Home Topic Restrict editing pages by user role? Page 2

Change WordPress user roles and capabilities Forums Restrict or Permit access inside WordPress – how to Restrict editing pages by user role?

Tagged: , , , ,

Viewing 8 posts - 16 through 23 (of 23 total)
1 2
  • Author
    Posts
  • 29/09/2015 at 23:33 #1720
    [email protected]
    Participant

    It looks like users of this franchise “role” can edit these pages if they enter from the front end like it shows in this screenshot: http://screencast.com/t/9AC8oHbrndP

    How do we make these pages actually un-editable rather then hidden?

    Thank you so much!

    m-

    30/09/2015 at 03:32 #1721
    Vladimir
    Keymaster

    This is the updated version, which takes into account front-end and blocks editing selected pages. You need update it for your role.

    
add_action('pre_get_posts', 'restrict_posts_list');

function restrict_posts_list($query) {

    if ( !is_blog_admin()) { 
        return $query;
    }
    
    if (current_user_can('administrator') || !current_user_can('editor'))  {
        return $query;
    }
    
    $suppressing_filters = $query->get('suppress_filters'); // Filter suppression on?

    if ($suppressing_filters) {
        return query;
    }

    if ($query->query['post_type']=='page') {            
        $posts_restriction_type = 2; // Prohibit
        $posts_list = array(709, 763);  // comma separated list of pages IDs
        if ($posts_restriction_type==1) {   // Allow
            $query->set('post__in', $posts_list);
        } else {    // Prohibit
            $query->set('post__not_in', $posts_list);
        }
    }

    return $query;
}
// end of restrict_posts_list()

function current_user_has_role($role_to_check) {
    global $current_user;
    
    $has_role = false;
    foreach($current_user->roles as $role) {
        if ($role===$role_to_check) {
            $has_role = true;
            break;
        }
    }
    
    return $has_role;
}
// end of current_user_has_role()

function get_pages_capabilities() {
    $cap_object = new stdClass();
    $cap_object->capability_type = 'page';
    $cap_object->capabilities = array();
    $cap_object->map_meta_cap = true;
    $capabilities = (array) get_post_type_capabilities($cap_object);
    
    return $capabilities;
}

add_filter('map_meta_cap', 'block_edit_pages', 10, 4);

function block_edit_pages($caps, $cap = '', $user_id = 0, $args = array()) {

    if (current_user_has_role('administrator') || !current_user_has_role('editor')) {
        return $caps;
    }
    
    if (substr($cap, 0, 4)=='read') {   // do not block read capabilities
        return $caps;
    }
    
    $posts_restriction_type = 2; // Prohibit
    $posts_list = array(709, 763);   // comma separated list of pages IDs
    

    $capabilities = get_pages_capabilities();        
    if (!isset($capabilities[$cap])) {
        return $caps;
    }

    if (count($args) > 0) {
        $post_id = $args[0];
    } else {
        $post_id = filter_input(INPUT_GET, 'post', FILTER_SANITIZE_NUMBER_INT);
    }
    if (empty($post_id)) {
        return $caps;
    }

    $post = get_post($post_id);    
    if (empty($post) || $post->post_type!=='page') {
        return $caps;
    }

    $do_not_allow = in_array($post_id, $posts_list);    // not edit these pages
    if ($posts_restriction_type == 1) {
        $do_not_allow = !$do_not_allow;   // not edit other pages
    }
    if ($do_not_allow) {
        $caps[] = 'do_not_allow';
    }

    return $caps;
}
// end of block_edit_pages()
    30/09/2015 at 04:34 #1722
    [email protected]
    Participant

    Thank you I just added this code to my functions.php file and it makes my whole WP installation stop working. With just a blank screen on refresh of the back end and the front end.

    if (is_blog_admin() && !(is_super_admin() || current_user_can(‘administrator’)) && current_user_can(‘franchise’)) {
    return $query;
    }

    $suppressing_filters = $query->get(‘suppress_filters’); // Filter suppression on?

    if ($suppressing_filters) {
    return query;
    }

    if ($query->query[‘post_type’]==’page’) {
    $posts_restriction_type = 2; // Prohibit
    $posts_list = array(3,4,5,25,26,27,28,29,30,6,77,79,36,7,81,37,38,39,8,9,10,11,12,13,14,15,16,33,32,35); // comma separated list of pages IDs
    if ($posts_restriction_type==1) { // Allow
    $query->set(‘post__in’, $posts_list);
    } else { // Prohibit
    $query->set(‘post__not_in’, $posts_list);
    }
    }

    return $query;
    }
    // end of restrict_posts_list()

    function current_user_has_role($role_to_check) {
    global $current_user;

    $has_role = false;
    foreach($current_user->roles as $role) {
    if ($role===$role_to_check) {
    $has_role = true;
    break;
    }
    }

    return $has_role;
    }
    // end of current_user_has_role()

    function get_pages_capabilities() {
    $cap_object = new stdClass();
    $cap_object->capability_type = ‘page’;
    $cap_object->capabilities = array();
    $cap_object->map_meta_cap = true;
    $capabilities = (array) get_post_type_capabilities($cap_object);

    return $capabilities;
    }

    add_filter(‘map_meta_cap’, ‘block_edit_pages’, 10, 4);

    function block_edit_pages($caps, $cap = ”, $user_id = 0, $args = array()) {

    if (is_blog_admin() && !(is_super_admin() || current_user_can(‘administrator’)) && current_user_can(‘franchise’)) {
    return $caps;
    }

    if (substr($cap, 0, 4)==’read’) { // do not block read capabilities
    return $caps;
    }

    $posts_restriction_type = 2; // Prohibit
    $posts_list = array(3,4,5,25,26,27,28,29,30,6,77,79,36,7,81,37,38,39,8,9,10,11,12,13,14,15,16,33,32,35); // comma separated list of pages IDs

    $capabilities = get_pages_capabilities();
    if (!isset($capabilities[$cap])) {
    return $caps;
    }

    if (count($args) > 0) {
    $post_id = $args[0];
    } else {
    $post_id = filter_input(INPUT_GET, ‘post’, FILTER_SANITIZE_NUMBER_INT);
    }
    if (empty($post_id)) {
    return $caps;
    }

    $post = get_post($post_id);
    if (empty($post) || $post->post_type!==’page’) {
    return $caps;
    }

    $do_not_allow = in_array($post_id, $posts_list); // not edit these pages
    if ($posts_restriction_type == 1) {
    $do_not_allow = !$do_not_allow; // not edit other pages
    }
    if ($do_not_allow) {
    $caps[] = ‘do_not_allow’;
    }

    return $caps;
    }
    // end of block_edit_pages()

    30/09/2015 at 04:45 #1723
    Vladimir
    Keymaster

    Code you showed is incomplete and invalid. It lost the begin of restrict_posts_list() function. Please re-check, what you added to the functions.php

    30/09/2015 at 04:51 #1724
    Vladimir
    Keymaster

    I offer you to remove related code from the functions.php file. Take file from this zip
    https://storage.googleapis.com/role-editor/downloads/block-pages-for-role.zip
    replace ‘editor’ with ‘franchise’, input your own pages ID list and place this .php file to
    wp-content/mu-plugins folder. Test that it works.
    Then apply your own enhancements if needed.

    30/09/2015 at 05:25 #1725
    [email protected]
    Participant

    Thank you! Do I have to add a “include(‘block-pages-for-role.php’);” to the functions.php file? to make it work?

    30/09/2015 at 05:39 #1726
    [email protected]
    Participant

    It looks to work with include(‘mu-plugins/block-pages-for-role.php’); added to the functions.pho file.

    Thank you!

    30/09/2015 at 05:48 #1727
    Vladimir
    Keymaster

    Thanks for the feedback.

    Just in case it will be helpful, as a ‘must use’ plugin it should work without any “include” in functions.php and thus, for any theme, just from wp-content/mu-plugins folder:
    https://codex.wordpress.org/Must_Use_Plugins

  • Author
    Posts
Viewing 8 posts - 16 through 23 (of 23 total)
1 2
  • You must be logged in to reply to this topic.