Prevent Admin user to edit/see super admin from users list in WordPress

How do I hide my super admin from the users list?
My client has to be the ability to create users, but not edit/see my super admin user.
Is that possible?

Post Views: 1

2 comments

I would recommend the following:

The Editor user role in WordPress cannot by default edit users. You may want to add that capability for clients whom you keep as ‘Editors’. This will let the Editor add new users (create new users), delete users, and edit users. This is done by adding capabilities to the Editor role with ‘add_cap‘.

This lets Editors manage users

function wpse104808_editor_manage_users() {

    if ( get_option( 'wpse104808_add_cap_editor_once' ) != 'done' ) {

        // let editor manage users

        $edit_editor = get_role('editor'); // Get the user role
        $edit_editor->add_cap('edit_users');
        $edit_editor->add_cap('list_users');
        $edit_editor->add_cap('promote_users');
        $edit_editor->add_cap('create_users');
        $edit_editor->add_cap('add_users');
        $edit_editor->add_cap('delete_users');

        update_option( 'wpse104808_add_cap_editor_once', 'done' );
    }

}
add_action( 'init', 'wpse104808_editor_manage_users' );

Prevent Editor From Deleting Administrator User

This will stop Editors from deleting, editing, or adding new Administrators.

class wpse104808_user_caps {

  // Add our filters
  function wpse104808_user_caps(){
    add_filter( 'editable_roles', array(&$this, 'editable_roles'));
    add_filter( 'map_meta_cap', array(&$this, 'map_meta_cap'),10,4);
  }
  // Remove 'Administrator' from the list of roles if the current user is not an admin
  function editable_roles( $roles ){
    if( isset( $roles['administrator'] ) && !current_user_can('administrator') ){
      unset( $roles['administrator']);
    }
    return $roles;
  }
  // If someone is trying to edit or delete an
  // admin and that user isn't an admin, don't allow it
  function map_meta_cap( $caps, $cap, $user_id, $args ){
    switch( $cap ){
        case 'edit_user':
        case 'remove_user':
        case 'promote_user':
            if( isset($args[0]) && $args[0] == $user_id )
                break;
            elseif( !isset($args[0]) )
                $caps[] = 'do_not_allow';
            $other = new WP_User( absint($args[0]) );
            if( $other->has_cap( 'administrator' ) ){
                if(!current_user_can('administrator')){
                    $caps[] = 'do_not_allow';
                }
            }
            break;
        case 'delete_user':
        case 'delete_users':
            if( !isset($args[0]) )
                break;
            $other = new WP_User( absint($args[0]) );
            if( $other->has_cap( 'administrator' ) ){
                if(!current_user_can('administrator')){
                    $caps[] = 'do_not_allow';
                }
            }
            break;
        default:
            break;
    }
    return $caps;
  }

}

$wpse104808_custom_role = new wpse104808_user_caps();

Hide Administrator From User List

Here are 3 variations to hide users from the Users list. Choose 1 of the following.

Option 1: Hide specific users from user list.

If you want to choose individual IDs to hide from the User list, use this (replace ‘2,5,7,9‘ the User IDs which you want to hide)

add_action('pre_user_query','wpse104808_pre_user_query');
function wpse104808_pre_user_query($user_search) {

    $admin_ids = '2,5,7,9'; // REPLACE THESE NUMBERS WITH IDs TO HIDE.

    $user = wp_get_current_user();
    $admin_array = explode($admin_ids, ',');
    if ( ! in_array( $user->ID, $admin_array ) ) {
        global $wpdb;
        $user_search->query_where = str_replace('WHERE 1=1', "WHERE 1=1 AND {$wpdb->users}.ID NOT IN($admin_ids)",$user_search->query_where);

    }
}

Option 2: Hide all administrators from user list.

// Hide all administrators from user list.

add_action('pre_user_query','wpse104808_pre_user_query');
function wpse104808_pre_user_query($user_search) {

    $user = wp_get_current_user();

    if ( ! current_user_can( 'manage_options' ) ) {

        global $wpdb;

        $user_search->query_where = 
            str_replace('WHERE 1=1', 
            "WHERE 1=1 AND {$wpdb->users}.ID IN (
                 SELECT {$wpdb->usermeta}.user_id FROM $wpdb->usermeta 
                    WHERE {$wpdb->usermeta}.meta_key = '{$wpdb->prefix}capabilities'
                    AND {$wpdb->usermeta}.meta_value NOT LIKE '%administrator%')", 
            $user_search->query_where
        );

    }
}

Related links:
– Roles and Capabilities
– add cap
– WP_Role::add_cap
– WP_User::add_cap

This should help you, I guess (only make sure you’re hiding proper user):

Remove Ability for Other Users to View Administrator in User List?

Also look at this one:

Remove Adminstrator Hyperlink from a user having role to add and see users

Comments are closed.

Related posts

2 comments

This lets Editors manage users

Prevent Editor From Deleting Administrator User

Hide Administrator From User List

Option 1: Hide specific users from user list.

Option 2: Hide all administrators from user list.

Social Network