我已经为客户建立了一个WordPress网站。客户端具有编辑者角色,但是我已经安装了Members插件,并为客户端提供了将新用户添加到WP admin的功能。这很好。
我的问题是,我希望客户端能够像贡献者,订阅者,编辑者和作者(而不是管理员)那样创建新用户。客户端创建的新用户不应具有管理员角色。是否可以某种方式隐藏此选项?
谢谢Vayu
Answers:
实际上很简单。您需要过滤map_meta_caps并阻止编辑器创建/编辑管理员,并从“可编辑角色”数组中删除管理员角色。这个类,作为插件或在主题的functions.php文件中,可以做到:
class JPB_User_Caps {
// Add our filters
function __construct(){
add_filter( 'editable_roles', array($this, 'editable_roles'));
add_filter( 'map_meta_cap', array($this, 'map_meta_cap'), 10, 4);
}
// Remove 'Administrator' from the list of roles if the current user is not an admin
function editable_roles( $roles ){
if( isset( $roles['administrator'] ) && !current_user_can('administrator') ){
unset( $roles['administrator']);
}
return $roles;
}
// If someone is trying to edit or delete and admin and that user isn't an admin, don't allow it
function map_meta_cap( $caps, $cap, $user_id, $args ){
switch( $cap ){
case 'edit_user':
case 'remove_user':
case 'promote_user':
if( isset($args[0]) && $args[0] == $user_id )
break;
elseif( !isset($args[0]) )
$caps[] = 'do_not_allow';
$other = new WP_User( absint($args[0]) );
if( $other->has_cap( 'administrator' ) ){
if(!current_user_can('administrator')){
$caps[] = 'do_not_allow';
}
}
break;
case 'delete_user':
case 'delete_users':
if( !isset($args[0]) )
break;
$other = new WP_User( absint($args[0]) );
if( $other->has_cap( 'administrator' ) ){
if(!current_user_can('administrator')){
$caps[] = 'do_not_allow';
}
}
break;
default:
break;
}
return $caps;
}
}
$jpb_user_caps = new JPB_User_Caps();好的,所以我看了一下为什么它让用户删除无法通过。看起来delete_user的处理方式与edit_user略有不同;我已经修改了map_meta_cap方法来解决此问题。我已经在3.0.3上进行了测试,这将阻止除管理员之外的任何人实际删除,编辑或创建管理员。
我更新了代码以反映以下@ bugnumber9的答案。请给那个答案一个赞!
尽管已有大约7年的历史了,但是可以轻松地在谷歌上搜索此线程,并且仍然可以提供可行的解决方案。我的意思是@John P Bloch提供的代码。
就是说,在PHP 7下,它会产生一个非严重错误(PHP已弃用),如下所示:
不推荐使用PHP:与类相同名称的方法在将来的PHP版本中将不再是构造函数;JPB_User_Caps在...中已弃用构造函数
为了解决这个问题,只需替换以下部分:
// Add our filters
function JPB_User_Caps(){
add_filter( 'editable_roles', array(&$this, 'editable_roles'));
add_filter( 'map_meta_cap', array(&$this, 'map_meta_cap'),10,4);
}有了这个:
// Add our filters
function __construct() {
add_filter( 'editable_roles', array(&$this, 'editable_roles') );
add_filter( 'map_meta_cap', array(&$this, 'map_meta_cap'), 10, 4 );
}这样可以解决问题。
我正在寻找一个解决方案,其中编辑器可以只编辑菜单并创建/编辑用户而无需插件。因此,我最终为有兴趣的人制作了它。
// Customizes 'Editor' role to have the ability to modify menus, add new users
// and more.
class Custom_Admin {
// Add our filters
public function __construct(){
// Allow editor to edit theme options (ie Menu)
add_action('init', array($this, 'init'));
add_filter('editable_roles', array($this, 'editable_roles'));
add_filter('map_meta_cap', array($this, 'map_meta_cap'), 10, 4);
}
public function init() {
if ($this->is_client_admin()) {
// Disable access to the theme/widget pages if not admin
add_action('admin_head', array($this, 'modify_menus'));
add_action('load-themes.php', array($this, 'wp_die'));
add_action('load-widgets.php', array($this, 'wp_die'));
add_action('load-customize.php', array($this, 'wp_die'));
add_filter('user_has_cap', array($this, 'user_has_cap'));
}
}
public function wp_die() {
_default_wp_die_handler(__('You do not have sufficient permissions to access this page.'));
}
public function modify_menus()
{
remove_submenu_page( 'themes.php', 'themes.php' ); // hide the theme selection submenu
remove_submenu_page( 'themes.php', 'widgets.php' ); // hide the widgets submenu
// Appearance Menu
global $menu;
global $submenu;
if (isset($menu[60][0])) {
$menu[60][0] = "Menus"; // Rename Appearance to Menus
}
unset($submenu['themes.php'][6]); // Customize
}
// Remove 'Administrator' from the list of roles if the current user is not an admin
public function editable_roles( $roles ){
if( isset( $roles['administrator'] ) && !current_user_can('administrator') ){
unset( $roles['administrator']);
}
return $roles;
}
public function user_has_cap( $caps ){
$caps['list_users'] = true;
$caps['create_users'] = true;
$caps['edit_users'] = true;
$caps['promote_users'] = true;
$caps['delete_users'] = true;
$caps['remove_users'] = true;
$caps['edit_theme_options'] = true;
return $caps;
}
// If someone is trying to edit or delete and admin and that user isn't an admin, don't allow it
public function map_meta_cap( $caps, $cap, $user_id, $args ){
// $args[0] == other_user_id
foreach($caps as $key => $capability)
{
switch ($cap)
{
case 'edit_user':
case 'remove_user':
case 'promote_user':
if(isset($args[0]) && $args[0] == $user_id) {
break;
}
else if(!isset($args[0])) {
$caps[] = 'do_not_allow';
}
// Do not allow non-admin to edit admin
$other = new WP_User( absint($args[0]) );
if( $other->has_cap( 'administrator' ) ){
if(!current_user_can('administrator')){
$caps[] = 'do_not_allow';
}
}
break;
case 'delete_user':
case 'delete_users':
if( !isset($args[0])) {
break;
}
// Do not allow non-admin to delete admin
$other = new WP_User(absint($args[0]));
if( $other->has_cap( 'administrator' ) ){
if(!current_user_can('administrator')){
$caps[] = 'do_not_allow';
}
}
break;
break;
}
}
return $caps;
}
// If current user is called admin or administrative and is an editor
protected function is_client_admin() {
$current_user = wp_get_current_user();
$is_editor = isset($current_user->caps['editor']) ? $current_user->caps['editor'] : false;
return ($is_editor);
}
}
new Custom_Admin();@John P Blochs解决方案仍然可以正常工作,但是我想我也将为“ map_meta_cap”添加一些小的过滤器。只是更短更干净一点,至少对于我来说是这样;)
function my_map_meta_cap( $caps, $cap, $user_id, $args ) {
$check_caps = [
'edit_user',
'remove_user',
'promote_user',
'delete_user',
'delete_users'
];
if( !in_array( $cap, $check_caps ) || current_user_can('administrator') ) {
return $caps;
}
$other = get_user_by( 'id', $args[0] ?? false ); // PHP 7 check for variable in $args...
if( $other && $other->has_cap('administrator') ) {
$caps[] = 'do_not_allow';
}
return $caps;
}
add_filter('map_meta_cap', 'my_map_meta_cap', 10, 4 );