Viewing 15 posts - 1 through 15 (of 23 total)
  • Author
    Posts
  • #3635

    Hello,

    We would like to give a custom role, the ability to assign and remove roles(limited by Other Roles access) for All users. However, we would not like to use the user-edit.php page the way it is right now, with the ability to edit many other things other than just the “Additional Capabilities” > other Roles.

    1) Is it possible, using capabilities and Admin Menu restrictions, to limit the content of the user-edit.php (and users.php) pages, so that this new role only sees the users and ability to assign roles? No ability to edit capabilities/profile color/names etc.. that is available with “edit_users” capability.

    2) Is it possible, to use a ure hook, to implement a page in a custom plugin, to list users and then a drop down, which on submission will update roles?

    How would you solve this requirement?

    Thanks,
    Shweta

    #3636

    3) Use a trimmed down “users.php” where, the only capability they have is to Grant Roles(URE) for users?

    #3637
    Vladimir
    Keymaster

    Hi,
    It’s possible to hide ‘Edit’ link under every user row at users.php and block access to user profile editing adding this code to functions.php of active theme:

    
    add_filter('user_row_actions', 'custom_user_row_actions', 10, 2);
    function custom_user_row_actions($actions, $user) {
        
        if (current_user_can('user-manager')) {
            unset($actions['edit']);
        }
        
        return $actions;
    }
    
    add_action('admin_head', 'custom_block_user_profile', 101);
    function custom_block_user_profile() {
            
        $url = strtolower($_SERVER['REQUEST_URI']);
        if (strpos($url, 'user-edit.php')===false) {
            return;
        }
        if (!current_user_can('user-manager')) {
            return;
        }
        
        $url = admin_url() .'/users.php';
        if (headers_sent()) {
    ?>
    <script>
        document.location.href = '<?php echo $url; ?>';
    </script>    
    <?php
                die;
            } else {
                wp_redirect($url);
            }
    }
    

    So it seems that task was resolved as users.php has a “Grant Roles” button. But I discovered a problem here with your help. Thanks. User without ‘ure_manage_options’ capability can not use “Grant Roles” button. He will get “Not enough permissions” error message on a try to change user’s roles. It’s really wrong.

    So I have to update base version of ‘User Role Editor’ to fix this issue. Let’s wait a next update – about a week.

    #3638
    Vladimir
    Keymaster

    Non-admin user still can use WordPress’s “Change role to”. So if there is no urgent need to grant users multiple role you can use this recipe as it is. In order to grant multiple roles – wait a next update of URE and URE Pro.

    #3639

    Vladimir,

    Thank you so much for your quick response, and suggestion to update the code for this. I will try out this recipe and see how it works. We do require non-admin user, to be able to grant multiple roles.

    Thanks,
    Shweta

    #3641

    Vladimir,

    another thing – With Grant Roles, it seems the list is not limited by the “Other Roles access”, and when user is granted those roles, it overwrites their primary role for the site too.

    Is it possible, to Not allow this ‘user-manager’ to update the primary role, instead just update the “Other Roles” using Grant Roles button on All Users page?

    #3643
    Vladimir
    Keymaster

    Hi Shweta,

    Yes, correct. ‘Grant Roles’ replaces all roles granted to user including a primary role.
    I will look how to achieve this: using custom filter for example or something else.

    #3667

    Thats great. When do you think this could be released?

    Thanks,
    Shweta

    #3669
    Vladimir
    Keymaster

    Hi Shweta,

    I work on the update. “Grant Roles” window will have 2 parts: Primary role and Other roles.
    Custom filter will allow to hide “Primary role” section.

    I suppose to publish the update next week.

    #3684

    That’s great.. Let us know when you are ready!

    -Shweta

    #3725

    Vladimir,

    Any ETA on the update? We have a critical implementation for a site, pending your update.

    Thanks for working on this.

    -Shweta

    #3726
    Vladimir
    Keymaster

    Hi Shweta,

    It’s almost ready, but needs some additional testing before publishing. Can you test the updated version 1st at a stage environment?

    #3731
    Vladimir
    Keymaster

    Beta 2 of version 4.34.2 is available after login from download page.

    Related changes:

    • Update: Core version: “Users->Grant Roles” button worked only for superadmin or user with ‘ure_manage_options’ capability. User with ‘edit_users’ can use this feature now.
    • New: Core version: Boolean filter ‘ure_users_select_primary_role’ can hide ‘Primary role’ selection controls from the user profile edit page. Boolean filter ‘ure_users_show_wp_change_role’ can hide “Change Role” bulk action selection control from the Users page. So it’s possible to configure permissions for user who can change just other roles of a user without changing his primary role.

    Custom filter samples:

    
    add_filter('ure_users_select_primary_role', 'ure_users_select_primary_role');
    function ure_users_select_primary_role($show) {
        $show = false;
        
        return $show;
    }
    
    add_filter('ure_users_show_wp_change_role', 'ure_show_wp_change_role');
    function ure_show_wp_change_role($show) {
        $show = false;
        
        return $show;
    }
    
    #3732

    Thanks! I will try it in our stage env and provide feedback.

    #3733
    freeaanzee
    Participant

    Hi,

    Just a quick related question:

    Update: Core version: “Users->Grant Roles” button worked only for superadmin or user with ‘ure_manage_options’ capability. User with ‘edit_users’ can use this feature now.

    I noticed this issue, good to see it will be resolved! However, would it be possible to hide the “Grant Roles” button if the user has no rights to use it, to keep things clean and simple?

    I have a custom role with none of the capabilities mentioned above, but still they see the button … As far as I can tell from the 4.34.1 code there is no limitation on show_grant_roles_html().

    Greetings,

    Frederik

Viewing 15 posts - 1 through 15 (of 23 total)
  • You must be logged in to reply to this topic.