Stop custom user changing their access permissions

This thread is resolved. Here is a description of the problem and solution.

Problem:

I want the user to be able to use the Toolset plugins, just not be able to change their own, or anyone else's, to Access settings.

Solution:

You can remove the "Access Control" menu with some custom codes, like this:

https://toolset.com/forums/topic/stop-custom-user-changing-their-access-permissions/#post-1125854

Relevant Documentation:

https://developer.wordpress.org/reference/functions/remove_submenu_page/

This support ticket is created 6 years, 1 month ago. There's a good chance that you are reading advice that it now obsolete.

This is the technical support forum for Toolset - a suite of plugins for developing WordPress sites without writing PHP.

Everyone can read this forum, but only Toolset clients can post in it. Toolset support works 6 days per week, 19 hours per day.

Sun	Mon	Tue	Wed	Thu	Fri	Sat
-	9:00 – 13:00	9:00 – 13:00	9:00 – 13:00	9:00 – 13:00	9:00 – 13:00	-
-	14:00 – 18:00	14:00 – 18:00	14:00 – 18:00	14:00 – 18:00	14:00 – 18:00	-

Supporter timezone: Asia/Hong_Kong (GMT+08:00)

Tagged: Access plugin, Controlling access to admin function

This topic contains 5 replies, has 2 voices.

Last updated by Luo Yang 6 years, 1 month ago.

Assisted by: Luo Yang.

Author

Posts

October 10, 2018 at 1:10 pm #1124622

Ben

I am trying to set up a Custom Role in Access Control for a user just below an Admin but above Editor.

I have copied the Permissions from Editor and I believe the attached permission is the one that I need to enable for a User to be able to view and use plugins in the WP admin area.

The problem I have is that when I enable this, the user can navigate to Toolset Access and change their own permissions, thus giving them access to things they should not be able to.

Is there any way to stop this? Or am I using this wrong?

October 11, 2018 at 6:53 am #1125133

Luo Yang

Hello,

Thanks for the details, in your case, I suggest you try this:
Dashboard-> Toolset-> Access Control-> Custom Roles
click button "Enable advanced mode"
find and "Change permissions" of your custom user role, in section "General capabilities"
1) Disable option "manage_options"
Then those users can not see Toolset memu

2) Enable options:
activate_plugins
Then those users can see Plugin memu, and activate/deactivate plugins in your website.

More help:
https://codex.wordpress.org/Roles_and_Capabilities#activate_plugins

October 11, 2018 at 1:55 pm #1125312

Ben

Hello Luo Yang,

Thank you for your suggestions. I don't think I explained what I was trying to achieve well enough.

I want the user to be able to use the Toolset plugins, just not be able to change their own, or anyone else's, Access settings.

October 12, 2018 at 3:14 am #1125854

Luo Yang

You can remove the "Access Control" menu like this:

function no_access_menu() {
	$user = wp_get_current_user();
	if ( in_array( 'editor', (array) $user->roles ) ) { 
		$page = remove_submenu_page( 'toolset-dashboard', 'types_access' );
	}
}
add_action( 'admin_menu', 'no_access_menu', 999 );

Please replace "editor" with your custom user role slug.

More help:
https://developer.wordpress.org/reference/functions/remove_submenu_page/

October 12, 2018 at 1:22 pm #1126275

Ben

Thank you Luo Yang, that has worked perfectly!

October 15, 2018 at 1:26 am #1127201

Luo Yang

You are welcome