Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
[WordPress] Prevents the creation of full Administrators by client accounts
<?php
/**
* Prevents the creation of full Administrators by client accounts
* Forked from JPB_User_Caps (unable to locate origin)
*
* @return void
* @author Jonathan Christopher
*/
if( is_admin() )
{
class ITI_Cap_Limiter {
function ITI_Cap_Limiter()
{
add_filter( 'editable_roles', array( &$this, 'editable_roles' ) );
add_filter( 'map_meta_cap', array( &$this, 'map_meta_cap' ), 10, 4 );
}
// Remove 'Administrator' from the list of roles if the current user is not an admin
function editable_roles( $roles )
{
if( isset( $roles['administrator'] ) && !current_user_can( 'administrator' ) )
{
unset( $roles['administrator']);
}
return $roles;
}
// If someone is trying to edit or delete and admin and that user isn't an admin, don't allow it
function map_meta_cap( $caps, $cap, $user_id, $args )
{
switch( $cap )
{
case 'edit_user':
case 'remove_user':
case 'promote_user':
if( isset( $args[0] ) && $args[0] == $user_id )
break;
elseif( !isset( $args[0] ) )
$caps[] = 'do_not_allow';
$other = new WP_User( absint($args[0]) );
if( $other->has_cap( 'administrator' ) )
{
if( !current_user_can( 'administrator' ) )
{
$caps[] = 'do_not_allow';
}
}
break;
case 'delete_user':
case 'delete_users':
if( !isset( $args[0] ) )
break;
$other = new WP_User( absint( $args[0] ) );
if( $other->has_cap( 'administrator' ) )
{
if( !current_user_can( 'administrator' ) )
{
$caps[] = 'do_not_allow';
}
}
break;
default:
break;
}
return $caps;
}
}
$iti_user_caps = new ITI_Cap_Limiter();
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment