Limit user management within admin "groups"

  • Resolved updownupdown

    (@updownupdown)


    9 years, 7 months ago

    (Not sure where to post this, hopefully I’m in the right forum!)

    I’m looking for a way to “segregate” user creation and management in the back-end. In essence, I want to have an admin (or “super” admin) who can create editors (or “lower” admins), and assign them a group. Those editors can then create their own users within their group (subscribers only), and they can edit or delete those users, but they cannot see, edit, or delete users within any other group.

    In other words, I have a website that’s accessible to users only, and subscriptions are closed. The client wants to license the content of the website to other companies, creating a main login for them. They would then be able to create their own users, but shouldn’t be able to see the users of any other company.

    To be clear, it has nothing to do with limiting which post, page, taxonomy or tag groups (companies) would have access to. Once you’re a user, you can see everything. The problem is to give “lower” admins the power to create users but limit it to some extent.

    I’ve looked at the WP docs, forums, plugins, and can’t find anything to do what I’m looking for. I realize WP wasn’t really built to do that sort of thing, but I’m hoping it can be hacked into doing it somehow.

    The closest thing I’ve found was the MemberMouse plugin, it seems to kind of being able to do what I’m looking for, but it’s way, way overkill, has monthly costs, and may end up being too complicated for the client to use.

    Any help you can give me would be greatly appreciated. Thanks!

Viewing 3 replies - 1 through 3 (of 3 total)
  • joelwarren

    (@joelwarren)

    9 years, 7 months ago

    Hi updownupdown,

    It’s definitely something you can do, but it’ll need a bit of work to make it happen.

    WordPress is already setup with all the roles and permissions, etc that you need. I think you best bet would be to work on top a plugin like Members https://wordpress.org/plugins/members/

    You can then extend the plugin to allow some users to have access to edit users: http://codex.wordpress.org/Roles_and_Capabilities

    From there I’m not sure how you could hide users from other users but you might be able to find the solution in a plugin like: https://wordpress.org/plugins/user-groups/

    Thread Starter updownupdown

    (@updownupdown)

    9 years, 7 months ago

    Thanks for the suggestions Joel. I messed around with some custom code and found a solution. It still needs work, but the basic foundation is there.

    In case anyone ever runs into the same problem: it basically involves adding a user meta field during user creation. When admins create an editor, they can specify an affiliate value for the field, but when editors create subscribers, they are forced to use the same field as theirs for the new user. Then, when an Editor views the user list, there’s a custom query which kicks in (see below) which only makes them see people with the same affiliate user meta.

    This is the code I’m using so far, if anyone wants to use it, use at your own risk, it’s still a work in progress:

    function admin_users_filter( $query ){

	global $pagenow,$wp_query,$user_id;

	if ( is_admin() && $pagenow=='users.php' && !current_user_can('manage_options') ) {

		$editor_user_id = get_current_user_id();
		$affiliate = get_user_meta($editor_user_id, 'affiliate', true);

		$query->search_term = $affiliate;

		global $wpdb;

		if (!is_null($query->search_term)) {
			$query->query_from .= " INNER JOIN {$wpdb->usermeta} ON " . "{$wpdb->users}.ID={$wpdb->usermeta}.user_id AND " . "{$wpdb->usermeta}.meta_key='affiliate' AND "."{$wpdb->usermeta}.meta_value LIKE '%{$query->search_term}%'";
		}
	}

}
add_filter( 'pre_user_query', 'admin_users_filter' );

    I won’t post the rest of the code since it’s fairly long, and it’s also fairly easy to find forums walking you through adding custom user meta fields.

    Moderator bcworkz

    (@bcworkz)

    9 years, 7 months ago

    Yes, you can hide user groups from other groups. Just like you use ‘pre_get_posts’ action to alter post queries, you can use ‘pre_user_query’ to alter the query run by the user list table screen. I’m not sure there’s a plugin that makes this simple, but it is something possible with custom code.

    Pedantic information if anyone cares: The two hooks mentioned are not exactly analogous, the actual analogous hook to ‘pre_user_query’ for posts is ‘posts_request’, but many more people are familiar with ‘pre_get_posts’. ‘posts_request’ is not very well known. I figured ‘pre_get_posts’ was close enough to illustrate the concept.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Limit user management within admin "groups"’ is closed to new replies.