I have the following 3 different Roles: Admin, Editor, and SEO. I have installed WordPress SEO by Yoast, and I want to get this:
- I don’t want the editors to see the SEO options, because they only write posts and don’t know about SEO. There is a person with the
SEO role, who will do the optimization.
- I don’t want the SEO person to see other plugins options. I just want to have the same capabilities that Editors, but with the SEO functions enabled.
I have been trying with some snippets from this site, and I am able to hide the meta box to the Editors, but not the little ‘rating box’ over the Publish button.
Also I don’t know how to deal with the second point, because all the plugins uses the same manage_options capability, so I can’t assign that capability to the SEO role. And I don’t know how to change the capability needed without modifying the plugin files (what will be lost on plugin update).
Thanks in advance.
Maybe this isn’t the best method because it does give an editor access to Settings and Options, but what this does is gives the a specific editor (based on user ID) the permissions to edit options. We then test if we’re loading one of the options template, if we are AND the user id is the same id we’ve given permissions to, kill the process and spit out a message.
1) So first thing’s first, create your SEO user and assign him an Editor role.
2) Next we need to give this user the ability to manage_options. You can find this by editing the user and looking at the URL, it should be one of the last parameters in the URL.
/** Give our SEO Guy Permissions **/
function give_seo_yoastToast() {
$user = new WP_User( $seo_user_id );
$user->add_cap( 'manage_options');
}
add_action( 'admin_init', 'give_seo_yoastToast');
3) Now we need to make sure all our SEO dudeski can’t access any of the critical options. To my knowledge, the pages below are the only way this user can edit crucial information. IF they do view these pages, we kill it and spit out a message, feel free to change the message.
/** Remove Access to Certain Pages **/
add_action( 'load-options-general.php', 'prevent_seoguy_access' );
add_action( 'load-options-writing.php', 'prevent_seoguy_access' );
add_action( 'load-options-reading.php', 'prevent_seoguy_access' );
add_action( 'load-options-discussion.php', 'prevent_seoguy_access' );
add_action( 'load-options-media.php', 'prevent_seoguy_access' );
add_action( 'load-options-permalink.php', 'prevent_seoguy_access' );
add_action( 'load-options.php', 'prevent_seoguy_access' );
function prevent_seoguy_access(){
$currID = is_user_logged_in() ? get_current_user_id() : 0;
if($currID == $seo_user_id ){
wp_die("There was a hole here once, it's gone now.");
exit();
}
}
4) Right now, he can view the pages in the menu but when he access them he sees the message above. Just as an extra step, let’s actually remove this page from our menu. Please note that if you do remove the menu page without the above function, a savvy user could go to any of the option pages directly via URL.
/** Remove Settings Menu Page from SEO Guy **/
function seo_guy_menu() {
if(!current_user_can('administrator')){
remove_menu_page('options-general.php');
}
}
add_action('admin_menu', 'seo_guy_menu');
5) And you’re done!
Unfortunately as you pointed out in your question, Yoast doesn’t look like it has a capability to give a user specific permission to all the SEO stuff without giving them unnecessary extra permissions as well which kind of sucks. And on another sidenote you could instead of going with a static $seo_user_id make a SEO Role instead, give that role editor permissions along with the above. That’s a bit more work (not too much though) but if you only have 1 guy doing your SEO forever then the above method is fine I guess.
