我有这个功能,可以防止我的三个自定义角色(用于多站点管理员)创建具有“用户”以外其他角色的用户。我扮演的三个角色分别是Basic、Standard和Premium,它们只能在多站点上以“User”角色创建用户。这是函数的外观:
function restrict_roles_get_allowed_roles( $user ) {
$allowed = array();
if ( in_array( \'administrator\', $user->roles ) ) { // Admin can edit all roles
$allowed = array_keys( $GLOBALS[\'wp_roles\']->roles );
} elseif ( in_array( \'basic\', $user->roles ) ) { // If role is "Basic"
$allowed[] = \'user\'; // Allow only role User
/* $allowed[] = \'additionalrole\'; */ // Allow only role additionalrole
} elseif ( in_array( \'standard\', $user->roles ) ) { // If role is "Standard"
$allowed[] = \'user\'; // Allow only role User
} elseif ( in_array( \'premium\', $user->roles ) ) { // If role is "Premium"
$allowed[] = \'user\'; // Allow only role User
}
return $allowed;
}
/* Remove roles that are not allowed for the current user role. */
function restrict_roles_editable_roles( $roles ) {
if ( $user = wp_get_current_user() ) {
$allowed = restrict_roles_get_allowed_roles( $user );
foreach ( $roles as $role => $caps ) {
if ( ! in_array( $role, $allowed ) )
unset( $roles[ $role ] );
}
}
return $roles;
}
add_filter( \'editable_roles\', \'restrict_roles_editable_roles\' );
/* Prevent users deleting/editing users with a role outside their allowance. */
function restrict_roles_map_meta_cap( $caps, $cap, $user_ID, $args ) {
if ( ( $cap === \'edit_user\' || $cap === \'delete_user\' ) && $args ) {
$the_user = get_userdata( $user_ID ); // The user performing the task
$user = get_userdata( $args[0] ); // The user being edited/deleted
if ( $the_user && $user && $the_user->ID != $user->ID /* User can always edit self */ ) {
$allowed = restrict_roles_get_allowed_roles( $the_user );
if ( array_diff( $user->roles, $allowed ) ) {
// Target user has roles outside of our limits
$caps[] = \'not_allowed\';
}
}
}
return $caps;
}
add_filter( \'map_meta_cap\', \'restrict_roles_map_meta_cap\', 10, 4 );
if ( ! function_exists( \'unregister_post_type\' ) ) :
function unregister_post_type() {
global $wp_post_types;
if ( isset( $wp_post_types[ \'post\' ] ) ) {
unset( $wp_post_types[ \'post\' ] );
return true;
}
return false;
}
endif;
add_action(\'init\', \'unregister_post_type\',100);
除了一个部分外,这个工作非常棒。当我以超级管理员身份登录并编辑网络中的站点时,可以添加新用户或添加现有用户。我不能这样做,因为上面的函数以某种方式打破了超级管理员的下拉用户角色选择。但我不知道为什么?
最合适的回答,由SO网友:Nikolay 整理而成
我无法对此进行测试,因为我添加代码时没有遇到您的问题,但请尝试以下更改。我已经使代码工作,只有当网页不在网络管理。请作为超级管理员和其他用户对其进行测试,以验证其是否工作正常。
function restrict_roles_get_allowed_roles( $user ) {
$allowed = array();
if ( in_array( \'administrator\', $user->roles ) ) { // Admin can edit all roles
$allowed = array_keys( $GLOBALS[\'wp_roles\']->roles );
} elseif ( in_array( \'basic\', $user->roles ) ) { // If role is "Basic"
$allowed[] = \'user\'; // Allow only role User
/* $allowed[] = \'additionalrole\'; */ // Allow only role additionalrole
} elseif ( in_array( \'standard\', $user->roles ) ) { // If role is "Standard"
$allowed[] = \'user\'; // Allow only role User
} elseif ( in_array( \'premium\', $user->roles ) ) { // If role is "Premium"
$allowed[] = \'user\'; // Allow only role User
}
return $allowed;
}
/* Remove roles that are not allowed for the current user role. */
function restrict_roles_editable_roles( $roles ) {
if ( $user = wp_get_current_user() ) {
$allowed = restrict_roles_get_allowed_roles( $user );
foreach ( $roles as $role => $caps ) {
if ( ! in_array( $role, $allowed ) )
unset( $roles[ $role ] );
}
}
return $roles;
}
/* Prevent users deleting/editing users with a role outside their allowance. */
function restrict_roles_map_meta_cap( $caps, $cap, $user_ID, $args ) {
if ( ( $cap === \'edit_user\' || $cap === \'delete_user\' ) && $args ) {
$the_user = get_userdata( $user_ID ); // The user performing the task
$user = get_userdata( $args[0] ); // The user being edited/deleted
if ( $the_user && $user && $the_user->ID != $user->ID /* User can always edit self */ ) {
$allowed = restrict_roles_get_allowed_roles( $the_user );
if ( array_diff( $user->roles, $allowed ) ) {
// Target user has roles outside of our limits
$caps[] = \'not_allowed\';
}
}
}
return $caps;
}
if ( ! function_exists( \'unregister_post_type\' ) ) :
function unregister_post_type() {
global $wp_post_types;
if ( isset( $wp_post_types[ \'post\' ] ) ) {
unset( $wp_post_types[ \'post\' ] );
return true;
}
return false;
}
endif;
if ( ! is_network_admin() ) {
add_action(\'init\', \'unregister_post_type\',100);
add_filter( \'map_meta_cap\', \'restrict_roles_map_meta_cap\', 10, 4 );
add_filter( \'editable_roles\', \'restrict_roles_editable_roles\' );
}
