WP Provider Role Restrictions

November 18, 2024 ยท AI Conversations

User
we have user role provider and want to allow only add/edit their posts and update their profile in wp-admin
Assistant
To achieve this, you can customize the capabilities for your custom user role (`provider`) in WordPress. Here's how you can allow users with the `provider` role to only add/edit their own posts and update their profile within the WordPress admin panel.

### Step 1: Add Custom Capabilities to the `provider` Role
You can use the `add_role` and `add_cap` functions to grant specific capabilities to your custom role. If the role is already created, you'll just need to add or adjust capabilities.

Add the following code to your theme's `functions.php` file or a custom plugin:

function customize_provider_role_capabilities() {
    // Get the role
    $role = get_role('provider');

    // If the role exists, update capabilities
    if ($role) {
        // Allow the provider to read and manage their profile
        $role->add_cap('read');
        $role->add_cap('edit_posts');
        $role->add_cap('edit_published_posts');
        $role->add_cap('upload_files');

        // Allow the provider to edit their own posts only
        $role->add_cap('edit_own_posts');
        $role->remove_cap('edit_others_posts');
        $role->remove_cap('delete_posts');
        $role->remove_cap('delete_others_posts');
        $role->remove_cap('delete_published_posts');
    }
}
add_action('init', 'customize_provider_role_capabilities');

### Step 2: Restrict Access to Their Own Posts Only
To ensure that users with the `provider` role can only see and edit their own posts in the WordPress admin, you can use the `pre_get_posts` action:

function restrict_provider_posts_to_own($query) {
    if (!is_admin() || !$query->is_main_query()) {
        return;
    }

    $current_user = wp_get_current_user();

    // Check if the current user is a 'provider' and not an administrator
    if (in_array('provider', $current_user->roles)) {
        $query->set('author', $current_user->ID);
    }
}
add_action('pre_get_posts', 'restrict_provider_posts_to_own');

### Step 3: Allow Access to User Profile Only
To ensure that the `provider` role users can only access and update their profile, you can use the `admin_menu` and `current_user_can` functions:

function restrict_provider_admin_access() {
    if (current_user_can('provider')) {
        // Remove access to other admin menu items except profile
        remove_menu_page('edit.php'); // Posts
        remove_menu_page('upload.php'); // Media
        remove_menu_page('edit-comments.php'); // Comments
        remove_menu_page('edit.php?post_type=page'); // Pages
        remove_menu_page('tools.php'); // Tools

        // Redirect to the profile page
        global $pagenow;
        if ($pagenow == 'index.php' || $pagenow == 'edit.php' || $pagenow == 'upload.php') {
            wp_redirect(admin_url('profile.php'));
            exit;
        }
    }
}
add_action('admin_init', 'restrict_provider_admin_access');

### Step 4: Test the Changes
– Log in as a user with the `provider` role.
– Ensure they can only see their own posts and their profile.
– Confirm they cannot access other admin sections or posts by other users.

This setup should restrict users with the `provider` role to only add/edit their own posts and update their profile within the WordPress admin dashboard.

Leave a Comment

Your email address will not be published. Required fields are marked *