CODEWITHSUNDEEP
phpwordpressfunctionuser-roleswordpress-capabilities
Chris McConney
Chris McConney

Reputation: 49

Custom capabilities for user role on Wordpress

This may be slightly confusing but I will do my best to explain.

I am trying to create a capability that would allow a user to add users to our site. They would be able to view and delete these users as well, however for data security I would not want them to be able to view all other users on the site only the users they have created.

It is for an online learning company, we are trying to provide access for 'Tutors' to add and remove their own 'students', whilst not seeing all other users on the site. We have other roles that would need to remain unaffected, like subscribers and admin.

I have created two new roles. Tutors and student. The issue I am having is that the users created by the 'Tutors' are not being shown in the list of users. It is completely empty, not showing any users at all.

// Add a custom user role

$result = add_role( 'tutors', __(
'Tutors' ),
    array(
       'edit_users' => true,
       'create_users' => true,
       'delete_users' => true,
       'list_users' => true,
       'read' => true,
       'edit_posts' => true, 
       'edit_pages' => true, 
       'edit_others_posts' => true, 
       'create_posts' => true, 
       'manage_categories' => true, 
       'publish_posts' => true, 
       'edit_themes' => false, 
       'install_plugins' => false, 
       'update_plugin' => false, 
       'update_core' => false, 
)
                  );
                  
$result1 = add_role( 'student', __('Student'),  
    array(
        'edit_users' => false,
        'create_users' => false,
        'delete_users' => false,
        'read' => true,
        'edit_posts' => false,
        'edit_pages' => false,
        'edit_others_posts' => false,
        'create_posts' => false,
        'manage_categories' => false,
        'publish_posts' => false,
        'edit_themes' => false,
        'install_plugins' => false,
        'update_plugin' => false,
        'update_core' => false
    )
);

/**
 * Admin New Tutor Function
 * @var int $user_id
 * @return void
 */
function student_register( $user_id ) {
    if( ! is_admin() ) {
        return;
    }

    // Grab the current user
    $current_user = wp_get_current_user();

    // IF the current user ID isn't 0 and our current user is a 'tutors' role
    if( $current_user->ID && in_array( 'tutors', $current_user->roles ) ) {

        // Update the new user with a 'parent' usermeta value of the current 'tutors'
        update_user_meta( $user_id, '_user_parent', $current_user->ID );
    }
}
add_action( 'user_register', 'student_register' );

/**
 * Pre Get Users filter
 * @var WP_Query Object $query
 * @return void
 */
function theme_pgu( $query ) {
    if( ! is_admin() ) {
        return;
    }

    // Grab our current user
    $current_user = wp_get_current_user();

    // IF our user ID is not 0 and our current user has a role of 'tutors'
    if( $current_user->ID && in_array( 'tutors', $current_user->roles ) ) {

        // Set the query to only return student roles
        $query->set( 'role', 'student' );

        // Which has a usermeta key '_user_parent' set
        $query->set( 'meta_key', '_user_parent' );

        // and has a usermeta value of the current tutor user
        $query->set( 'meta_value', $current_user->ID );
    }
}
add_action( 'pre_get_users', 'theme_pgu' );

/**
 * Selectable roles on the new user and user edit screen
 * @var Multi-dimensional Array $roles
 * @return Array $roles
 */
function client_sel_roles( $roles ) {
    // Grab our current user
    $current_user = wp_get_current_user();

    if( in_array( 'tutors', $current_user->roles ) ) {
        $roles = array( 'student' => $roles['student'] );
    }

    return $roles;
}
add_filter( 'editable_roles', 'client_sel_roles' );

/**
 * All Users screen filterable views
 * @var Array $views
 * @return Array $views
 */
function client_user_views( $views ) {
    // Grab our current user
    $current_user = wp_get_current_user();

    if( in_array( 'tutors', $current_user->roles ) ) {
        if( isset( $views['student'] ) ) {
            $views = array( 'student' => $views['student'] );
        } else {
            $views = array();
        }
    }

    return $views;
}
add_filter( 'views_users', 'client_user_views' );

/**
 * Stop clients from changing the URL to get to other profiles
 * @var WP_Screen Object $screen
 * @return void
 */
function edit_students_only( $screen ) {

    // Check if we're on the correct screen
    if( 'user-edit' === $screen->base ) {

        // Ensure our desired user ID is set
        if( isset( $_GET['user_id'] ) && is_numeric( $_GET['user_id'] ) ) {
            $user_id        = absint( $_GET['user_id'] );
            $current_user   = wp_get_current_user();
            $parent         = get_user_meta( $user_id, '_user_parent', true );

            // Ensure that we're viewing a profile that is not our own
            if( $current_user->ID && in_array( 'tutors', $current_user->roles ) && $user_id !== $current_user->ID && $parent !== $current_user->ID ) {

                // We're viewing an incorrect profile - redirect to clients own profile
                wp_redirect( admin_url( "user-edit.php?user_id={$current_user->ID}" ) );
            }
        }
    }
}
add_action( 'current_screen', 'edit_students_only' );

Upvotes: 1

Views: 1061

Answers (0)

Related Questions