(Moderator’s note: The original title was “Custom User Role Restrictions”)
A project I am working on requires me to create two new user roles – one for the owner of the website and the other for agents of the company.
With the website owner user role I was just looking for a way to restrict users in this group from modifying core site settings while having access to modify all other settings.
The code below seems to work perfectly for everything other than the user management area. I did want users of this group to be able to add/modify website users BUT where I am running into a problem is that users of this group currently have the ability to create users in the “Administrator” category and they are also able to deleting existing “Administrators”.
What I am looking for is a way to modify the code below so that such users can NOT delete or modify a user account which is set as “Administrator” and restrict the user from being able to create a new Administrator account.
Does anyone know how this can be done?
// CREATE CUSTOM - SITE OWNER - USER ROLE WITH CUSTOM CAPABILITIES
if (!get_role('website_owner')) {
//let's use the editor as the base capabilities
$caps = get_role('editor')->capabilities;
$caps = array_merge( $caps, array(
'install_plugins' => false,
'activate_plugins' => false,
'update_plugins' => false,
'delete_plugins' => false,
'list_users' => true,
'add_users' => true,
'create_users' => true,
'edit_users' => true,
'delete_users' => true,
'remove_users' => true,
'unfiltered_upload' => true,
'install_themes' => false,
'update_themes' => false,
'delete_themes' => false,
'switch_themes' => false,
'edit_theme_options' => true,
'manage_options' => false,
'import' => false,
'update_core' => false,
'edit_dashboard' => false,
'gravityforms_view_entries' => true,
'gravityforms_edit_entries' => true,
'gravityforms_delete_entries' => true,
'gravityforms_export_entries' => true,
'gravityforms_view_entry_notes' => true,
'gravityforms_edit_entry_notes' => true,
'gravityforms_feed' => true,
)); //adding new capabilities.
// Ref: http://codex.wordpress.org/Roles_and_Capabilities#Capability_vs._Role_Table
add_role( 'website_owner', 'Website Owner', $caps );
}
Hi @NetConstructor:
I think this is what you need. Note that I didn’t include the full setup of your
'website_owner'
role, just the addition of a new capability called'manage_administrators'
.Also, I only attempted to remove the “Delete” link from any users that don’t have the
'manage_administrators'
capability (which you’ll need to add to the administrator role, of course) and I also simply removed the Administrator as a role option on the “Add New User” page. I didn’t attempt to ensure they can’t delete or add administrators via some nefarious method, and I didn’t disable any other feature that might allow them to add or delete administrators. That said, maybe this is sufficient?For example to block deleting or editing the admin user who has an id of 1 you would do this:
You can add any additional capabilities that you want blocked to the
$blocked_caps
array.I also add this in for hiding myself from the
wp-admin/users.php
page. It would probably be better unsetting the user with php, but it doesn’t really make a different since the admin can’t be edited anyway if you are using the above function.