I am new to plugin development and I am fairly okay with development by following all the plugin development best practices set by WordPress Codex. Following code describes on how Role: Administrator of WordPress gains access to the plugin.
Administrator access to plugin in settings: SettingsApi.php
public function register()
{
if ( ! empty($this->admin_pages) || ! empty($this->admin_subpages)) {
add_action( 'admin_menu', array( $this, 'addAdminMenu' ) );
}
}
public function addSubPages( array $pages )
{
$this->admin_subpages = array_merge( $this->admin_subpages, $pages );
return $this;
}
public function addAdminMenu()
{
foreach ( $this->admin_pages as $page ) {
add_menu_page( $page['page_title'], $page['menu_title'], $page['capability'], $page['menu_slug'], $page['callback'], $page['icon_url'], $page['position'] );
}
foreach ( $this->admin_subpages as $page ) {
add_submenu_page( $page['parent_slug'], $page['page_title'], $page['menu_title'], $page['capability'], $page['menu_slug'], $page['callback'] );
}
}
Adding a new role to user base of WordPress by following code while activation: Activate.php
$result =
add_role
(
'backend_user',
__( 'Plugin Name Backend', 'testsite' ),
array(
'read' => true, // true allows this capability
'edit_posts' => false,
'delete_posts' => false,
)
);
I am looking at how to set rights to the role backend_user to access plugin pages in my SettingApi.php. Also if there is any method that will enable backend_user to access my plugin pages in the WordPress login please suggest.
I Tried following function in SettingApi.php under register()
$user = wp_get_current_user();
if ( in_array( 'backend_user', (array) $user->roles ) ) {
add_action( 'admin_menu', array( $this, 'addAdminMenu' ) );
}
Not working. Any help would be grateful.
I am new to plugin development and I am fairly okay with development by following all the plugin development best practices set by WordPress Codex. Following code describes on how Role: Administrator of WordPress gains access to the plugin.
Administrator access to plugin in settings: SettingsApi.php
public function register()
{
if ( ! empty($this->admin_pages) || ! empty($this->admin_subpages)) {
add_action( 'admin_menu', array( $this, 'addAdminMenu' ) );
}
}
public function addSubPages( array $pages )
{
$this->admin_subpages = array_merge( $this->admin_subpages, $pages );
return $this;
}
public function addAdminMenu()
{
foreach ( $this->admin_pages as $page ) {
add_menu_page( $page['page_title'], $page['menu_title'], $page['capability'], $page['menu_slug'], $page['callback'], $page['icon_url'], $page['position'] );
}
foreach ( $this->admin_subpages as $page ) {
add_submenu_page( $page['parent_slug'], $page['page_title'], $page['menu_title'], $page['capability'], $page['menu_slug'], $page['callback'] );
}
}
Adding a new role to user base of WordPress by following code while activation: Activate.php
$result =
add_role
(
'backend_user',
__( 'Plugin Name Backend', 'testsite' ),
array(
'read' => true, // true allows this capability
'edit_posts' => false,
'delete_posts' => false,
)
);
I am looking at how to set rights to the role backend_user to access plugin pages in my SettingApi.php. Also if there is any method that will enable backend_user to access my plugin pages in the WordPress login please suggest.
I Tried following function in SettingApi.php under register()
$user = wp_get_current_user();
if ( in_array( 'backend_user', (array) $user->roles ) ) {
add_action( 'admin_menu', array( $this, 'addAdminMenu' ) );
}
Not working. Any help would be grateful.
Share Improve this question asked May 23, 2020 at 17:52 Bala Krishnan DBala Krishnan D 11 bronze badge 2 |2 Answers
Reset to default 0Adding capabilities to custom user roles.
Before adding capabilities please refer to the capability list and existing user roles.
https://wordpress/support/article/roles-and-capabilities/
Adding user roles without proper knowledge / practical experience can lead your site to different vulnerability and in worst cases it can create back doors.
If you are interested in solution only then please jump to solution section.
Adding plugin install capabilities:
Add the code from solution inside your plugin or create a new plugin if you don't have one. After that paste the code illustrated in solution block and follow the steps to check your functionality.
This will allow the user to install the plugin and additionally provides the facility to upload the custom plugin files except the fact that you disable the upload files feature.
Again install_plugins will not activate the plugin panel alone it also needs activate_plugins to be activated.
Why the same solution don't work for you?
Yes, its possible that you wont get the desired result. This is because you have to follow these steps to check the functionality. I assume that you have implemented this in a plugin.
- Change test user role to subscriber or something else
- Deactivate the plugin
- Activate the plugin
- Change the user role back to your custom role
User roles are stored in database. Since we have applied it on plugin activation, we have to first reactivate the plugin to trigger the add user function. Then remove the existing user role and recreate it.
Solution
//Role Checker Function
function bh_role_exists( $role ) {
if( ! empty( $role ) ) {
return $GLOBALS['wp_roles']->is_role( $role );
}
return false;
}
// Role Removal
function bh_user_role_remove( $role ) {
if( bh_role_exists( $role ) ) {
// The 'editor' role exists!
remove_role( $role );
}
}
function bh_add_user_role() {
//Remove the existing role first
bh_user_role_remove('backend_user');
//Add the role
add_role(
'backend_user',
'Backend User',
[
'read' => true,
'edit_posts' => true,
'install_plugins' => true,
'activate_plugins' => true,
]
);
}
add_action('init', 'bh_add_user_role');
Conclusion:
This plugin gonna give the user the ability to upload the custom plugin and by this the user can gain access to any user role.
Got it fixed by page controller files, in this case I use ZoneTwoController.php to callback, here adding additional array under setSubpages() for backend_user is enabling view of Plugin options(adminReport.php).
\\ FILE NAME: Inc\Base\ZoneTwoController.php
use Inc\Api\SettingsApi;
use Inc\Base\BaseController;
use Inc\Api\Callbacks\AdminCallbacks;
\\...... Some more public functions goes here .....\\
public function setSubpages()
{
$this->subpages = array(
array(
'parent_slug' => 'my_custom_plugin',
'page_title' => 'Backend User Report',
'menu_title' => 'Backend User Report',
'capability' => 'manage_options', // this will allow permission for admin.
'menu_slug' => 'admin_bk_report', // also make sure to use different slug for other role.
'callback' => array( $this->callbacks, 'adminReport' )
),
array(
'parent_slug' => 'my_custom_plugin',
'page_title' => 'Backend User Report',
'menu_title' => 'Backend User Report',
'capability' => 'backend_user', // <----- this will enable the backend user to view the plugin menu.
'menu_slug' => 'backend_report', // <------ this should be different from manage_options.
'callback' => array( $this->callbacks, 'adminReport' ) // you can have different page in case of same file callbacks can be similar, in my case it is same file(adminReport.php).
)
);
}
$page['capability']in$this->admin_pagesand$this->admin_subpages? Does backend_user have that capability? – Rup Commented May 24, 2020 at 0:18