Support » Fixing WordPress » "add new" post

  • Resolved brook1979

    (@brook1979)


    Hi People,

    Without using a plugin or using css, HOW can i stop people (users of my website) from accessing /wp-admin/post-new.php once they are logged in to the site. Everything else is fine, i just need to restrict this access.

    I have managed to remove it from the admin menu button “add new” but im a little unsure as to how to restrict the access.

    Cheers in advance if anyone can help.

    Carl

Viewing 15 replies - 1 through 15 (of 22 total)
  • esmi

    (@esmi)

    Forum Moderator

    If your users are assigned the role of Subscriber, they will not be able to access any Post/Page editing pages.

    esmi is correct! Have a look in your admin -> settings -> general and make sure that you have given new registrations (New User Default Role) the role of subscriber.

    Hi esmi, rspublishing,

    Thanks for the replies! I have s2 member installed and the default role for my users is s2 level 1! I have it now set so that they can actually view their post and delete them (but not others, only their own), the only problem im having is that on the “post->all post” page there is a button called add new, and i thought the best way to do this rather than just hide it would be to restrict access to the page.

    Hope this is a better explanation, thanks for the help AND if you can help me with this it will be very much appreciated.

    carl

    hi Carl,

    you are most welcome! have a look at the following plugin (use in addition to s2member), and let me know if this helps: http://wordpress.org/extend/plugins/user-role-editor/

    Hi RSP,

    Cheers for the reply; im almost their now! The plugins are great if you want your users NOT to be able to view post or “ADD NEW” post at all, i want my users to be able to view theirs and others and be able to only delete theirs WHICH is what i have accomplished up to now.

    What i want to do is get EVERYONE who is NOT an administrator to NOT be able to access this page (page below) AND because i grant access to view the post-> all post page, USERS can see the “ADD NEW” button…..

    /wp-admin/post-new.php

    Thanks for helping RSP, very much appreciated.

    hi Carl,

    okay, after digging deeper into what exactly it is that you need (without a plugin and using CSS as requested), i came across the following solution (to be used in your themes functions.php):

    <?php
    
    //functions hooking to their actions
    add_action('admin_init','mod_cap');
    add_action('admin_init','display_notice');
    add_action('admin_menu','mod_umenu');
    add_action('admin_menu','admin_redirect');
    add_action('admin_head','hide_button');
    
    //user roles without the subscriber. however, can be added
    $author_role = get_role('author');
    $author_role -> remove_cap('publish_post');
    $editor_role = get_role('editor');
    $editor_role->remove_cap('publish_post');
    $contributor_role = get_role('contributor');
    $contributor_role -> remove_cap('publish_post');
    
    //unsetting the menu item and changing capability
    function mod_umenu() {
      global $submenu;
      unset($submenu['edit.php'][10]);
      $submenu['edit.php'][10][1] = 'publish_posts';
    }
    
    //hiding the button
    function hide_buttons() {
      global $current_screen;
    if($current_screen->id == 'edit-post' && !current_user_can('publish_posts'))
    }
    
    function admin_redirect() {
      $result = stripos($_SERVER['REQUEST_URI'], 'post-new.php');
      if ($result!==false && !current_user_can('publish_posts')) {
    }
    
    function permissions_admin_notice() {
      echo "<div id='permissions-warning' class='error fade'><p><strong>".__('You do not have permission to access that page.')."</strong></p></div>";
    }
    
    function display_notice() {
      if($_GET['permissions_error'])
      {
        add_action('admin_notices', 'permissions_admin_notice');
      }
    }
    ?>

    The original code can be found here: http://erisds.co.uk/wordpress/spotlight-wordpress-admin-menu-remove-add-new-pages-or-posts-link

    However, i have already made the necessary changes (specific to the /wp-admin/post-new.php) to make things easier for you.

    This code should go into your themes functions.php file.

    Please note that i have not tested the code myself. Should you have any trouble, simple post back here.

    All the best 🙂

    Oh, and add this:

    function modify_cap() {

    BETWEEN these two lines:

    //user roles without the subscriber. however, can be added
    $author_role = get_role('author');

    AND

    add this:

    }

    just AFTER:

    $contributor_role -> remove_cap('publish_post');

    IN THE SAME SECTION OF THE CODE I GAVE YOU ABOVE

    I just forgot to add the opening and closing 🙂

    Hi RSP,

    Thanks for that BUT there seems to be a problem….i made the changes as you mentioned above and so my code is now like this (below)…But this is causing syntax errors and displays the white page when trying to update the functions.php file. SO i used DW to try and see if i can see where the problem is but i cant seem to figure out what it is..

    Can you help with this??

    //functions hooking to their actions
    add_action('admin_init','mod_cap');
    add_action('admin_init','display_notice');
    add_action('admin_menu','mod_umenu');
    add_action('admin_menu','admin_redirect');
    add_action('admin_head','hide_button');
    
    //user roles without the subscriber. however, can be added
    function modify_cap() {
    $author_role = get_role('author');
    $author_role -> remove_cap('publish_post');
    $editor_role = get_role('editor');
    $editor_role->remove_cap('publish_post');
    $contributor_role = get_role('contributor');
    $contributor_role -> remove_cap('publish_post');
    }
    
    //unsetting the menu item and changing capability
    function mod_umenu() {
      global $submenu;
      unset($submenu['edit.php'][10]);
      $submenu['edit.php'][10][1] = 'publish_posts';
    }
    
    //hiding the button
    function hide_buttons() {
      global $current_screen;
    if($current_screen->id == 'edit-post' && !current_user_can('publish_posts'))
    }
    
    function admin_redirect() {
      $result = stripos($_SERVER['REQUEST_URI'], 'post-new.php');
      if ($result!==false && !current_user_can('publish_posts')) {
    }
    
    function permissions_admin_notice() {
      echo "<div id='permissions-warning' class='error fade'><p><strong>".__('You do not have permission to access that page.')."</strong></p></div>";
    }
    
    function display_notice() {
      if($_GET['permissions_error'])
      {
        add_action('admin_notices', 'permissions_admin_notice');
      }
    }

    [Moderator Note: Please post code or markup snippets between backticks or use the code button. As it stands, your code may now have been permanently damaged/corrupted by the forum’s parser.]

    hi,

    okay, i will have a quick look into this (do a few test on my side as i have not myself tested this code) and get back to you. For what its worth, please disable the role scoper plugin as well as the member plugin (just for testing). Attached here is the code again (in different form and only using the editor role as a tester). Paste this (without the opening <?php and closing ?> into your themes functions.php file.

    function modify_capabilities()
    {
      $editor_role = get_role('editor');
      $editor_role->remove_cap('publish_posts');
    }
    
    function modify_menu()
    {
      global $submenu;
      unset($submenu['edit.php'][10]);
      $submenu['edit.php'][10][1] = 'publish_posts';
    }
    
    function hide_buttons()
    {
      global $current_screen;
    if($current_screen->id == 'edit-post' && !current_user_can('publish_posts'))
    }
    
    function permissions_admin_redirect() {
      $result = stripos($_SERVER['REQUEST_URI'], 'post-new.php');
      if ($result!==false && !current_user_can('publish_posts')) {
    }
    
    function permissions_admin_notice()
    {
    echo "<div id='permissions-warning' class='error fade'><p><strong>".__('You do not have permission to access that page.')."</strong></p></div>";
    }
    
    function permissions_show_notice()
    {
      if($_GET['permissions_error'])
      {
        add_action('admin_notices', 'permissions_admin_notice');
      }
    }
    add_action('admin_init','modify_capabilities');
    add_action('admin_init','permissions_show_notice');
    add_action('admin_menu','modify_menu');
    add_action('admin_menu','permissions_admin_redirect');
    add_action('admin_head','hide_buttons');

    Hi RSP,

    Cheers for the quick help, really do appreciate it, ive been trying this for a couple of days now!

    Ok, i just put the new code in DW and that to is showing a syntax error! Its like theres a closing missing or something!??

    Cheers again for the help.

    Carl

    while i test, now try paste this code again but with the opening <?php and closing ?>

    as soon as i am done testing, i will post back here. sure we will get this sorted. my apologies for not testing before posting the code though.

    Please don’t apologize, ITS FINE! i appreciate the help and you taking the time to help!
    OK, will test this now!

    Carl

    NOPE, still getting the same errors! But im sure its just something like a closing bracket or opening one BUT i cant spot it! Its so frustrating when you cant spot this stuff 🙂 i guess this is what the learning curve is.

    okay, i got it!

Viewing 15 replies - 1 through 15 (of 22 total)
  • The topic ‘"add new" post’ is closed to new replies.