I want to restrict all users from altering their own 'Biographical Info' (only I the admin should be able to edit/update it) in Dashboard->Users->Your Profile.
You can do that with following;
<?php
add_action( 'admin_init', 'disable_profile_edit' );
function disable_profile_edit() {
remove_menu_page( 'profile.php' );
remove_submenu_page( 'users.php', 'profile.php' );
if(IS_PROFILE_PAGE === true && ! current_user_can( 'manage_options' )) {
wp_redirect( home_url() );
exit;
}
}
?>
You can put only code part to functions.php. If anyone (except the users has role manage_options) tries to access profile page, it will be denied.
Note:
Put ;
define('IS_PROFILE_PAGE', true);
in profile.php
Related
The following example will redirect all non-authenticated users to a custom 'signup' page when trying to visit the 'goodies' page.
however, I need to display a notification message on the signup page after redirect, What is the best way to do this?
function my_page_template_redirect() {
if ( is_page( 'goodies' ) && ! is_user_logged_in() ) {
wp_redirect( home_url( '/signup/' ) );
die;
}
}
add_action( 'template_redirect', 'my_page_template_redirect' );
here is an example of the code that displays the message
add_action( 'woocommerce_init', 'pt_custom_notice' );
function pt_custom_notice() {
wc_add_notice( 'This is a Error notice', 'error' );
}
I created a new user and i gave him “author” role. I want him to only can write posts in wordpress. But when he logs in, he enters the user profile but not wordpress dashboard which is where i want. How can i fix this? I want him to go to wordpress dashboard so he can write posts only.
Try this,
<?php
// check if current user is the post author
global $current_user;
get_currentuserinfo();
if (is_user_logged_in() && $current_user->ID == $post->post_author) {
wp_redirect( admin_url( 'the url you need to redirect' ) );
exit;
}
?>
Add this code
function check_custom_authentication () {
$user_id = get_current_user_id();
$user_meta = get_userdata($user_id);
$user_roles = $user_meta->roles;
if ( in_array('author', $user_roles, true ) ) {
wp_redirect(admin_url());
exit;
}
}
add_action( 'wp_login' , 'check_custom_authentication' );
I am looking for a way to redirect when viewing any publication, except the author of the publication.
There are two roles in the "author" and "custom_role" site. This last role is allowed to see all.
the role of author can only see his own, the rest redirects.
I've tried for a while, in this last code I'm working but it does not work and I do not know why
Thanks very much!
add_action( 'pre_get_posts', function() {
if( is_author() )
{
if( ! is_user_logged_in() )
{
wp_redirect( 'https://aaa.com/custom' );
exit;
}
$author = get_queried_object();
if( $author->ID != get_current_user_id() )
{
wp_redirect( get_author_posts_url(
get_current_user_id() ) );
exit;
}
}
} );
First of all, is_author() is used to check if current page is author archive page. Please check following example. This may not be the exact anster but it may help. In the single post, post author and current user ID is compared. If they are not same then it is redirected to home page. If those IDs are same then, current user is also the post author, so current user will be allowed to view page.
add_action( 'get_header', 'wpso_author_redirection' );
function wpso_author_redirection() {
if ( is_singular() ) {
$current_post_details = get_post( get_the_ID(), ARRAY_A );
$user_id = get_current_user_id();
if ( $user_id !== absint( $current_post_details['post_author'] ) ) {
wp_redirect( home_url() );
}
}
}
So, I would like to deny users the ability to access the wordpress dashboard. But, I want to allow users to use Front End PM which uses AJAX for sending messages between users.
How can I allow the PMs but deny all access to the dashboard?
The classic functions.php approach:
add_action( 'init', 'my_custom_dashboard_access_handler');
function my_custom_dashboard_access_handler() {
// Check if the current page is an admin page
// && and ensure that this is not an ajax call
if ( is_admin() && !( defined( 'DOING_AJAX' ) && DOING_AJAX ) ){
//Get all capabilities of the current user
$user = get_userdata( get_current_user_id() );
$caps = ( is_object( $user) ) ? array_keys($user->allcaps) : array();
//All capabilities/roles listed here are not able to see the dashboard
$block_access_to = array('subscriber', 'contributor', 'my-custom-role', 'my-custom-capability');
if(array_intersect($block_access_to, $caps)) {
wp_redirect( home_url() );
exit;
}
}
}
Unfortunately, this will redirect from AJAX... thoughts?
If I use User Role Editor... can users access the dashboard?
Essentially, only allow admins to access the dashboard... without limiting AJAX.
You can use
function sm_restrict_admin_with_redirect() {
if( defined('DOING_AJAX') && DOING_AJAX ) {
//Allow ajax calls
return;
}
if( ! current_user_can( "manage_options" ) ) {
//Redirect to main page if the user has no "manage_options" capability
wp_redirect( get_site_url() );
exit;
}
}
add_action( 'admin_init', 'sm_restrict_admin_with_redirect', 1 );
Can any one please tell me how can i limit a user to edit only his post.I used the role editor plugin but it allow the user to edit all users post.I'm creating a classified site plugin where a user can post(custom post type)and he can edit his post.
You can user advanced access manager plugin for same.
You can limit a user to only edit their own posts using this bit of code.
function my_authored_content($query) {
//get current user info to see if they are allowed to access ANY posts and pages
$current_user = wp_get_current_user();
// set current user to $is_user
$is_user = $current_user->user_login;
//if is admin or 'is_user' does not equal #username
if (!current_user_can('manage_options')){
//if in the admin panel
if($query->is_admin) {
global $user_ID;
$query->set('author', $user_ID);
}
return $query;
}
return $query;
}
add_filter('pre_get_posts', 'my_authored_content');
function remove_menu_items() {
$current_user = wp_get_current_user();
if ( !current_user_can( 'manage_options' ) ) {
//hides comments menu
remove_menu_page( 'edit-comments.php' );
// hides posts menu
remove_menu_page( 'edit.php' );
hides pages menu
remove_menu_page( 'edit.php?post_type=page' );
}
}
add_action( 'admin_menu', 'remove_menu_items' );
Hope this helps you :-)