科技改变生活-雨落星辰 - 所有的伟大,都源于一个勇敢的开始

    最新消息:雨落星辰是一个专注网站SEO优化、网站SEO诊断、搜索引擎研究、网络营销推广、网站策划运营及站长类的自媒体原创博客
    你的位置: 首页>programmer>user roles - Remove ability to access certain admin menus

    user roles - Remove ability to access certain admin menus

    programmeradmin0浏览0评论

    I am trying to remove some of the admin features for a user with the role of contributor. What i mean by remove some of the admin features is disable them from seeing certain admin menu items, such as comments, tools, media ect. I have managed to remove the items I want from the admin menu, using this code:

    function remove_menus(){

$author = wp_get_current_user();
if(isset($author->roles[0])){ 
    $current_role = $author->roles[0];
}else{
    $current_role = 'no_role';
}

if($current_role == 'contributor'){  
  remove_menu_page( 'index.php' );                  //Dashboard
  remove_menu_page( 'edit.php' );                   //Posts
  remove_menu_page( 'upload.php' );                 //Media
  remove_menu_page( 'tools.php' );                  //Tools
  remove_menu_page( 'edit-comments.php' );               //Comments

}

}
add_action( 'admin_menu', 'remove_menus' );

    It works a treat. The problem I am facing is that I can just manually add the query string to the url, eg /wp-admin/edit.php and that will take me to the post edit screen. Does anyone know a way to restrict these pages from being accessed altogether, as well as hiding them from the admin menu?

    I am trying to remove some of the admin features for a user with the role of contributor. What i mean by remove some of the admin features is disable them from seeing certain admin menu items, such as comments, tools, media ect. I have managed to remove the items I want from the admin menu, using this code:

    function remove_menus(){

$author = wp_get_current_user();
if(isset($author->roles[0])){ 
    $current_role = $author->roles[0];
}else{
    $current_role = 'no_role';
}

if($current_role == 'contributor'){  
  remove_menu_page( 'index.php' );                  //Dashboard
  remove_menu_page( 'edit.php' );                   //Posts
  remove_menu_page( 'upload.php' );                 //Media
  remove_menu_page( 'tools.php' );                  //Tools
  remove_menu_page( 'edit-comments.php' );               //Comments

}

}
add_action( 'admin_menu', 'remove_menus' );

    It works a treat. The problem I am facing is that I can just manually add the query string to the url, eg /wp-admin/edit.php and that will take me to the post edit screen. Does anyone know a way to restrict these pages from being accessed altogether, as well as hiding them from the admin menu?

    • admin
    • user-roles
    • admin-menu
    Share Improve this question asked Apr 26, 2014 at 13:12 RoseCoderRoseCoder 1812 gold badges3 silver badges18 bronze badges 4
    • Exactly what do you want this user to be able to do? It sounds more like you need a custom role rather than trying to hack the contributor role the way you are. – s_ha_dum Commented Apr 26, 2014 at 15:09
    • I want the user to be able to edit their profile and manage their own posts of a custom post type. I don't really think I need a custom role, as the contributor one is doing what I need just fine. I just need a way of stopping certain pages from being viewed in the admin area. If i create a custom role and give them the ability to manage their own posts, surely the same problem would occur? – RoseCoder Commented Apr 26, 2014 at 16:45
    • How can i disable a particular user type access to Woocommerce settings? – MOSD Commented Feb 1, 2021 at 15:26
    • @MOSD do not post a question as the solution to another question. I know you don't have the reputation to leave comments on other peoples questions but that is no excuse, and you'll get flagged as a spammer by the anti-spam system if you continue – Tom J Nowell Commented Feb 1, 2021 at 16:03
    Add a comment  | 

    4 Answers 4

    Reset to default 5

    I figured it out in the end and this is the code I used:

    function restrict_menus() {
    $author = wp_get_current_user();

    if( isset( $author->roles[0] ) ) { 
        $current_role = $author->roles[0];
    } else {
        $current_role = 'no_role';
    }

    if( 'contributor' == $current_role ) {  
        $screen = get_current_screen();
        $base   = $screen->id;


        if( 'edit-post' == $base || 'upload' == $base || 'tools' == $base || 'edit-comments' == $base ) {
            wp_die( 'Cheatin’ uh?' );
        }
    }
}
add_action( 'current_screen', 'restrict_menus' );

    I know this question has already been answered, and is old. I did, however, want to provide an alternate solution. This is how I did it in a plugin I wrote a while back (I've modified my code to use your pages).

    Because you're wanting to restrict the contributor role, you can use role capabilities. Contributors cannot publish posts, so you could do the following.

    Part 1: Remove Items from the Admin menu

    add_action( 'admin_menu', 'tcd_remove_admin_menus' );
function tcd_remove_admin_menus() {

    // don't do anything if the user can publish posts
    if ( current_user_can( 'publish_posts' ) ) {
        return;
    }

    // remove these items from the admin menu
    remove_menu_page( 'edit.php' );          // Posts
    remove_menu_page( 'upload.php' );        // Media
    remove_menu_page( 'tools.php' );         // Tools
    remove_menu_page( 'edit-comments.php' ); // Comments

}

    As you said though, it doesn't restrict the user from still just entering in the direct page url. Here's how I wrote my page restriction:

    Part 2: Restrict Access to Admin Pages

    add_action( 'current_screen', 'tcd_restrict_admin_pages' );
function tcd_restrict_admin_pages() {

    // don't do anything if the user can publish posts
    if ( current_user_can( 'publish_posts' ) ) {
        return;
    }

    // retrieve the current page's ID
    $current_screen_id = get_current_screen()->id;

    // determine which screens are off limits
    $restricted_screens = array(
        'edit',
        'upload',
        'tools',
        'edit-comments',
    );

    // Restrict page access
    foreach ( $restricted_screens as $restricted_screen ) {

        // compare current screen id against each restricted screen
        if ( $current_screen_id === $restricted_screen ) {
            wp_die( __( 'You are not allowed to access this page.', 'tcd' ) );
        }

    }

}

    For me, using role capabilities and an array made it a little easier to work with. Anyway, I hope this method is helpful.

    Cheers.

    I typically use (and recommend) the Members plugin. The UI is very easy to use, and you have the added benefit of storing your role/permission logic in the database (rather than the code) which makes "on-the-fly" changes easy to do.

    This plugin allows you to even create a custom role (maybe you want to invent one called "Photo Editor" or "Comment Approver" etc) and limit which menus they may see & access. I think this will do exactly what you want.

    You could create a custom role as suggested by s_da_hum or remove capabilities from the contributor role by adding this code to your child themes functions.php file.

    add_action( 'init', 'wpsites_remove_contributor_capabilities' );

function wpsites_remove_contributor_capabilities() {

$contributor = get_role( 'contributor' );

$caps = array(
    'edit_posts',
    'delete_posts',
);

foreach ( $caps as $cap ) {

    $contributor->remove_cap( $cap );
    }
}

    Source https://codex.wordpress/Function_Reference/add_role

    与本文相关的文章

    发布评论

    评论列表(0)

    1. 暂无评论