WordPress.org

Ready to get started?Download WordPress

Forums

Solution to hide Emails and IP's from "Contributors" (13 posts)

  1. citeewurkor
    Member
    Posted 8 years ago #

    I've been working on this for a week since upgrading. The new roles and capabilities system is really outstanding.
    However, with the upgrade, my writers were able to see the email addresses and IP addresses of commenters through their dashboard using Manage/Posts or Manage/Comments.

    I've come up with a slight modification that will solve this problem.

    First go get the very excellent plugin "Role Manager".
    Follow the instructions there to install the plugin. Be sure on your plugins page after activation the plugin version is 1.3. I had problems getting earlier versions to work.
    Ok, now go to Users/Roles in your dashboard.
    Scroll down to the "Contributor" section.
    Make sure that "edit posts" is checked with a green check mark. Make sure that "read" also is checked with a green check mark. Now change the userlevel to 0.

    Concurrently you will need to slightly modify the menu.php file in your admin folder.

    First backup menu.php in case you need to revert back.
    In menu.php find the following line:
    $submenu['edit.php'][5] = array(__('Posts'), 'edit_posts', 'edit.php');
    Change it to this:
    $submenu['edit.php'][5] = array(__('Posts'), 1, 'edit.php');

    Now find the following line:
    $submenu['edit.php'][20] = array(__('Comments'), 'edit_posts', 'edit-comments.php');
    Change it to this:
    $submenu['edit.php'][20] = array(__('Comments'), 1, 'edit-comments.php');
    Save the file and upload it to your admin folder.

    What this does.
    Now users you have given the ability to write posts, but NOT post them will be able to do so. The "manage" button in their dashboard will be disabled and will return a page that says "you do not have sufficient privileges to access this page."
    This will protect the email addresses and IP addresses from being shown.
    There is probably a better way to accomplish this, but it has worked for me and I hope this helps someone.

    By the way, you can use the new plugin Role Manager to create new roles and implement the same capabilities.
    As far as I can tell, this doesn't affect any other roles.

    This is my first attempt at a hack, so forgive me if it's really ugly!

  2. citeewurkor
    Member
    Posted 8 years ago #

    I've been messing around some more. The only downside I see to this, is that in order for a Contributor to see his or her drafts is to go to the writing panel, where before they could use the "manage" panel.

    On the other hand, now as an administrator, I can't see their drafts. Sigh.. nevermind... moderators, you can delete this if you want....

  3. citeewurkor
    Member
    Posted 8 years ago #

    ok, trash everything above. Here is one that works. And it doesn't require the plugin (although the plugin is really cool.)
    In the menu.php file in your admin folder find the line:(near the top)

    $menu[10] = array(__('Manage'), 'edit_posts', 'edit.php');
    Change it to:
    $menu[10] = array(__('Manage'), 2, 'edit.php');

    This takes the button "Manage" completely out of the "Contributors" dashboard, and still allows you to see their drafts as an administrator.
    In order for Contributors to see their drafts, they simply have to press "write", and all their drafts are listed along with the writing tools.

    I feel like I'm talking to myself. Anyone else not see this as an issue?

  4. vkaryl
    Member
    Posted 8 years ago #

    Well, that's a nice solution. But no, I don't have an issue with this because I don't have people posting that I don't trust to see emails and IPs.

  5. citeewurkor
    Member
    Posted 8 years ago #

    Thanks vkaryl. Yeah, most people won't have this issue, but anonymous bloggers like myself who have anonymous writers really need this. There was another thread where several people were needing this. I hope it helps someone.

    I might note that "contributors" still have links on their main dashboard to edit comments, but they simply get a page that says something like, "you don't have permission to access this page." I'm sure you could even take the dashboard part out, but that's overkill for me. As long as the email addresses and IP's are hidden, I'm good to go!

  6. snowcrash
    Member
    Posted 8 years ago #

    This is very nice little hack. Been looking for how to do this - thanks!

  7. ringmaster
    Member
    Posted 8 years ago #

    This is not an optimal solution because it hacks a core file. When you upgrade WordPress you may forget that you made this change, and then all of those email addresses will be visible again!

    Moreover, a future version of WordPress may not support user_level values that you're trusting here by replacing the capabilties with with numbers. This may also prevent other current plugins that obey the capabilities system from providing their functionality.

    So you probably shouldn't do this.

    Alternatively, you can create a plugin that will adjust the menu to use appropriate capability-style permissions.

    Create a sink function for the admin_menu hook, and in it replace the existing menu structures, similar to the first post on this thread:

    /*
    Plugin Name: Unmanage Posts
    Description: Require manage_posts capability to manage posts
    Author: Owen Winkler
    Version: 1.0
    Author URI: http://asymptomatic.net/
    */
    add_action('admin_menu', 'my_admin_menu');
    add_filter('capabilities_list', 'my_caps_list');
    // Redefine some menu cap requirements:
    function my_admin_menu() {
    // Make the menu variables accessable here:
    global $menu, $submenu;
    $submenu['edit.php'][5] = array(__('Posts'), 'manage_posts', 'edit.php');
    }
    // Define a new capability for the Role Manager to use:
    function my_caps_list($caps) {
    $caps[] = 'manage_posts';
    return $caps;
    }

    This causes the main Manage|Posts link to be inaccessible unless the user has the "manage_posts" capability. Use the Role Manager to add this capability to those who need it.

    This solution is more future-proof, and outlines an easy way to define your own capability requirements for any menu set, not just Manage|Posts, while being compatible with the WordPress 2.0 name-based capability system.

    You can also use pre-existing capabilities, but I added a custom capability name because that seems to be the best way to do what you're asking.

  8. snowcrash
    Member
    Posted 8 years ago #

    I did wonder about the problem of hacking core files and esp in relation to the headache of maintaining it with upgrades and the long-term

    Just tried your code, it seems to be working very fine indeed.

    Thank-you for offering such a superior solution

  9. mellis
    Member
    Posted 8 years ago #

    Very nice solution, ringmaster. Is there any way, however, to simply hide the "Manage" menu instead of giving an error when it's clicked? Or, is there a place I can find documentation of the $submenu variable to try to answer this question myself?

  10. cooldown
    Member
    Posted 8 years ago #

    a question concerning ringmaster's solution. I am sorry but I didn't quite understand what to do with this code, where I should put these lines?
    /*
    Plugin Name: Unmanage Posts
    Description: Require manage_posts capability to manage posts
    Author: Owen Winkler
    Version: 1.0
    Author URI: asymptomatic.net/
    */
    add_action('admin_menu', 'my_admin_menu');
    add_filter('capabilities_list', 'my_caps_list');
    // Redefine some menu cap requirements:
    function my_admin_menu() {
    // Make the menu variables accessable here:
    global $menu, $submenu;
    $submenu['edit.php'][5] = array(__('Posts'), 'manage_posts', 'edit.php');
    }
    // Define a new capability for the Role Manager to use:
    function my_caps_list($caps) {
    $caps[] = 'manage_posts';
    return $caps;
    }

    could you help me out? thank you

  11. snowcrash
    Member
    Posted 8 years ago #

    Cooldown: using a text editor such as notepad, copy the text and save as unmanage.php. Then upload into your plugins folder & activate like any other plugin. (You need the role manager plugin too).

    Mellis: I think this 'dirty' hack can get rid of the Manage menu for non-Admins. Open file menu.php found in WP-admin folder, and cut & replace the first 3 $menu[ ] lines with this:

    $menu[0] = array(__('Dashboard'), 'manage_options', 'index.php');
    $menu[5] = array(__('Write'), 'edit_posts', 'post.php');
    $menu[10] = array(__('Manage'), 'manage_options', 'edit.php');

    remember to back up the original file.

    Is there a better way to achieve this?

  12. bushtool
    Member
    Posted 7 years ago #

    I've done citeewurkor's hack below. It works fine but whenever a change is made to a profile, I receive the following error:

    Warning: Cannot modify header information - headers already sent by (output started at /home/d4v/public_html/wp-admin/menu.php:67) in /home/d4v/public_html/wp-includes/pluggable-functions.php on line 272.

    Thanks for any help you can give me.

    citeewurkor's hack:
    I've come up with a slight modification that will solve this problem.

    First go get the very excellent plugin "Role Manager".
    Follow the instructions there to install the plugin. Be sure on your plugins page after activation the plugin version is 1.3. I had problems getting earlier versions to work.
    Ok, now go to Users/Roles in your dashboard.
    Scroll down to the "Contributor" section.
    Make sure that "edit posts" is checked with a green check mark. Make sure that "read" also is checked with a green check mark. Now change the userlevel to 0.

    Concurrently you will need to slightly modify the menu.php file in your admin folder.

    First backup menu.php in case you need to revert back.
    In menu.php find the following line:
    $submenu['edit.php'][5] = array(__('Posts'), 'edit_posts', 'edit.php');
    Change it to this:
    $submenu['edit.php'][5] = array(__('Posts'), 1, 'edit.php');

    Now find the following line:
    $submenu['edit.php'][20] = array(__('Comments'), 'edit_posts', 'edit-comments.php');
    Change it to this:
    $submenu['edit.php'][20] = array(__('Comments'), 1, 'edit-comments.php');
    Save the file and upload it to your admin folder.

    What this does.
    Now users you have given the ability to write posts, but NOT post them will be able to do so. The "manage" button in their dashboard will be disabled and will return a page that says "you do not have sufficient privileges to access this page."
    This will protect the email addresses and IP addresses from being shown.
    There is probably a better way to accomplish this, but it has worked for me and I hope this helps someone.

    By the way, you can use the new plugin Role Manager to create new roles and implement the same capabilities.
    As far as I can tell, this doesn't affect any other roles.

    This is my first attempt at a hack, so forgive me if it's really ugly!

  13. bushtool
    Member
    Posted 7 years ago #

    nevermind, I had a couple carriage returns at the end of the file. Duh....

Topic Closed

This topic has been closed to new replies.

About this Topic