自定义角色允许它不应该是的东西

时间:2016-11-14 作者:Taylor Foster

我正在为客户创建这个角色“杂货店”,但它基本上只需要能够编辑页面和上传媒体。出于某种原因,我的代码仍然允许“杂货店”角色删除帖子和创建页面,并做一些我不希望这个角色能够做的事情。这是我的代码,我不明白为什么它不工作。它添加了角色并允许我在此角色下创建用户,但它再次允许了错误的操作。

// Give capabilities
$capabilities_grocery = array(
  \'activate_plugins\' => false,
  \'delete_others_pages\' => false,
  \'delete_others_posts\' => false,
  \'delete_pages\' => false,
  \'delete_posts\' => false,
  \'delete_private_pages\' => false,
  \'delete_private_posts\' => false,
  \'delete_published_pages\' => false,
  \'delete_published_posts\' => false,
  \'edit_dashboard\' => false,
  \'edit_others_pages\' => true,
  \'edit_others_posts\' => true,
  \'edit_pages\' => true,
  \'edit_posts\' => true,
  \'edit_private_pages\' => true,
  \'edit_private_posts\' => true,
  \'edit_published_pages\' => true,
  \'edit_published_posts\' => true,
  \'edit_theme_options\' => false,
  \'export\' => true,
  \'import\' => true,
  \'list_users\' => false,
  \'manage_categories\' => false,
  \'manage_links\' => false,
  \'manage_options\' => false,
  \'moderate_comments\' => false,
  \'promote_users\' => false,
  \'publish_pages\' => false,
  \'publish_posts\' => false,
  \'read_private_pages\' => false,
  \'read_private_posts\' => false,
  \'read\' => true,
  \'remove_users\' => false,
  \'switch_themes\' => false,
  \'upload_files\' => true,
  \'customize\' => false,
  \'delete_site\' => false,
);

// Add The Role
add_role(\'grocery\', \'Grocery\', $capabilities_grocery);

2 个回复
SO网友:cherryaustin

之所以会出现这种情况,是因为“编辑”功能允许添加新的帖子/页面。一个快速的谷歌显示,有很多方法可以删除创建功能;我没有测试过任何一个。

SO网友:Syed Fakhar Abbas

@Cherry Austin 当您添加“编辑”功能时,它将允许添加新的帖子/页面。

但是,如果用户试图直接访问添加新页面,您可以隐藏添加新页面,也可以重定向用户。请检查以下代码:

public function remove_add_page_menu() {

    $user = wp_get_current_user();
    $current_screen = get_current_screen();

    if( isset( $user->roles[0] ) ){

         $current_role = $user->roles[0];
    }

    if ( $current_role == \'user_role\') {

      // this function will remove the Add New Page Link from Menu
      remove_submenu_page( \'edit.php?post_type=page\', \'post-new.php?post_type=page\' );

      //User can directly access the add new page so you can redirect the user
      if( "add" === $current_screen->action && "page" == $current_screen->post_type ) {
        wp_redirect(\'htpp://www.url.com\');
        }
    }
}
add_action( \'current_screen\',\'remove_add_page_menu\' );
:)

标签: user-roles   小码农  

相关推荐