Support » Developing with WordPress » disable user profile editable fields per role?

  • I need to disable/remove certain fields on the user profile page when a subadmin goes to edit a given user.

    I’ve disabled the Application Passwords section via wp_is_application_passwords_available_for_user hook, but I can’t find hooks for the other components.

    I would like to similarly remove/disable Account Management. I want users to be able to change their own passwords, but not allow subadmins to change other user passwords.

    I’ve disabled Role assignment and color schemes via plugins, which use WP hooks that I found, but that’s about as far as they go.

    I’m using Ultimate Member for handling most of the user role/status ops. UM and various other role capability plugins allow user editing, but it’s an all or nothing setting. The plugins I’ve tried don’t provide for specificity in which fields are editable.

    For now, all I want subadmins to be able to change are the emails and maybe nicknames of users with certain roles.

    Are there WP hooks for these other fields that I’m overlooking that someone can point me to?
    If not, is there a php way I can unset the desired fields on/after page load, or do I have to use something like a child rename/parent element destruction JS trick?
    I generally avoid hiding elements via CSS wherever possible, but if that’s the only way to get this done…

Viewing 3 replies - 1 through 3 (of 3 total)
  • Moderator bcworkz

    (@bcworkz)

    You could conditionally enqueue a script that disables certain form fields based on current user capabilities. Of course if someone disables scripting on their browser, they’d gain access to the fields, but it’d deter most people. That or hiding with CSS is as good as it’ll get because it’s very difficult to suppress field output from PHP.

    Fortunately, there are a number of filters you can use server side to enforce the ability to change, so it wouldn’t help someone in the end to get around client side restrictions. For example, you can conditionally restore certain submitted fields to their original values prior to updating via “wp_pre_insert_user_data” and “update_user_metadata”.

    Thread Starter IT Hertz

    (@it-hertz)

    Hi,

    Since I was already using Adminimize to hide some left side menu items, I added custom fields in Adminimize to hide them on the pages in question.
    Unfortunately, it’s a global hide, so a subadmin can’t change their own password when I hide that field for the other user profile pages.

    I saw this CSS trick for role-based CSS. Maybe I can modify it a bit for my needs.

    We need more hooks for these other fields.
    I don’t see an “issues” section in the WP github, so I’ll just leave this here as a feature request for these additional hooks.

    Moderator bcworkz

    (@bcworkz)

    Github issues are only raised for the Gutenberg project. Feature requests and enhancements in core PHP are managed through our Trac system. If you want to post a Trac ticket, please do some searching in existing tickets first to ensure a similar ticket has not already been posted.

    Michael’s suggested code that you linked appears to be for front end pages. While some of his suggested code would not apply to admin pages, the concept in general is sound. You can filter admin body classes with ‘admin_body_class’. Additional CSS is for front end pages only. You can instead enqueue your own admin CSS at the “admin_enqueue_scripts” action.

    When a user is editing their own profile, the constant IS_PROFILE_PAGE is defined as true. You’d only hide the password field for sub-admins if that is not set, i.e. when they are editing another user’s data. Editing another user’s data isn’t considered to be editing a “profile” per se. Only your own user data is considered to be a profile. Somewhat tortured semantics there, but it is what it is.

Viewing 3 replies - 1 through 3 (of 3 total)
  • You must be logged in to reply to this topic.