Solved

Adding Wordpress Capabilities to User Roles

Posted on 2011-02-17
13
1,574 Views
Last Modified: 2012-05-11
Hi there,

I am using a plugin called Capability Manager on a site that uses Wordpress as a CMS. I was asked to add a user to the site in order to allow them to add new events using an Event Calendar plugin (its a customized version of this plugin). However, when looking through the capabilities that the Capability Manager plugin I have installed has available, there appears to be no options dealing with adding or editing events.

I created a test user and played around with the settings and the only way that I was able to allow a user to add or edit events is to give them a user-level of 10 (which is the same as my admin level). By giving them a level of 10 though, it gives the user access to things that I don't want them to have access to.

So I guess my question is one of two things:

1

Does anyone know how I can change the Events plugin so you don't need a user-level of 10 to add or edit events?
or

2

Does anyone have any idea how I can add "Events" to the list of capabilities using the Capability Manager plugin?

Any help would be greatly appreciated. Thanks.

 Screenshot of the list of capabilities available.
0
Comment
Question by:Adam
  • 5
  • 5
  • 3
13 Comments
 
LVL 23

Expert Comment

by:jeremyjared74
ID: 34923046
Before hacking the plug-in to change the user rights you might want to check out the ROLE SCOPER PLUG-IN
It has better control over your users.

Another option would be to use the My Calendar Plug-in, which also allows "non admin" users to add events.

If you are set on using what you have, let me know and I will try to work through the plug-in's code to change the user roles.
0
 
LVL 2

Assisted Solution

by:crazy_expert
crazy_expert earned 50 total points
ID: 34924547
"Does anyone know how I can change the Events plugin so you don't need a user-level of 10 to add or edit events?"
Ans: In the option page of that plugin that means:
http://www.yourdomain.com/wp-admin/admin.php?page=events-calendar-options
Find there is an option: Access Level       
Set your desired access level there.   Check here
0
 
LVL 1

Author Comment

by:Adam
ID: 34925326
Thanks for the reply guys.

jeremyjared74:
Thanks for the suggestion but yes, I was hoping to stay with the plugins I have. In particular, the Events Calendar plugin is a "custom" version of an existing plugin so going with something new would mean much more work.

Out of curiosity then, do you know how I would add a capability to a plugin if I were to take that route?

crazy_expert:

Thanks very much for your reply. This actually solved my problem which is great! As mentioned above, the Events Calendar plugin has been customized and I think the person I got to do it somehow hide the options from the admin panel (strange...). Anyway, I will be giving you some of the points for this question but I am still kind of hoping to find out how I can add a capability to a plugin. I used the Events plugin as an example but I actually have a few other custom plugins that I'm having the same problem with.
0
 
LVL 23

Expert Comment

by:jeremyjared74
ID: 34925369
If you think the person who altered the plug-in hid the files, there is only one way to do that. If the plug-in settings aren't showing up in the Admin panel eg; Plug-ins>Edit, then they are being called to with an @<link rel="some_location... for example. That means the plug-in files can be accessed through your FTP files. You can edit the plug-in settings assuming you have FTP access. If you do, try looking at the files to find a reference to admin. You can use a text editor like Notepad++ to open the files and do a multi-file search. I don't really have any other solutions without being able to see the code. Sorry I wasn't able to help on this one.
0
 
LVL 2

Expert Comment

by:crazy_expert
ID: 34925535
Hi,
The version I have is 6.7.8. For me its in the line 198 to 201 of events-calendar.php
function EventsCalendarManagementINIT() {
	$options = get_option('optionsEventsCalendar');
	$EC_userLevel = isset($options['accessLevel']) && !empty($options['accessLevel']) ? $options['accessLevel'] : 'level_10';
	$management = new EC_Management();

Open in new window

if you want you can set/hardcode the $EC_userLevel varibale to

$EC_userLevel =  'level_1';

Open in new window


Best of luck. :)
0
 
LVL 1

Author Comment

by:Adam
ID: 34925701
Thanks again for the suggestions guys. You've been very helpful.

jeremyjared74:

I do have access to the files so I'll go through the code to see if I can find a reference to "admin" in the code. My concern is that the other plugin I'm having trouble with was custom built (I believe from scratch) so I'm not even sure if the developer considered adding capabilities depending on user-level to the plugin. Anyway, I'll take a look.

crazy_expert:

As mentioned above, the plugin I'm actually having the capabilities trouble with isn't the Events Calendar plugin. Its a plugin for creating charts and graphs. I'm going to look through the code to see if there is anything I can do to fix it. But if I'm still having trouble, I'll upload the plugin if you wouldn't mind taking a look.

Thanks again.
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 1

Author Comment

by:Adam
ID: 34940135
Hey guys,

Sorry for the slight delay. So I took a look at the plugin code and couldn't really find anything related to "admin", "capabilities", or "roles" (not sure if its just not included or if I'm overlooking something). If the offer is still there, would one of you mind taking a quick peek at the code (its not a super complex plugin). If you don't mind, I would rather send it to you privately as it was a custom plugin developed for me.

Let me know. Thanks very much.
0
 
LVL 23

Accepted Solution

by:
jeremyjared74 earned 450 total points
ID: 34940198
Sure, just click on my Avatar to go to my author page. From there you can click the "hire me" button to send an e-mail.
0
 
LVL 2

Expert Comment

by:crazy_expert
ID: 34940757
you can also upload the plugin here.
0
 
LVL 1

Author Comment

by:Adam
ID: 34942808
I would be willing to post it here but wouldn't that mean the files would available to the public?
0
 
LVL 1

Author Closing Comment

by:Adam
ID: 35058284
Thanks guys for your help. Much appreciated.
0
 
LVL 23

Expert Comment

by:jeremyjared74
ID: 35058353
furio13:

Did you get it to work?
0
 
LVL 23

Expert Comment

by:jeremyjared74
ID: 35063737
For anyone that may need a similar solution, here is what we ended up doing:

You can disable specific user access to specified Admin Menu items by disabling them for the role of the user.


See below for how:
The instructions are commented inside the code:
 
<?php
//The entire list of removable items can be found inside wp-admin>menu.php, starting at about line 160. Just replace or add to the current list and place it inside your functions.PHP file. I have added beginning and ending PHP tags, so if your theme has a closing php tag at the end of the functions.php, you can just place this at the very end of that file. You can then give the user the edit files Role Capability and then restrict specific items by adding (adjusting) this code:
function remove_admin_menu_items()
{
global $menu, $submenu;
 
 
if( !current_user_can('level_10') ) // insert the use number of the role you want to restrict here
{
//removes complete menu and sub-menu
unset($menu[15]); // links
unset($menu[25]); // comments
unset($menu[60]); // appearance
unset($menu[75]); // tools
 
//removes specific menu items
unset($submenu['options-general.php'][15]); // writing options tab
unset($submenu['options-general.php'][40]); // permalink
unset($submenu['plugins.php'][5]); // the plug-ins menu
unset($submenu['users.php'][10]); // remove add users
}
}
add_action( '_admin_menu', 'remove_admin_menu_items' );
?>

Open in new window


And here is a list of roles allowed by WordPress:
•      Subscriber : level_0
•      Contributor: level_1
•      Author: level_2
•      Editor: level_3 – level_7
•      Administrator: level_8 – level_10
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

"In order to have an organized way for empathy mapping, we rely on a psychological model and trying to model it in a simple way, so we will split the board to three section for each persona and a scenario and try to see what those personas would Do,…
Boost your ability to deliver ambitious and competitive web apps by choosing the right JavaScript framework to best suit your project’s needs.
The purpose of this video is to demonstrate how to Import and export files in WordPress. This will be demonstrated using a Windows 8 PC. Go to your WordPress login page. This will look like the following: mywebsite.com/wp-login.php : Click on Too…
The purpose of this video is to demonstrate how to prevent comment spam on a WordPress Website. This will be demonstrated using a Windows 8 PC. Plugin Akismet will be used. Go to your WordPress login page. This will look like the following: myw…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now