Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Simple WordPress plugin that allow administrators to revoke access to profile to some users. Wrote to anwer a question on WPSE: http://wordpress.stackexchange.com/q/141743/35541
<?php
/**
* Plugin Name: Revoke Profile Access
* Description: Allow administrators to revoke access to profile to some users
* Plugin URI: http://wordpress.stackexchange.com/q/141743/
* Author: G. M.
* Author URI: http://wordpress.stackexchange.com/users/35541/g-m
* License: GPLv2
*
*/
/*
Copyright (C) 2014 Giuseppe Mazzapica
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
add_action( 'personal_options', 'rpa_profile_ban_field' );
add_action( 'edit_user_profile_update', 'rpa_profile_ban_field_save' );
add_action( 'admin_menu', 'rpa_profile_menu_remove' );
add_action( 'wp_before_admin_bar_render', 'rpa_profile_adminbar_remove' );
add_action( 'load-profile.php', 'rpa_profile_banned_check' );
add_action( 'load-index.php', 'rpa_profile_banned_msg' );
add_action( 'all_admin_notices', 'rpa_profile_banned_msg' );
function rpa_profile_ban_field( \WP_User $user ) {
$current = wp_get_current_user();
if ( ! is_admin() || $user->ID === $current->ID ) return;
if ( ! user_can( $current, 'edit_users' ) ) return;
$target = new WP_User( $user->ID );
if ( $target->exists() && ! user_can( $target, 'edit_users' ) ) {
$banned = (int) get_user_meta( $user->ID, '_profile_banned', TRUE );
?>
<table class="form-table"><tbody><tr>
<th scope="row">Profile Ban</th><td>
<input<?php checked( 1, $banned ); ?> name="_profile_banned" value="1" type="checkbox">
Ban user to enter profile?
</td></tr></tbody></table>
<?php
}
}
function rpa_profile_ban_field_save( $userid ) {
$current = wp_get_current_user();
if ( ! is_admin() || $user->ID === $current->ID ) return;
if ( ! user_can( $current, 'edit_users' ) ) return;
$target = new WP_User( $userid );
if ( ! $target->exists() || user_can( $target, 'edit_users' ) ) return;
$ban = filter_input( INPUT_POST, '_profile_banned', FILTER_SANITIZE_NUMBER_INT );
if ( (int) $ban > 0 ) {
update_user_meta( $userid, '_profile_banned', 1 );
} elseif ( get_user_meta( $userid, '_profile_banned', TRUE ) ) {
delete_user_meta( $userid, '_profile_banned' );
}
}
function rpa_profile_menu_remove(){
$remove = get_user_meta( get_current_user_id(), '_profile_banned', TRUE );
if ( ! current_user_can( 'edit_users' ) && (int) $remove > 0 ) {
remove_menu_page( 'profile.php' );
}
}
function rpa_profile_adminbar_remove() {
$remove = get_user_meta( get_current_user_id(), '_profile_banned', TRUE );
if ( (int) $remove !== 1 || current_user_can( 'edit_users' ) ) return;
global $wp_admin_bar;
$account = (array) $wp_admin_bar->get_node('my-account');
$info = (array) $wp_admin_bar->get_node('user-info');
$logout = (array) $wp_admin_bar->get_node('logout');
$account['href'] = $info['href'] = '#';
$wp_admin_bar->remove_node('my-account');
$wp_admin_bar->remove_node('user-info');
$wp_admin_bar->remove_node('edit-profile');
$wp_admin_bar->remove_node('logout');
$wp_admin_bar->add_node($account);
$wp_admin_bar->add_node($info);
$wp_admin_bar->add_node($logout);
}
function rpa_profile_banned_check() {
$remove = get_user_meta( get_current_user_id(), '_profile_banned', TRUE );
if ( (int) $remove === 1 && ! current_user_can( 'edit_users' ) ) {
wp_redirect( add_query_arg( array( 'pbanned' => 1), admin_url('index.php') ) );
exit();
}
}
function rpa_profile_banned_msg() {
if ( current_user_can( 'edit_users' ) ) return;
static $show = false;
if ( current_filter() === 'load-index.php' ) {
$msg = (int) filter_input( INPUT_GET, 'pbanned', FILTER_SANITIZE_NUMBER_INT);
$banned = (int) get_user_meta( get_current_user_id(), '_profile_banned', TRUE );
$show = ( $msg === $banned && $banned === 1 );
} elseif ( current_filter() === 'all_admin_notices' && $show ) {
echo '<div class="error"><p>Sorry, you are not allowed to edit your profile.</p></div>';
}
}
@prepu

This comment has been minimized.

Copy link

prepu commented Apr 21, 2014

Thank you very much G.M.! It was a great and perfect solution. I am using the Woocommerce plugin and I still have the problem of profile editing in the "my account" page.

Could you add something to the plugin to remove the "edit" link? I don't mind that the user can read his profile but don't allow to edit it.

Thanks again!

@davidlrothman

This comment has been minimized.

Copy link

davidlrothman commented Sep 25, 2014

Apologies if this is a silly question, but where would this code go?

@davidlrothman

This comment has been minimized.

Copy link

davidlrothman commented Sep 25, 2014

Gah. It WAS a silly question. Installed as plugin. Many thanks and apologies.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.