Change WordPress user roles and capabilities › Forums › Restrict or Permit access inside WordPress – how to › Enabling a non-Administrator role to view and promote users up to its own role
03/04/2019 at 21:18 #5622
I am needing to create a non-Administrator role which can view, promote and un-promote users to roles up to and including its own role, but not roles above it. What I’m finding when I enable the promote-users option is that the role can view and promote users in any role under its own, but cannot see users at the same level, and gets an error message when it promotes a user to its own level.
As an example, suppose I have the following roles:
If I grant the list_users and promote_users options to the Gold role, a user given the Gold role can see all users in the user list who have the Silver role and below, but cannot see any Gold users in the Users list other than itself, even though the role filter at the top of the page shows that there other Gold users.
(Users who have the Administrator role do not appear in the user list, nor is there an Administrator filter option at the top of the page. This behavior is as expected and desired.)
The Gold user can promote another user to any role up to Silver without any problem. However, if the user tries to promote another user to Gold, the following message is displayed:
Sorry, you are not allowed to edit this user.
Despite this message, though, the Gold role is indeed given to the other user, and they then disappear from the Gold user’s user list.
Lastly, because Gold users cannot see each other in the user list, there is no way for a Gold user to un-promote another Gold user to Silver or below. Basically, only a user with the Administrator role can view or un-promote Gold users to lower levels.
Is there a way of configuring the Gold role to allow a Gold user to be able to view other Gold users in the user list, to promote another user to Gold without getting an error message, and to un-promote other Gold users to lower levels?05/04/2019 at 13:22 #5624
Generally, WordPress roles does not have any built-in (higher/lower) hierarchy.
Were those ‘gold’, ‘silver’, ‘bronze’ added by you or by some membership plugin? If other plugin is involved, it may add own permissions restrictions. To check this assumption, deactivate that plugin and try to promote gold user by gold user again.
Let me know the result of your testing.05/04/2019 at 20:27 #5625
The gold, silver, and bronze roles are ones I created, not created by a plugin.
By higher and lower, what I was referring to is one role having more capabilities assigned to it than another role, just like how the Administrator role has more capabilities than the Editor role, which has more capabilities than the Contributor role, etc. Thus in the example, the Gold role has fewer capabilities than the Administrator role, but more capabilities than the Silver role.
A user assigned a role that has the list_users & promote_users capabilities can see and promote users assigned a role which has fewer capabilities, but cannot see users assigned the same role or users assigned a role with more capabilities.
I hope that helps what I’m saying make more sense. Thank you for your help!09/04/2019 at 13:39 #5626
My test showed that WordPress itself does not limit access of user with list_users and promote_users capabilities in the role to any other role (‘Administrator’ role is hidden from such user by User Role Editor).
Look at this short video.
So I still suppose that some code (external for WordPress) is involved (plugin or theme).
Did you try to deactivate all plugins temporally. Will be access of user promoter to other roles limited in the same manner?09/04/2019 at 19:54 #5627
I figured out what was causing my problem. You mentioned that the Administrator role is hidden from other non-admin users with the list_users and promote_users capabilities in their role.
Apparently, any role whose name contains the word ‘Administrator’ in it is hidden along with the Administrator role.
Like I mentioned, I was using the terms Gold and Silver only for purpose of example. In my sites, the custom role I’d created which has been giving me all the trouble is called Limited Administrator. When I created a new role with the same capabilities but whose name didn’t have the word ‘Administrator’ in it and assigned it to a user, it functioned correctly. This was also confirmed when I realized that another role, named Events Administrator, on one of my sites was hidden along with the Limited Administrator role.
I should be able to proceed from here as long as I don’t create any more roles with the word ‘Administrator’ in their name.
Thank you! I appreciate your time in helping me figure this out.
You must be logged in to reply to this topic.