You could conditionally enqueue a script that disables certain form fields based on current user capabilities. Of course if someone disables scripting on their browser, they’d gain access to the fields, but it’d deter most people. That or hiding with CSS is as good as it’ll get because it’s very difficult to suppress field output from PHP.
Fortunately, there are a number of filters you can use server side to enforce the ability to change, so it wouldn’t help someone in the end to get around client side restrictions. For example, you can conditionally restore certain submitted fields to their original values prior to updating via “wp_pre_insert_user_data” and “update_user_metadata”.
Hi,
Since I was already using Adminimize to hide some left side menu items, I added custom fields in Adminimize to hide them on the pages in question.
Unfortunately, it’s a global hide, so a subadmin can’t change their own password when I hide that field for the other user profile pages.
I saw this CSS trick for role-based CSS. Maybe I can modify it a bit for my needs.
We need more hooks for these other fields.
I don’t see an “issues” section in the WP github, so I’ll just leave this here as a feature request for these additional hooks.
Github issues are only raised for the Gutenberg project. Feature requests and enhancements in core PHP are managed through our Trac system. If you want to post a Trac ticket, please do some searching in existing tickets first to ensure a similar ticket has not already been posted.
Michael’s suggested code that you linked appears to be for front end pages. While some of his suggested code would not apply to admin pages, the concept in general is sound. You can filter admin body classes with ‘admin_body_class’. Additional CSS is for front end pages only. You can instead enqueue your own admin CSS at the “admin_enqueue_scripts” action.
When a user is editing their own profile, the constant IS_PROFILE_PAGE
is defined as true
. You’d only hide the password field for sub-admins if that is not set, i.e. when they are editing another user’s data. Editing another user’s data isn’t considered to be editing a “profile” per se. Only your own user data is considered to be a profile. Somewhat tortured semantics there, but it is what it is.
Hello,
Just thought I’d post an update for those who may wish to do something similar.
I hid the various elements from subadmins using a mixture of Adminimize custom options and this:
add_filter( 'admin_body_class', 'hide_from_subadmins' );
function hide_from_subadmins( $classes ) {
if(current_user_can('subadmin') ) {
$classes = 'user-role-subadmin';
}
return $classes;
}
For elements that don’t have an ID, class or name, or that have attributes in common with other elements that I want to remain visible, I based it on tag position/count. Here’s a CSS example which hides the Website and Send User Notification rows from the Add New User page:
.user-role-subadmin .form-table tr:nth-child(1n+5) {
display: none !important;
}
Adminimize isn’t necessary, of course. I just had a bunch of custom options in it already and haven’t put them in the separate CSS yet.
If you have multiple form-tables and use the above, it will hide such rows from all tables. It is easily modified to hide per page. There’s plenty of material on the web showing how to do it. There are even plugins for doing it. It just so happens that my subadmin control is minimal/simple enough that I can get away with using such globals.
As for password editing, I decided to hide that section in its entirety from the subadmin role and just use the Ultimate Member front end Change Password form for everyone, which allows only the current user to change their own password.
I also used admin_enqueue_scripts
to load a custom CSS page for the rest of the admin UI styling.
-
This reply was modified 1 year, 8 months ago by IT Hertz.