Support » Fixing WordPress » user levels for hidding features in admin section

  • I want to have some of the advanced functions hidden in the admin section. For instance I dont want a user with level 5 to be able to change the page template.

    I want that drop down field completely gone for users with a specific level that I would put in the code.
    I have searched around and found this in the edit-page-form.php file in wp-admin/

    <?php if ($user_level > 7 && $users = $wpdb->get_results(“SELECT ID, user_login, user_firstname, user_lastname FROM $wpdb->users WHERE user_level <= $user_level AND user_level > 0”) ) : ?>

    <?php endif; ?>

    but im not sure what to edit and take out.

    so what exact code should I use for having functions enabled/disabled depending upon the user level that I could just add to already existing php code?

Viewing 6 replies - 1 through 6 (of 6 total)
  • It’s more an “out of site, out of mind” sort of security, since it doesn’t lock down the pages, but if you edit the menu.php under wp-admin/, you’ll find a number of $menu[] and $submenu[] variable settings. A couple examples:

    $menu[0] = array(__('Dashboard'), 0, 'index.php');

    $submenu['edit.php'][10] = array(__('Pages'), 5, 'edit-pages.php');

    You’ll see after the name of the menu/submenu a number (0 for Dashboard, 5 for Pages). That’s the lowest user level allowed for a menu/submenu to be displayed for. If you edit this to one above the level(s) you need to close it to, you can at least remove it from the menu choices.

    Note: Always back up any source files before editing them, and comment your changes for future reference.

    thanks Kafkaesqui but I was looking more on how to take out functions of different things on the post and page pages.

    I am fine with the people being able to create pages/posts I just dont want them to have all the options.

    well I have searched around more, but i still havent found the answer.

    I think I figured it out. When I first tried to do it, I had an extra character in the code that was causing errors.

    I tried it again today and its work just as expected.

    Does anyone see a problem to this?
    Otherwise I am going to put it in the codex for people that want to give their users less control over various functions of the create new page or journal entry pages.

    The only problem I can see is that it might not be enough to simply hide the option on the entry page. A clever user might be able to spoof the input fields, so the back-end script must also have a check for the user level, for each input field that you are hiding.

    I tried setting the Dashboard array

    $menu[0] = array(__(‘Dashboard’), ‘read’, ‘index.php’);

    replacing 0 with 10 and then the admin person cannot access admin pages. If I replace it with 9, then anyone can.

    So, this isn’t working… all I want to do is hide the dashboard from everyone except admin-level (10) users.

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘user levels for hidding features in admin section’ is closed to new replies.