wp-bannerize working with custom wp user roles and capabilities
Hi, firstly, thanks to the developers for creating this great looking plugin.
As many people have reported (eg: http://wordpress.org/support/topic/plugin-wp-bannerize-wp-bannerize-dashboard-link-shows-even-to-subscriber-contributor-and-author), the current version (3.0.62) ALWAYS shows the banner admin features (add, edit, delete banners, etc), to any user with ‘creat-post’ capability. This is rarely what is required. Most often we need to DISALLOW normal post authors, contributers etc from accssing banners (and other custom post types). Indeed the authors themselves conceed this requirement (in post referenced above) and suggest they will be icorporating a new user role capability “wp_bannerize_manage”.
That was a year ago & I got fed up waiting, so did it myself: vis:
The files you will need to change are:
/wp-content/plugins/wp-bannerize/Classes/wpBannerizeAdmin.php – http://pastebin.com/v0gGBuqx
/wp-content/plugins/wp-bannerize/main.php – http://pastebin.com/En0igmnp
/wp-content/plugins/wp-bannerize/main.h.php – http://pastebin.com/JbmgMMSs
– the pastbin links above contain my changes marked ‘mod jrc 070613’
I’ve tested it & it seems to work fine. Anyone else with similar requirement, or alternatively if the plugin authors themseves wish to grab it & incorporate into the next release – help yourself.
Just a couple of words on the configuring for the changed code & limitations thereof:
1) in main.h.php i have changed constant kWPBannerizeUserCapabilitiy from ‘edit_posts’ to a new custom capability name ‘manage_wp_bannerize_banners’.
you can actually change the capability name to whatever you want (if you really needd to), and this is the only place it need be set or changed in code.
the new capabilty itself is defined by additional changes below:
2) in wpBannerizeAdmin.php i have added some extra code to following functions:
funtion pluginDidActive() – the plugin activation hook callback function – here, i simply add the capability specified above (in kWPBannerizeUserCapabilitiy const) to the normal wp ‘administraor’ role.
this new capability name will thus appear as an available role capability from within the standard wp 3.5+ user ‘roles’ menu, via admin and the site administrator can assigned at at will to any other useres/groups they wish to have access to banner admin; eveyone else (withgout such capability) will not see sany banner admin stuff.
in addition, a new wp option is set in order to assist with safe ‘unsetting’ of this cap[ability when plugin is deactivated.
function pluginDidDeactive() – the plugin activation hook callback function – here i simply reverse/backout any previously made capability assignment (performed in pluginDifActivate above)
two scenarious i am trying to guard against:
1) where developer has set the kWPBannerizeUserCapabilitiy constant to an existing ‘standard’ wp capability name (eg: edit-posts) – obviously we never want to remove such capability from admin (or anyonelse) if tey have been granted this capability be default, OR by another plugin
2) where developer has set the kWPBannerizeUserCapabilitiy constant to some existing ‘custom’ wp capability name (eg: ‘manage-someotherplugin_capa’) – again, we never want to remove that here.
be warned however, the protection i have provided here is NOT absolutely bulletproof!
as it is (using the new capability name ‘manage_wp_bannerize_banners’ as i have set in main.h.php), there should never be any clash (since the capability name has unique namespace), thus is best to leave at this value unless you have a very good resaon to change it & you know what u r doing .
3) in main.php – i just corrected a mistake in original code – it was using register_activation_hook() instead of register_activation_hook() to register the deactivation function call-back pluginDidDeactive(). (since previously that function was empty it didnt actually produce an error, whereas now we have a real stuff to do at deactivation.
a) check you are using a compatible versions – wp >= 3.5, wp-bannerize ==3.0.62
b) apply the changes from my pastbin files (else just copy over files)
c) deactivate and reactivate the wp-bannerize plugin
d) assign new role capability ‘manage_wp_bannerize_banners’ to any user or user role (or possibly user group), that you desirem via adminm users, roles (and capabilities)
please drop a line here if you discover any probelms with it, or can suggest a beter solution.
- The topic ‘wp-bannerize working with custom wp user roles and capabilities’ is closed to new replies.