是否禁止自定义角色的用户删除或添加管理员?

时间:2010-11-08 作者:NetConstructor.com

(Moderator\'s note: 最初的标题是“自定义用户角色限制”)

我正在从事的一个项目要求我创建两个新的用户角色——一个是网站所有者,另一个是公司代理。

使用网站所有者-用户角色,我只是想找到一种方法来限制此组中的用户修改核心网站设置,同时有权修改所有其他设置。

下面的代码似乎可以完美地用于除用户管理区域以外的所有领域。我确实希望此组的用户能够添加/修改网站用户,但我遇到的问题是,此组的用户当前能够在“管理员”类别中创建用户,并且还能够删除现有的“管理员”。

我正在寻找的是一种修改以下代码的方法,以便此类用户无法删除或修改设置为“管理员”的用户帐户,并限制用户创建新的管理员帐户。

有人知道怎么做吗?

// CREATE CUSTOM - SITE OWNER - USER ROLE WITH CUSTOM CAPABILITIES
if (!get_role(\'website_owner\')) {
  //let\'s use the editor as the base capabilities
  $caps = get_role(\'editor\')->capabilities; 
  $caps = array_merge( $caps, array(
    \'install_plugins\'               => false,
    \'activate_plugins\'              => false,
    \'update_plugins\'                => false,
    \'delete_plugins\'                => false,
    \'list_users\'                    => true,
    \'add_users\'                     => true,
    \'create_users\'                  => true,
    \'edit_users\'                    => true,
    \'delete_users\'                  => true,
    \'remove_users\'                  => true,
    \'unfiltered_upload\'             => true,
    \'install_themes\'                => false,
    \'update_themes\'                 => false,
    \'delete_themes\'                 => false,
    \'switch_themes\'                 => false,
    \'edit_theme_options\'            => true,
    \'manage_options\'                => false,
    \'import\'                        => false,
    \'update_core\'                   => false,
    \'edit_dashboard\'                => false,
    \'gravityforms_view_entries\'     => true,
    \'gravityforms_edit_entries\'     => true,
    \'gravityforms_delete_entries\'   => true,
    \'gravityforms_export_entries\'   => true,
    \'gravityforms_view_entry_notes\' => true,
    \'gravityforms_edit_entry_notes\' => true,
    \'gravityforms_feed\'             => true,
  )); //adding new capabilities.
  // Ref: http://codex.wordpress.org/Roles_and_Capabilities#Capability_vs._Role_Table
  add_role( \'website_owner\', \'Website Owner\', $caps );
}

2 个回复
最合适的回答,由SO网友:MikeSchinkel 整理而成

你好@NetConstructor:

我想这就是你需要的。请注意,我没有包括您的\'website_owner\' 角色,只需添加一个名为\'manage_administrators\'.

此外,我只尝试从没有\'manage_administrators\' 功能(当然,您需要将其添加到管理员角色中),我还简单地在“添加新用户”页面上删除了管理员作为角色选项。我没有试图确保他们不能通过一些邪恶的方法删除或添加管理员,也没有禁用任何其他允许他们添加或删除管理员的功能。也就是说,也许这就足够了?

add_action(\'user_row_actions\',\'yoursite_user_row_actions\',10,2);
function yoursite_user_row_actions($actions, $user_object) {  // remove the ability to delete an administrator
  global $pagenow;
  if ($pagenow==\'users.php\' && isset($user_object->caps[\'administrator\']) && !current_user_can(\'manage_administrators\'))
    unset($actions[\'edit\']);
    unset($actions[\'delete\']);
  return $actions;
}
add_action(\'editable_roles\',\'yoursite_editable_roles\');
function yoursite_editable_roles($all_roles) { // remove the ability to add an administrator
  global $pagenow;
if (in_array($pagenow,array(\'user-edit.php\',\'user-new.php\')) &&           
       !current_user_can(\'manage_administrators\'))
    unset($all_roles[\'administrator\']);
  return $all_roles;
}
add_action(\'admin_init\',\'yoursite_admin_init\');
function yoursite_admin_init() {
  $wp_roles = new WP_Roles();
  $wp_roles->use_db = true;
  $administrator = $wp_roles->get_role(\'administrator\');
  if (!$administrator->has_cap(\'manage_administrators\'))
    $wp_roles->add_cap(\'administrator\',\'manage_administrators\');

  $website_owner = $wp_roles->get_role(\'website_owner\');
  if (!$website_owner) {
    //let\'s use the editor as the base capabilities
    $caps = get_role(\'editor\')->capabilities;
    $caps = array_merge( $caps, array(
      \'install_plugins\'               => false,
      \'activate_plugins\'              => false,
      \'update_plugins\'                => false,
      \'delete_plugins\'                => false,
      \'list_users\'                    => true,
      \'add_users\'                     => true,
      \'create_users\'                  => true,
      \'edit_users\'                    => true,
      \'delete_users\'                  => true,
      \'remove_users\'                  => true,
      \'unfiltered_upload\'             => true,
      \'install_themes\'                => false,
      \'update_themes\'                 => false,
      \'delete_themes\'                 => false,
      \'switch_themes\'                 => false,
      \'edit_theme_options\'            => true,
      \'manage_options\'                => false,
      \'import\'                        => false,
      \'update_core\'                   => false,
      \'edit_dashboard\'                => false,
      \'gravityforms_view_entries\'     => true,
      \'gravityforms_edit_entries\'     => true,
      \'gravityforms_delete_entries\'   => true,
      \'gravityforms_export_entries\'   => true,
      \'gravityforms_view_entry_notes\' => true,
      \'gravityforms_edit_entry_notes\' => true,
      \'gravityforms_feed\'             => true,
      \'manage_administrators\'         => false,
    ));
    $wp_roles->add_role(\'website_owner\',\'Website Owner\',$caps);
  }
}

SO网友:Bryan Willis

我相信现在可以使用map_meta_cap :

例如,要阻止删除或编辑id为1的管理员用户,可以执行以下操作:

add_filter(\'map_meta_cap\', function( $required_caps, $cap, $user_id, $args ){

   $protected_user = 1; // ID of admin user you want to block from being edited

    if ( $user_id === $protected_user ) // Don\'t block caps if current user = protected user
        return $required_caps;
    $blocked_caps = array(
        \'delete_user\',
        \'edit_user\',
        \'remove_user\'
        );
    if ( in_array( $cap, $blocked_caps ) && $args[0] === $protected_user )
        $required_caps[] = \'do_not_allow\';
    return $required_caps;
}, 10, 4 );

You can add any additional capabilities that you want blocked to the $blocked_caps array.

我还添加了这个,以躲避wp-admin/users.php 页使用php可能会让用户感到不安,但这并没有什么不同,因为如果您使用上述函数,无论如何都无法编辑管理员。

function hide_admin_user_bw() {
  ?>
    <style type="text/css">
    .users-php tr#user-1 {
        display: none!important;
    }
    .users-php li.administrator {
        display: none!important;
    }
    </style>
  <?php
}
add_action(\'admin_head-users.php\', \'hide_admin_user_bw\');

结束
标签: users   capabilities   user-roles   user-access   小码农  

相关推荐