[Resolved] Restrict wp-admin area for certain roles with Access

[Author]

Posts

[Vane]

Hello,

I defined a custom role with Access and I want to allow them only to create, delete, edit and publish their own CPT posts, but I don't want them to reach WP admin area, I want them to do those operations via Toolset Forms.
I created a test user with that custom role but it reaches backend and I'm not able to figure out if, where and how can I do that?

Thank you

[Nigel]

Toolset doesn't include any way to restrict registered users from accessing the backend pages.

You can use another plugin for this, such as https://wordpress.org/plugins/remove-dashboard-access-for-non-admins/

Or if you don't want to add a plugin, you could use a PHP snippet to redirect users to the homepage when they try to access the backend. Here's an example which you could modify for your needs: hidden link

[Vane]

Hi,

thank you for your response.

[partial solution]
We have to uncheck "read" capability at Change Permission / Other capabilities.

( "Read" capability is described here:
https://wordpress.org/support/article/roles-and-capabilities/#read )

Though the top (black) admin bar is still shown and I either would like to disable it for some roles or use a custom login etc. page / URL for all roles except Admins.
In which Toolset folder / file are the custom roles and capabilities are stored?
I watched a Udemy WP course where it is modified (disable admin top bar), so I can tweak the code if I know where it is.

Thank you

[Nigel]

Access doesn't let you remove the read capability.

On your site, which roles do you want to be able to access the backend?

Where do you want other users that try to access the backend be redirected?

[Vane]

Access allowed me to do that!
"We have to uncheck "read" capability at" ...Specific Custom Role... "Change Permission / Other capabilities."
Pls. note it is set for a CPT and not for the default WP post.

- "which roles do you want to be able to access the backend"
only Admin.

- "Where do you want other users that try to access the backend be redirected?"
either to a custom registration / login page( with embedded Forms' form ) or to a popup Forms' form used for reg / login.

[Nigel]

Hmm, the current versions of Access won't let me do that, but in any case it doesn't really help, because that alone doesn't achieve what you want.

If you don't want to use another plugin, you should add a PHP snippet for this. You want it to run earlier than when using Toolset > Settings > Code Snippets, so add the following to your theme's functions.php instead:

function ts_lockout_dashboard() {
    if ( is_admin() && !current_user_can('administrator') ) {
        wp_redirect( home_url( '/login/' ) );
        die();
    }
}
add_action('init', 'ts_lockout_dashboard');

You will need to create your custom login page. This code snippet assumes it has a slug of "login", which you would need to modify if you create a log-in page with a different slug.

Can you try that?

[Vane]

Thank you!