Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
WordPress: [concept] Protect users in one role from users in another
<?php
//Plugin Name: [concept] Protect users in one role from users in another
//Description: Users in custom faux-admin role 'site administrator' cannot modify default admins
add_filter( 'map_meta_cap', 'prevent_edit_of_primary_user', 10, 4 );
function prevent_edit_of_primary_user( $caps, $cap, $user_id, $args ) {
if ( ! is_user_logged_in() ) return $caps;
//if current user is admin
if ( in_array( 'site_administrator', get_userdata( $user_id )->roles ) ) {
//$args has user ids the cap is checked against
foreach ($args as $id ) {
//see if cap is being check against an administrator
$is_administrator = in_array( 'administrator', get_userdata( $id )->roles ) ? true : false;
//disallow certain caps when used on admins
if ( 'edit_user' == $cap && $is_administrator )
return false;
if ( 'delete_users' == $cap && $is_administrator )
return false;
}
}
return $caps;
}
//create our faux-admin
add_action('init', function() {
$member = add_role( 'site_administrator','Site Adminstrator',
array(
'add_users' => true,
'create_users' => true,
'edit_users' => true,
'edit_user' => true,
'delete_users' => true,
'list_users' => true,
'edit_posts' => true,
'publish_posts' => true,
'delete_posts' => true,
'read' => true,
)
);
});
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment