I am trying to find a way to limit access to some admin menu pages to specific admins.
So far I have managed to hide the pages from all admins who are not the primary admin but if they enter the URL for that page,they will be directed to that page.
add_action( 'admin_init', 'my_remove_menu_pages');
function my_remove_menu_pages() {
global $user_ID;
if ( current_user_can( 'administrator' ) && $user_ID !== 1 ) {
remove_menu_page( 'admin.php?page=settings' );
remove_menu_page( 'plugins.php' );
//remove_menu_page( 'authorhreview' );
}
}
I have been doing a lot of reading but I can't seem to come up with a solution.
Any help would be awesome.Thanks in advance.
Do not pass a role name to current_user_can(), as this is not guaranteed to work correctly..
See : https://core.trac.wordpress.org/ticket/22624
function appthemes_check_user_role( $role, $user_id = null ) {
if ( is_numeric( $user_id ) )
$user = get_userdata( $user_id );
else
$user = wp_get_current_user();
if ( empty( $user ) )
return false;
return in_array( $role, (array) $user->roles );
}
//example use for the current user
if ( appthemes_check_user_role( 'customer' )
_e( "You've got access dude!", 'appthemes' );
else
_e( "Sorry man, no luck.", 'appthemes' );
//example use for a specific user
$user_id = 23;
if ( appthemes_check_user_role( 'customer', $user_id )
_e( "You've got access dude!", 'appthemes' );
else
_e( "Sorry man, no luck.", 'appthemes' );
Related
Woocommerce Settings:
Guest checkout disabled.
Create account during checkout enabled (user and passowrd auto generated)
If user is REGISTERED. But NOT logged in.
Checkout errors with
"An account is already registered with your email address. Please log in."
How do I override this to
COMPLETE order, and tie order to existing account.
Give a prompt to user to login next time for a faster checkout
Can't find any snippet or module that can do it
none yet. Happy to reward.
There is no hook for this. You may need to modify process_customer function in WC core (plugins/woocommerce/includes/class-wc-checkout.php) Line#935 - Keep in mind, it's not encouraged to edit core ( when updated, your changes will loose)
protected function process_customer( $data ) {
$customer_id = apply_filters( 'woocommerce_checkout_customer_id', get_current_user_id() );
if ( ! is_user_logged_in() && ( $this->is_registration_required() || ! empty( $data['createaccount'] ) ) ) {
$username = ! empty( $data['account_username'] ) ? $data['account_username'] : '';
$password = ! empty( $data['account_password'] ) ? $data['account_password'] : '';
if(email_exists($data['billing_email'])){
$creds = array();
$creds['user_login'] = $user_login;
$creds['user_password'] = $user_password;
$creds['remember'] = true;
$user = wp_signon($creds, false);
$customer_id = $user->ID;
wp_set_current_user($customer_id, $user_login);
wp_set_auth_cookie($customer_id, true, false);
do_action('wp_login', $user_login);
}else{
$customer_id = wc_create_new_customer( $data['billing_email'], $username, $password );
}
if ( is_wp_error( $customer_id ) ) {
throw new Exception( $customer_id->get_error_message() );
}
wp_set_current_user( $customer_id );
wc_set_customer_auth_cookie( $customer_id );
// As we are now logged in, checkout will need to refresh to show logged in data.
WC()->session->set( 'reload_checkout', true );
// Also, recalculate cart totals to reveal any role-based discounts that were unavailable before registering.
WC()->cart->calculate_totals();
}
// On multisite, ensure user exists on current site, if not add them before allowing login.
if ( $customer_id && is_multisite() && is_user_logged_in() && ! is_user_member_of_blog() ) {
add_user_to_blog( get_current_blog_id(), $customer_id, 'customer' );
}
// Add customer info from other fields.
if ( $customer_id && apply_filters( 'woocommerce_checkout_update_customer_data', true, $this ) ) {
$customer = new WC_Customer( $customer_id );
if ( ! empty( $data['billing_first_name'] ) ) {
$customer->set_first_name( $data['billing_first_name'] );
}
if ( ! empty( $data['billing_last_name'] ) ) {
$customer->set_last_name( $data['billing_last_name'] );
}
// If the display name is an email, update to the user's full name.
if ( is_email( $customer->get_display_name() ) ) {
$customer->set_display_name( $data['billing_first_name'] . ' ' . $data['billing_last_name'] );
}
foreach ( $data as $key => $value ) {
// Use setters where available.
if ( is_callable( array( $customer, "set_{$key}" ) ) ) {
$customer->{"set_{$key}"}( $value );
// Store custom fields prefixed with wither shipping_ or billing_.
} elseif ( 0 === stripos( $key, 'billing_' ) || 0 === stripos( $key, 'shipping_' ) ) {
$customer->update_meta_data( $key, $value );
}
}
/**
* Action hook to adjust customer before save.
*
* #since 3.0.0
*/
do_action( 'woocommerce_checkout_update_customer', $customer, $data );
$customer->save();
}
do_action( 'woocommerce_checkout_update_user_meta', $customer_id, $data );
}
If you have enabled allow customers to login on checkout, the option login from checkout page will be coming.
What hooks would I use for the functions file in order to make it so that all non-admin users can't see all posts with a specific custom post_status in the wp-admin back-end. BUT it is still able to be queried and looped through the WordPress post loop?
With pre_get_posts you should be able to get started (to hide posts from the admin screen). You may also want to check the post type, etc.
function filter_posts( $wp_query ) {
if ( is_admin() ) {
$user = wp_get_current_user();
$post_status = 'draft';
if ( ! in_array( 'administrator', $user->roles ) ) {
$wp_query->set( 'post_status', $post_status );
}
}
}
add_action( 'pre_get_posts', 'filter_posts', 10 );
To disallow users to edit posts with that specific status, you should do:
function restrict_post_editing(){
global $post;
$post_status = 'draft';
if ( get_post_status( $post ) == $post_status ) {
$user = wp_get_current_user();
if ( ! in_array( 'administrator', $user->roles ) ) {
do_action('admin_page_access_denied');
wp_die( __('You cannot modify or delete this entry.') );
exit;
}
}
}
add_action('edit_post', 'restrict_post_editing', 10, 1);
add_action('wp_trash_post', 'restrict_post_editing', 10, 1);
add_action('before_delete_post', 'restrict_post_editing', 10, 1);
In WordPress, I want to create two register user type: 1.teacher and 2. student.. means register as teacher and register as a student.
teacher registration is free and it posts his video, text etc..
student registration is not free but it's 6-month and 12-month subscription when a student is subscribed for this then student show the teacher's all post.
Can you please suggest me in this how to create this type of registration and membership...
thanks in advance
I think you can do it using add_role function.
There are three parameters in add_role function.
add_role( $role, $display_name, $capabilities );
$role: Unique name of the role.
$display_name: The name to be displayed in WordPress Admin Panel.
$capabilities: Privileges that one can access.
Complete list of all capabilities can be found here.
Step 2 : add user roles dropdown in registration form
//1. Add a new form element...
add_action( 'register_form', 'myplugin_register_form' );
function myplugin_register_form() {
global $wp_roles;
echo '<select name="role" class="input">';
foreach ( $wp_roles->roles as $key=>$value ) {
// Exclude default roles such as administrator etc. Add your own
if ( ! in_array( $value['name'], [ 'Administrator', 'Contributor', ] ) {
echo '<option value="'.$key.'">'.$value['name'].'</option>';
}
}
echo '</select>';
}
//2. Add validation.
add_filter( 'registration_errors', 'myplugin_registration_errors', 10, 3 );
function myplugin_registration_errors( $errors, $sanitized_user_login, $user_email ) {
if ( empty( $_POST['role'] ) || ! empty( $_POST['role'] ) && trim( $_POST['role'] ) == '' ) {
$errors->add( 'role_error', __( '<strong>ERROR</strong>: You must include a role.', 'mydomain' ) );
}
return $errors;
}
//3. Finally, save our extra registration user meta.
add_action( 'user_register', 'myplugin_user_register' );
function myplugin_user_register( $user_id ) {
$user_id = wp_update_user( array( 'ID' => $user_id, 'role' => $_POST['role'] ) );
}
Finally How to check if a user is in a specific role ?
$user = wp_get_current_user();
if ( in_array( 'author', (array) $user->roles ) ) {
//The user has the "author" role
}
I am developing a ecommerce store using WordPress and WooCommerce.
I have a products.
I will only allow a specific customer to purchase the product.
So I would like to only show this product if the specific customer is logged in.
Thanks
This is useful to restrict user,
// Woocommerce - Redirect unauthorised users from accessing a specified product category when clicked or visited via direct url
function woocommerce_hide_non_registered() {
if( ( is_product_category('specials') ) && ! ( current_user_can( 'customer' ) || current_user_can( 'administrator' ) ) ) {
wp_redirect( site_url( '/' ) );
exit();
}
}
add_action( 'template_redirect','woocommerce_hide_non_registered' );
// End - Woocommerce - redirect unauthorised users from accessing a specified product category
// Woocommerce - Removes category link from woocommerce product category widgets so they are not seen
add_filter( 'get_terms', 'get_subcategory_terms', 10, 3 );
function get_subcategory_terms( $terms, $taxonomies, $args ) {
$new_terms = array();
// if a product category and on the shop page
if ( in_array( 'product_cat', $taxonomies ) && ! ( current_user_can( 'customer' ) || current_user_can( 'administrator' ) ) && is_shop() ) {
foreach ( $terms as $key => $term ) {
if ( ! in_array( $term->slug, array( 'specials' ) ) ) {
$new_terms[] = $term;
}
}
$terms = $new_terms;
}
return $terms;
}
// End - Woocommerce - Removes category link from woocommerce product category widgets so they are not seen
// Woocommerce - Remove products from being displayed that belong to a category user is not authorised to visit. Products seem to still be accessible via direct url unfortunately.
add_action( 'pre_get_posts', 'custom_pre_get_posts' );
function custom_pre_get_posts( $q ) {
if ( ! $q->is_main_query() ) return;
if ( ! $q->is_post_type_archive() ) return;
if ( ! ( current_user_can( 'customer' ) || current_user_can( 'administrator' ) ) && is_shop() ) {
$q->set( 'tax_query', array(array(
'taxonomy' => 'product_cat',
'field' => 'slug',
'terms' => array( 'specials'), // Don't display products in the private-clients category on the shop page
'operator' => 'NOT IN'
)));
}
remove_action( 'pre_get_posts', 'custom_pre_get_posts_query' );
}
// End - Woocommerce - Remove products from being displayed that belong to a category user is not authorised to visit. Products seem to still be accessible via direct url unfortunately.
This will do the trick for you.
add_action( 'pre_get_posts', 'dm_restrict_user_to_show_own_posts_only' );
function dm_restrict_user_to_show_own_posts_only( $dm_wp_query_obj )
{
// Front end, do nothing
if( !is_admin() )
return;
global $current_user, $pagenow;
wp_get_current_user();
// http://php.net/manual/en/function.is-a.php
if( !is_a( $current_user, 'WP_User') )
return;
// Not the correct screen, bail out
if( 'edit.php' != $pagenow )
return;
// Not the correct post type, bail out
if( 'product' != $dm_wp_query_obj->query['post_type'] )
return;
// If the user is not administrator, filter the post listing
if( !current_user_can( 'delete_plugins' ) )
$dm_wp_query_obj->set('author', $current_user->ID );
}
I'm creating a wordpress site where the registered user has the ability to create his own post via wp_editor() on the frontend, but just one post.
Now I want to restrict the user to be able to only see his uploaded media. I use the following script in the functions.php, which works in the backend. So if a user goes to the media section in the backend he will only see his uploaded media.
But if the user goes to "insert media" pop-up on the frontend wp_editor he can still see the uploaded media from all the users.
function restricted_media_view( $wp_query ) {
if ( strpos( $_SERVER[ 'REQUEST_URI' ], '/wp-admin/upload.php' ) !== false
|| strpos( $_SERVER[ 'REQUEST_URI' ], '/wp-admin/edit.php' ) !== false ) {
if ( !current_user_can( 'level_5' ) ) {
global $current_user;
$wp_query->set( 'author', $current_user->id );
}
}
}
add_filter('parse_query', 'restricted_media_view' );
Do you have any idea hot to solve this annoyance? Thank you!
You might try this plugin: http://wordpress.org/extend/plugins/view-own-posts-media-only/
Alternatively try this:
add_action('pre_get_posts','ml_restrict_media_library');
function ml_restrict_media_library( $wp_query_obj ) {
global $current_user, $pagenow;
if( !is_a( $current_user, 'WP_User') )
return;
if( 'admin-ajax.php' != $pagenow || $_REQUEST['action'] != 'query-attachments' )
return;
if( !current_user_can('manage_media_library') )
$wp_query_obj->set('author', $current_user->ID );
return;
}
Source: http://wpsnipp.com/index.php/functions-php/restricting-users-to-view-only-media-library-items-they-upload/#comment-810649773
alternatively since WordPress 3.7
add_filter( 'ajax_query_attachments_args', "user_restrict_media_library" );
function user_restrict_media_library( $query ) {
global $current_user;
$query['author'] = $current_user->ID ;
return $query;
}
I use API/Filter Reference/ajax query attachments args for WP 4.3.1 and works
add_filter( 'ajax_query_attachments_args', 'show_current_user_attachments', 10, 1 );
function show_current_user_attachments( $query = array() ) {
$user_id = get_current_user_id();
if( $user_id ) {
$query['author'] = $user_id;
}
return $query;
}
just add on functions.php
or check this link WP Codex