Adding custom Role to Wordpress with custom permissions - wordpress

I'd like to add a new role to my Wordpress site. It needs more permissions than Author, but fewer than Admin. Searching the codex and Stack, I have come across a consistent method of adding this code to functions.php, but a repeated error resulted in me trying the User Role Editor plug-in.
Users under this new role need to be able to edit, see, delete, and managed all posts, categories and tags. They also must be able to manage all comments, both approved and pending. Additionally, they should have access to Discussion settings. This last bit seems to be impossible, though. I can give them the ability to manage options, but not specific options. Is there a way to grant such a specific capability?
Thanks.

Related

How can I allow a wordpress user to view, add, update or delete specific custom posts via the admin?

Once this user is created by an admin role.
My goal is to give this wordpress user only access to his/her posts - can view, add , update or delete in Wordpress admin.
My goal is to create a wordpress user that can view, add , update or delete in Wordpress admin.
I DO NOT want to use plugins
I want the user to be able to access only the ids it creates in multiple custom post types. say user x is setup, he can only work with his posts (ids) in custom post types (say: businesses, products, orders)
I don't usually do this, but you may be better off just using a Role Editor plugin like User Role Editor. The alternatives would be to give the Roles & Capabilities documentation a read, and decide if it's better to modify an existing role, or creating a new role and give it the select permissions you want.
For instance, you'd probably want to create a new role based on the editor role, and remove all of the {blank}_others_{blank} capabilities, such as edit_others_posts, delete_others_posts, etc.
If you do go the programatic way instead of plugin, note that the Roles & Capabilities are stored in the database, so you don't need to include the function that creates/modifies them on every load like the init hook. If you do put it on a hook like that, you'll probably want to set a flag of some sort (like with update_option()) and abort if the new role/cap hasn't been changed since it was last run.
You are able to do this using the Author role.
https://en.support.wordpress.com/user-roles/
Author
An Author can create, edit, publish, and delete only their own posts, as well as upload files and images. Authors do not have access to create, modify, or delete pages, nor can they modify posts by other users. Authors can edit comments made on their posts.
Within a CPT set the capability type to post.
'capability_type' => 'post'

Create WordPress Admins To Create Posts Only Securely

Using WordPress is a great way to learn and make progress on web development. Although, I want to make admins for each and one of my classmates to only and only create and publish posts on the web. For example, BuzzFeed has admins that create content and it tells the author name, date and time, comments and responses next to it. That's what I am aiming for. Not all of my classmates use wordpress or have ever used it so I want to find a way to create admins for them simply without creating security holes for the website itself and risking getting hacks or login attempts.
what is the best way to approach a situation like this?
anyone?
Thanks :)
If you want your classmates to be able to add posts you can add them as "Authors." Wordpress has a build in permission system that allows authors to only add, edit and delete posts.
If you want to have more control over the capabilities you can use a plugin like User Role Editor. This will allow you to create a new role and set specific capabilities for the created user role.

Capability required to view Advanced Custom Fields in WordPress

I asked this question over on the WordPress StackExchange but was told it was off-topic for there. I hope it is correct to ask it here instead.
A client has asked that I setup the Contributor role in WordPress so that it can only view/edit/delete their own posts from a CPT called 'members'. I have done this using Justin Tadlock's Members plugin + a small snippet of code since they only want the Contributor's to be able to see their own posts & not others (even if they can't edit them).
Everything is working well except for Advanced Custom Fields. The client is using this to provide extra fields on the 'members' CPT, but unless I give the Contributor role the 'edit_others' capability they are unable to see the fields created by ACF.
Is this an issue with ACF, or with WordPress? I am still fairly new to Roles & Caps and I cannot seem to understand how to change this. If possible I would like the ACF fields to be visible on the 'edit_members' capability.
Add the 'edit_others_posts' to your user role.
I had same problem, and after some trying out different combinations, have found that this capability needs to be enabled.
The problem is not in roles or capabilities, problem is how you limit the edit-posts dashboard for non-administrators. Your if-statement should not be performed on edit-post page, only at post listing page (for example, if you use pre_get_posts to restrict posts editing for admins only, then you must not run this pre_get_posts function at posts.php page).
Also example from ACF support forum.
This issue has been posted a long time ago, but I believe there is still someone facing it at the moment. So I would like to make it easy to understand.
First of all, we have to separate it into two parts.
First, the relationship between user, role, and capability. Let's say, each user has a roles, and each role has capabilities. It is one-to-many relation from top down.
Second, custom post type(CPT), advanced custom field plugin (ACF) and ACF extension plugin.
Each custom post type can be done for a specific capability and all fields under the custom post type has been done by using ACF.
Lastly, not all fields need to appear on every user who has the role that included this capability. Some field need to be appear for just for some specific role which has this capability included. This is where ACF extended plugin step in. It is sound complicate isn't it? Let have a look the chart below.
With acf_permission, you can be able to specific the role for be able to see the field like below.
`[instruction_placement] => label
[hide_on_screen] =>
...
[acfe_permissions] => Array
(
[0] => administrator
[1] => editor
)
...`
This might not fully answer the question but hope it will help to clear how does it work together.
https://www.acf-extended.com/features/field-groups/permissions

User Role plugin to restrict editing to specific Categories for Pages

I need a plugin that would restrict registered users to only be able to add/edit pages in specific categories. Even though WordPress pages do not have "Categories" like posts do.
Like, if I have a category called "Robot Maintenance", I want to make sure that only specified users or roles can edit and create pages in that category.
I see that the Member plugin lets me create new roles with such capabilities as "edit only pages they own" but I was hoping I could create a role (for say, a department) and configure that role to be able to edit and create pages within the {department} category. Or even limit users to specific categories.
This is a fairly complex task, and you may want to engage a professional wordpress plugin developer to build this for you.
Having said that....
It is possible to add categories to a page. Check out the tutorial at http://shibashake.com/wordpress-theme/add-tags-and-categories-to-your-wordpress-page
Next, you will want to programatically create roles for each page category you have. You will want to hook into the create and remove category to create/remove your special role. Then, you can use the members plugin to grant proper permissions.
Then, you need to hook into the page edit flow to ensure that the current user has the permissions to edit the current page (based on your custom roles and the page's category).
Still a bit of work for you to research...but at least this should give you a fairly good starting point.

How can I set WordPress roles such that once a Contributor's post is scheduled to be published, they can no longer edit it?

At least for my purposes, it is absolutely essential that a Contributor be unable to edit his posts once they've been scheduled to be published, as well as actually published.
This seems like it should be simple because otherwise in a system with a lot of users a malicious user could slip under the radar with a sketchy post by first submitting an innocuous one and then right before it is scheduled to be published, edit it.
None of the role-editing plugins I've tried seem to have this functionality.
You need to create a filter function add hook it.
You may want to read "WordPress tip: Allow contributors to upload files" at http://www.wprecipes.com/wordpress-tip-allow-contributors-to-upload-files to get an idea.
The filter hook you'll need is the "format_to_edit" hook. Please refer to http://codex.wordpress.org/Plugin_API/Filter_Reference for details.
That filter hook isn't what you want. Let me think about it.

Resources