and $screen->action == 'add')) and in_array('administrator', $user->roles)) {
// clear all errors so they can bypass validation for user data
acf_reset_validation_errors();
}
}
}
Note that because get_current_screen() isn't always available, these methods do not support front end forms.
Also note that this code could definitely be improved to be a lot more DRY, but I will leave that up to you. :)
This is the contents of functions.php. The code displays for the admin some buttons in the editor. Why are these buttons displayed for the admin, but not displayed for the author?
function spectext_button() {
if (current_user_can('edit_posts') && current_user_can('edit_pages'))
{
add_filter('mce_external_plugins', 'spectext_plugin');
add_filter('mce_buttons_2', 'spectext_register_button');
}
}
add_action('init', 'spectext_button');
function spectext_plugin($plugin_array){
$plugin_array['spectext'] = get_bloginfo('template_url').'/js/newbuttons.js';
return $plugin_array;
}
function spectext_register_button($buttons){
array_push($buttons, "green");
array_push($buttons, "yellow");
array_push($buttons, "red");
return $buttons;
}
&& current_user_can('edit_pages')
The above mentioned code checks if the user has the privileges to edit pages which is allowed to only following user roles:
Super Administrator
Administrator
Editor
If you remove this condition your buttons will work for all users capable of editing posts i.e.
Super Administrator
Administrator
Editor
Author
Contributor
I have a WordPress site. There are many users. I want when an author logs in, the author who currently is currently logged on couldn't access the "edit page" menu in the admin bar.
Is there any plugin to disable that?
You can use this plugin :
http://wordpress.org/extend/plugins/admin-bar-disabler/
OR Alternative and manual way is under if condition place this
show_admin_bar(false);
E.g.
if(!is_admin())
{
show_admin_bar(false);
}
place this code in functions.php so that it will disable the admin bar for all the other users.
In your functions.php file, you can add one of the following code snippets to get the indicated results:
// Only display to administrators
add_action('after_setup_theme', 'remove_admin_bar');
function remove_admin_bar() {
if (!current_user_can('administrator') && !is_admin()) {
show_admin_bar(false);
}
}
// Disable for specific role (in this case, 'subscriber')
function remove_admin_bar() {
$user = wp_get_current_user();
if (in_array(‘subscriber’, $user->roles)) {
show_admin_bar(false);
}
}