[Resolved] Restrict wp-admin and top admin bar to specific roles

[Author]

Posts

[yoshihikoH]

My site is a job information site.
The user role structure I envisioned on this site is:

1. Administrator:
This role would be responsible for managing all the administrative tasks, including adding / editing / deleting of product posts.

2. Job Poster:
As the name indicates, this role would be allowed to add / edit / delete their own job posts.

3. Job Seeker:
This user role would be the most common and would be able search and browse through the available job posts.

Therefore, I set the role only for "2. Job Poster" in the toolset access plugin.

Now, I have a question from here.

I want to be able to handle a series of things such as "user registration", "password reset", and "profile editing" without any problems, but the following problems occur.

Problem 3. I'm not sure that the combination of the user role structure and other Toolset settings doesn't allow general users other than job posters to view irrelevant information. I'm sorry to trouble you, but I would like you to help with the verification.

If necessary, I will provide you with access information on my test site.

Thank you.

Yoshihiko

[Christian Cox]

Hello, please provide login credentials in the private reply fields here and let me know more about the information you want to restrict from specific Users. Which specific content are you concerned about, and for which roles? Are you concerned about accessing information in wp-admin, or in the front-end of the site? Please provide some examples and I will be glad to discuss those with you.

[Christian Cox]

Okay I think you are describing the WordPress top admin bar (see admin-bar.png) and the wp-admin dashboard. Toolset Access Control does not manage the display of this admin bar, or restrict access to the wp-admin dashboard directly. You can use custom code to restrict these features to specific User roles. For example, to restrict the top admin bar from all Users except administrators and editors, you could add this custom code snippet in your child theme's functions.php file or create a new custom code snippet in Toolset > Settings > Custom Code. Set the snippet to run everywhere and activate the snippet.

add_filter('show_admin_bar', 'show_admin_bar_to_roles_func');
function show_admin_bar_to_roles_func(){
  $show_to_roles = array( 'administrator', 'editor');
  if( is_user_logged_in() ){
    $user = wp_get_current_user();
    $roles = $user->roles;
    $intersect = array_intersect( $show_to_roles, $roles );
    if( count( $intersect ) > 0 ){
        return true;
    }
  }
  return false;
}

Replace 'administrator', 'editor' with a comma-separated list of all the desired User role slugs. If a User has any of these roles, that User will see the top admin bar. Users with none of these roles will not see the top admin bar.

In addition to hiding the top bar, you may want to restrict access to wp-admin in general. This custom code snippet will restrict access to wp-admin for all Users except administrators and editors:

function restrict_admin_with_redirect() {
  $show_to_roles = array( 'administrator', 'editor');
  $user = wp_get_current_user();
  $roles = $user->roles;
  $intersect = array_intersect( $show_to_roles, $roles );
  if ( count( $intersect ) == 0 && ( ! defined( 'DOING_AJAX' ) || ! DOING_AJAX ) ) {
      wp_redirect( site_url() );
      exit;
  }
}
add_action( 'admin_init', 'restrict_admin_with_redirect', 1 );

Again, replace 'administrator', 'editor' with a comma-separated list of User role slugs. Only Users with these roles will be able to access the wp-admin area. Others will be redirected to the home page of the site.

[yoshihikoH]

My issue is resolved now. Thank you!