admin管理员组文章数量:1193808
So I'm attempting to block out all post edits for all users except admins, so I have the following setup:
add_filter('post_row_actions', [self::class, 'remove_edit_permissions'], 10, 2);
public static function remove_edit_permissions(array $actions = []): array
{
$user = User::init();
if (is_null($user)) {
return [];
}
if (!$user->role()->has_capability('manage_options')) {
if (isset($actions['inline hide-if-no-js'])) {
unset($actions['inline hide-if-no-js']);
}
if (isset($actions['edit'])) {
unset($actions['edit']);
}
}
return $actions;
}
This works great, it blocks out the "Quick Edit" and "Edit" buttons in the Admin Post UI such as below:
Problem:
Users are still able to access the edit url and make changes such as this: .php?post=10690&action=edit
Is there a way to restrict link editing also?
Is there a much better solutions on editing prevention using some sort of hook or filter?
All help will be appreciated!
So I'm attempting to block out all post edits for all users except admins, so I have the following setup:
add_filter('post_row_actions', [self::class, 'remove_edit_permissions'], 10, 2);
public static function remove_edit_permissions(array $actions = []): array
{
$user = User::init();
if (is_null($user)) {
return [];
}
if (!$user->role()->has_capability('manage_options')) {
if (isset($actions['inline hide-if-no-js'])) {
unset($actions['inline hide-if-no-js']);
}
if (isset($actions['edit'])) {
unset($actions['edit']);
}
}
return $actions;
}
This works great, it blocks out the "Quick Edit" and "Edit" buttons in the Admin Post UI such as below:
Problem:
Users are still able to access the edit url and make changes such as this: https://example.com/wp-admin/post.php?post=10690&action=edit
Is there a way to restrict link editing also?
Is there a much better solutions on editing prevention using some sort of hook or filter?
All help will be appreciated!
Share Improve this question asked Jul 25, 2022 at 0:33 theMaptheMap 251 silver badge4 bronze badges1 Answer
Reset to default 1You can take away users' capabilities with a plugin like User Role Editor, or programmatically. What you'll need to do is collect a list of all your post types that appear in the Editor (Core has Post and Page; plugins and themes may add more) and then remove properties with a plugin.
For example, you can prevent Editors from being able to edit Posts with the following code:
<?php
/**
* Plugin Name: Lock down Posts
*/
add_action( 'admin_init', 'wpse_407959_restrict_caps' );
function wpse_407959_restrict_caps() {
$role = get_role('editor');
$role->remove_cap( 'create_posts' );
$role->remove_cap( 'edit_posts' );
$role->remove_cap( 'edit_published_posts' );
$role->remove_cap( 'delete_posts' );
$role->remove_cap( 'delete_published_posts' );
$role->remove_cap( 'publish_posts' );
}
Check your own site to determine all the Roles you need to update, and also check each post type's capabilities list. Some custom post types use default capabilities (i.e. removing edit_posts may prevent them from editing your CPT as well) but others map their own custom capabilities you'll also need to remove.
本文标签: capabilitiesPrevent all users from editing posts except admins using hooks
版权声明:本文标题:capabilities - Prevent all users from editing posts except admins using hooks 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1738488714a2089579.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论