WordPress.org

Ready to get started?Download WordPress

Forums

[resolved] "add new" post (23 posts)

  1. brook1979
    Member
    Posted 1 year ago #

    Hi People,

    Without using a plugin or using css, HOW can i stop people (users of my website) from accessing /wp-admin/post-new.php once they are logged in to the site. Everything else is fine, i just need to restrict this access.

    I have managed to remove it from the admin menu button "add new" but im a little unsure as to how to restrict the access.

    Cheers in advance if anyone can help.

    Carl

  2. esmi
    Forum Moderator
    Posted 1 year ago #

    If your users are assigned the role of Subscriber, they will not be able to access any Post/Page editing pages.

  3. RS Publishing
    Member
    Posted 1 year ago #

    esmi is correct! Have a look in your admin -> settings -> general and make sure that you have given new registrations (New User Default Role) the role of subscriber.

  4. brook1979
    Member
    Posted 1 year ago #

    Hi esmi, rspublishing,

    Thanks for the replies! I have s2 member installed and the default role for my users is s2 level 1! I have it now set so that they can actually view their post and delete them (but not others, only their own), the only problem im having is that on the "post->all post" page there is a button called add new, and i thought the best way to do this rather than just hide it would be to restrict access to the page.

    Hope this is a better explanation, thanks for the help AND if you can help me with this it will be very much appreciated.

    carl

  5. RS Publishing
    Member
    Posted 1 year ago #

    hi Carl,

    you are most welcome! have a look at the following plugin (use in addition to s2member), and let me know if this helps: http://wordpress.org/extend/plugins/user-role-editor/

  6. brook1979
    Member
    Posted 1 year ago #

    Hi RSP,

    Cheers for the reply; im almost their now! The plugins are great if you want your users NOT to be able to view post or "ADD NEW" post at all, i want my users to be able to view theirs and others and be able to only delete theirs WHICH is what i have accomplished up to now.

    What i want to do is get EVERYONE who is NOT an administrator to NOT be able to access this page (page below) AND because i grant access to view the post-> all post page, USERS can see the "ADD NEW" button.....

    /wp-admin/post-new.php

    Thanks for helping RSP, very much appreciated.

  7. RS Publishing
    Member
    Posted 1 year ago #

    hi Carl,

    okay, after digging deeper into what exactly it is that you need (without a plugin and using CSS as requested), i came across the following solution (to be used in your themes functions.php):

    <?php
    
    //functions hooking to their actions
    add_action('admin_init','mod_cap');
    add_action('admin_init','display_notice');
    add_action('admin_menu','mod_umenu');
    add_action('admin_menu','admin_redirect');
    add_action('admin_head','hide_button');
    
    //user roles without the subscriber. however, can be added
    $author_role = get_role('author');
    $author_role -> remove_cap('publish_post');
    $editor_role = get_role('editor');
    $editor_role->remove_cap('publish_post');
    $contributor_role = get_role('contributor');
    $contributor_role -> remove_cap('publish_post');
    
    //unsetting the menu item and changing capability
    function mod_umenu() {
      global $submenu;
      unset($submenu['edit.php'][10]);
      $submenu['edit.php'][10][1] = 'publish_posts';
    }
    
    //hiding the button
    function hide_buttons() {
      global $current_screen;
    if($current_screen->id == 'edit-post' && !current_user_can('publish_posts'))
    }
    
    function admin_redirect() {
      $result = stripos($_SERVER['REQUEST_URI'], 'post-new.php');
      if ($result!==false && !current_user_can('publish_posts')) {
    }
    
    function permissions_admin_notice() {
      echo "<div id='permissions-warning' class='error fade'><p><strong>".__('You do not have permission to access that page.')."</strong></p></div>";
    }
    
    function display_notice() {
      if($_GET['permissions_error'])
      {
        add_action('admin_notices', 'permissions_admin_notice');
      }
    }
    ?>

    The original code can be found here: http://erisds.co.uk/wordpress/spotlight-wordpress-admin-menu-remove-add-new-pages-or-posts-link

    However, i have already made the necessary changes (specific to the /wp-admin/post-new.php) to make things easier for you.

    This code should go into your themes functions.php file.

    Please note that i have not tested the code myself. Should you have any trouble, simple post back here.

    All the best :)

  8. RS Publishing
    Member
    Posted 1 year ago #

    Oh, and add this:

    function modify_cap() {

    BETWEEN these two lines:

    //user roles without the subscriber. however, can be added
    $author_role = get_role('author');

    AND

    add this:

    }

    just AFTER:

    $contributor_role -> remove_cap('publish_post');

    IN THE SAME SECTION OF THE CODE I GAVE YOU ABOVE

    I just forgot to add the opening and closing :)

  9. brook1979
    Member
    Posted 1 year ago #

    Hi RSP,

    Thanks for that BUT there seems to be a problem....i made the changes as you mentioned above and so my code is now like this (below)...But this is causing syntax errors and displays the white page when trying to update the functions.php file. SO i used DW to try and see if i can see where the problem is but i cant seem to figure out what it is..

    Can you help with this??

    //functions hooking to their actions
    add_action('admin_init','mod_cap');
    add_action('admin_init','display_notice');
    add_action('admin_menu','mod_umenu');
    add_action('admin_menu','admin_redirect');
    add_action('admin_head','hide_button');
    
    //user roles without the subscriber. however, can be added
    function modify_cap() {
    $author_role = get_role('author');
    $author_role -> remove_cap('publish_post');
    $editor_role = get_role('editor');
    $editor_role->remove_cap('publish_post');
    $contributor_role = get_role('contributor');
    $contributor_role -> remove_cap('publish_post');
    }
    
    //unsetting the menu item and changing capability
    function mod_umenu() {
      global $submenu;
      unset($submenu['edit.php'][10]);
      $submenu['edit.php'][10][1] = 'publish_posts';
    }
    
    //hiding the button
    function hide_buttons() {
      global $current_screen;
    if($current_screen->id == 'edit-post' && !current_user_can('publish_posts'))
    }
    
    function admin_redirect() {
      $result = stripos($_SERVER['REQUEST_URI'], 'post-new.php');
      if ($result!==false && !current_user_can('publish_posts')) {
    }
    
    function permissions_admin_notice() {
      echo "<div id='permissions-warning' class='error fade'><p><strong>".__('You do not have permission to access that page.')."</strong></p></div>";
    }
    
    function display_notice() {
      if($_GET['permissions_error'])
      {
        add_action('admin_notices', 'permissions_admin_notice');
      }
    }

    [Moderator Note: Please post code or markup snippets between backticks or use the code button. As it stands, your code may now have been permanently damaged/corrupted by the forum's parser.]

  10. RS Publishing
    Member
    Posted 1 year ago #

    hi,

    okay, i will have a quick look into this (do a few test on my side as i have not myself tested this code) and get back to you. For what its worth, please disable the role scoper plugin as well as the member plugin (just for testing). Attached here is the code again (in different form and only using the editor role as a tester). Paste this (without the opening <?php and closing ?> into your themes functions.php file.

    function modify_capabilities()
    {
      $editor_role = get_role('editor');
      $editor_role->remove_cap('publish_posts');
    }
    
    function modify_menu()
    {
      global $submenu;
      unset($submenu['edit.php'][10]);
      $submenu['edit.php'][10][1] = 'publish_posts';
    }
    
    function hide_buttons()
    {
      global $current_screen;
    if($current_screen->id == 'edit-post' && !current_user_can('publish_posts'))
    }
    
    function permissions_admin_redirect() {
      $result = stripos($_SERVER['REQUEST_URI'], 'post-new.php');
      if ($result!==false && !current_user_can('publish_posts')) {
    }
    
    function permissions_admin_notice()
    {
    echo "<div id='permissions-warning' class='error fade'><p><strong>".__('You do not have permission to access that page.')."</strong></p></div>";
    }
    
    function permissions_show_notice()
    {
      if($_GET['permissions_error'])
      {
        add_action('admin_notices', 'permissions_admin_notice');
      }
    }
    add_action('admin_init','modify_capabilities');
    add_action('admin_init','permissions_show_notice');
    add_action('admin_menu','modify_menu');
    add_action('admin_menu','permissions_admin_redirect');
    add_action('admin_head','hide_buttons');
  11. brook1979
    Member
    Posted 1 year ago #

    Hi RSP,

    Cheers for the quick help, really do appreciate it, ive been trying this for a couple of days now!

    Ok, i just put the new code in DW and that to is showing a syntax error! Its like theres a closing missing or something!??

    Cheers again for the help.

    Carl

  12. RS Publishing
    Member
    Posted 1 year ago #

    while i test, now try paste this code again but with the opening <?php and closing ?>

  13. RS Publishing
    Member
    Posted 1 year ago #

    as soon as i am done testing, i will post back here. sure we will get this sorted. my apologies for not testing before posting the code though.

  14. brook1979
    Member
    Posted 1 year ago #

    Please don't apologize, ITS FINE! i appreciate the help and you taking the time to help!
    OK, will test this now!

    Carl

  15. brook1979
    Member
    Posted 1 year ago #

    NOPE, still getting the same errors! But im sure its just something like a closing bracket or opening one BUT i cant spot it! Its so frustrating when you cant spot this stuff :) i guess this is what the learning curve is.

  16. RS Publishing
    Member
    Posted 1 year ago #

    okay, i got it!

  17. RS Publishing
    Member
    Posted 1 year ago #

    hi Carl,

    i have tested the code my side and it works! i will re-attached the code (made a few minor changes). Should work on your side!

    So, head back to your themes functions.php file and paste the following code:

    <?php
    function mod_caps()
    {
      $editor_role = get_role('editor');
      $editor_role->remove_cap('publish_posts');
    }
    
    function mod_menu()
    {
     global $submenu;
         $submenu['edit.php'][10][1] = 'publish_posts';
    }
    
    function hide_buttons()
    {
      global $current_screen;
    
      if($current_screen->id == 'edit-post' && !current_user_can('publish_posts'))
      {
        echo '<style>.add-new-h2{display: none;}</style>';
      }
    }
    
    function ap_redirect() {
    $result = stripos($_SERVER['REQUEST_URI'], 'post-new.php');
      if ($result!==false && !current_user_can('publish_posts'))  {
        wp_redirect(get_option('siteurl') . '/wp-admin/index.php?permissions_error=true');
    	}
    }
    
    function permissions_admin_notice()
    {
      echo "<div id='permissions-warning' class='error fade'><p><strong>".__('You do not have permission to access that page.')."</strong></p></div>";
    }
    
    function showp_notice()
    {
      if($_GET['permissions_error'])
      {
        add_action('admin_notices', 'permissions_admin_notice');
      }
    }
    
    add_action('admin_init','mod_caps');
    add_action('admin_init','showp_notice');
    add_action('admin_menu','mod_menu');
    add_action('admin_menu','ap_redirect');
    add_action('admin_head','hide_buttons');
    
    ?>

    Do note that this includes the editor only. However, the author, and subscriber can be added manually so only admin has access.

    I have checked and made sure that all brackets are closed ;)

    For testing purposes, please do make sure that you disable the role scoper plugin. You can always switch this back on afterwards.

    Do let me know the outcome as i will most likely turn this into a plugin.

    Good Luck!

  18. RS Publishing
    Member
    Posted 1 year ago #

    Seems i missed a line in the original admin_redirect function (now ap_redirect)

  19. brook1979
    Member
    Posted 1 year ago #

    Sweeeeeeeeeeeeeeeet! It works like a charm!

    Thanks soooo muck RSP for all your help, cant tell ya how much i appreciate that.

    ONE last thing about this, which wordpress php file is it that i have to configure to put a "NICER" permissions page up...??? If you are making this a plugin it might be worth adding this in as a configuration???

    THANKS AGAIN, thats awesome news for me...

    Carl

  20. RS Publishing
    Member
    Posted 1 year ago #

    Fantastic! You are most welcome Carl,

    Okay, as seen in the code, the permission is found here:

    /wp-admin/index.php?permissions_error=true');

    However, i would assume that the permission message text can be altered within the code (section where it appears).

    Should i turn this into a plugin, i will most certainly add this as a config ;)

  21. brook1979
    Member
    Posted 1 year ago #

    Hi RSP,

    Thanks again! Honestly saved me alot of time that as. If ya lived round the corner we'd be going for a beer.

    I would definitely turn it in to a plugin! When you take a step back and look at the plugins available theres not that many available when it comes to hard hacks like this, i mean there is adminimize, white lable cms, menu editor etc etc! But it always seems you need about 3 or 4 plugins to make something work. If i had the time and money available i would create a plugin that would absolutely tear apart the wordpress ADMIN! and just because there is alot of developers building sites for clients using wordpress, and then theres people who like using wordpress BUT like i said not comfortable getting 3-4 plugins to work together.

    Thanks AGAIN :) RSP.

    Carl

  22. RS Publishing
    Member
    Posted 1 year ago #

    hi Carl,

    you are most welcome! Glad i could help hehe,

    Do have a beer for me ;)

    Cheers,

  23. brook1979
    Member
    Posted 1 year ago #

    I will do RSP!

    What is it you actually do RSP?? Catch me on msn if ya like brook1979atmsndotcom

    Carl

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags