I am trying to give more permissions to the editor role by giving it access to create user accounts. See the code below. But I would like to prevent it from creating or editing existing users with the role of administrator.
function add_theme_caps() {
$role = get_role('editor');
$role->add_cap( 'edit_theme_options' );
$role->add_cap('list_users');
$role->add_cap('create_users');
$role->add_cap('delete_users');
$role->add_cap('edit_users');
}
add_action( 'admin_init', 'add_theme_caps');
Things I am trying to achieve.
- The list_users option lists all the users. I would like to list only the non-admin users.
- I want to limit this role from creating new user accounts with the role of administrator and also prevent it from change the role of any existing users to an administrator.
Imho that’s one of the most important things regarding users:
/**
* Deny access to 'administrator' for other roles
* Else anyone, with the edit_users capability, can edit others
* to be administrators - even if they are only editors or authors
*
* @since 0.1
* @param (array) $all_roles
* @return (array) $all_roles
*/
function deny_change_to_admin( $all_roles )
{
if ( ! current_user_can('administrator') )
unset( $all_roles['administrator'] );
if (
! current_user_can('administrator')
OR ! current_user_can('editor')
)
unset( $all_roles['editor'] );
if (
! current_user_can('administrator')
OR ! current_user_can('editor')
OR ! current_user_can('author')
)
unset( $all_roles['author'] );
return $all_roles;
}
function deny_rolechange()
{
add_filter( 'editable_roles', 'deny_change_to_admin' );
}
add_action( 'after_setup_theme', 'deny_rolechange' );
