Support » Developing with WordPress » Problem with user permissions

  • I’m trying to limit the capabilities of subsribers. They’re only allowed to make custom posts but there are some things i’m not able to fix.

    1. When they make a custom post they cannot edit tags, they can only see them. I want them to be able to edit tags.

    2. They can also see the “Post Attributes” window where they can change the post template. I don’t want them to be able to do this.

    3. Lastly, subscribers are able to edit things in the “Publish” window, i only want the publish button, not all the other options (visibility, status etc.)

    This is my code for handling capabilities :

    
    function add_subscriber_caps() {
        // gets the administrator role
        $subscriber = get_role( 'subscriber' );
    
        $subscriber->add_cap( 'edit_projects' ); 
        $subscriber->add_cap( 'delete_projects' ); 
        $subscriber->add_cap( 'publish_projects' ); 
        $subscriber->add_cap( 'upload_files' ); 
        $subscriber->remove_cap( 'publish_posts' ); 
        $subscriber->remove_cap( 'edit_posts' ); 
        $subscriber->remove_cap( 'read_posts' ); 
        $subscriber->remove_cap( 'remove_posts' ); 
        $subscriber->remove_cap( 'post-attributes' ); 
    }
    add_action( 'admin_init', 'add_subscriber_caps');
    
    function add_admin_caps() {
        // gets the administrator role
        $admins = get_role( 'administrator' );
    
        $admins->add_cap( 'edit_projects' ); 
        $admins->add_cap( 'edit_projects' ); 
        $admins->add_cap( 'edit_other_projects' ); 
        $admins->add_cap( 'publish_projects' ); 
        $admins->add_cap( 'read_projects' ); 
        $admins->add_cap( 'read_private_projects' ); 
        $admins->add_cap( 'delete_projects' ); 
    }
    add_action( 'admin_init', 'add_admin_caps');

    I’ve tried using the plugin “User Role Editor”, but it does the exact same thing. Probably because it’s doing the exact same thing as i’m doing in my code…

    Does anybody know how to solve these problems?

Viewing 4 replies - 1 through 4 (of 4 total)
  • Hi,
    You can use below plugin to resolve your issue.

    Advanced Access Manager
    https://wordpress.org/plugins/advanced-access-manager/

    Moderator bcworkz

    (@bcworkz)

    Hmmm. I’d be interested to know if the AAM plugin is able to do what you want. Count me as rather skeptical, but it’s certainly worth a try. The only solution I see is rather involved. You’d need to remove the applicable meta boxes and replace them with custom versions AFAIK. Also verify capabilities from the applicable functions actually doing the updates because clever users could submit data without using your custom meta box form. Checking from the applicable update functions is the only way to prevent this sort of work around. Good luck! (sincere, not snark)

    Hi,
    You can use below plugin to resolve your issue.

    Advanced Access Manager
    https://wordpress.org/plugins/advanced-access-manager/

    Maybe you know more than i do but that plugin does exactly the same as User Role Editor.

    It seems that it is impossible to do what i want…. Why are these capabilities so half-assed? Why is WordPress making it so hard to let other users use Tags, it can’t be this difficult can it? It’s possible to hide allot of things in the post-edit page but not the Page Template section?

    Either i’m missing something or capabilities in wordpress are really half-assed.

    Moderator bcworkz

    (@bcworkz)

    Not impossible. Difficult, yes. Unless by “impossible” you mean doing so by existing plugin. Your need is apparently a fringe use case. I could be wrong. Maybe this reply will be followed by a slew of “No! I need this too!” posts. (to others reading: This is an attempt at levity, note that “me too” posts are discouraged by the forum guidelines. Thoughtful discussion is welcome though.) However, I do agree that WP could use more filters to hook into when confirming user capabilities so plugin devs can add the kind of fine grained control that you want.

    While it will not help your immediate need, I suggest you submit an enhancement or feature request Trac ticket asking that WP provide such filters. It’s not that difficult to implement, but core devs need to know it’s something folks want to see. Please do a Trac search before posting to be sure someone has not already done exactly this. I’m sorry WP does not meet your needs, but it’s up to the WP community to make it better.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Problem with user permissions’ is closed to new replies.