One of the many tweaks we often build into our plugins to enhance the WordPress dashboard functionality is limiting the capabilities of additional users who have been given access. In this case, Editors have the ability to add/remove/edit users and could accidentally or possibly purposefully change the access rights of the primary admin (Super Admin). With this little bit of code, we eliminate the possibility of that. Let’s get started!
/** * Editor cannot edit or delete Super Admin */ class RAS_User_Caps { // Add our filters function RAS_User_Caps(){ add_filter( 'editable_roles', array(&$this, 'editable_roles')); add_filter( 'map_meta_cap', array(&$this, 'map_meta_cap'),10,4); } // Remove 'Administrator' from the list of roles if the current user is not an admin function editable_roles( $roles ){ if( isset( $roles['administrator'] ) && !current_user_can('administrator') ){ unset( $roles['administrator']); } return $roles; } // If someone is trying to edit or delete and admin and that user isn't an admin, don't allow it function map_meta_cap( $caps, $cap, $user_id, $args ){ switch( $cap ){ case 'edit_user': case 'remove_user': case 'promote_user': if( isset($args[0]) && $args[0] == $user_id ) break; elseif( !isset($args[0]) ) $caps[] = 'do_not_allow'; $other = new WP_User( absint($args[0]) ); if( $other->has_cap( 'administrator' ) ){ if(!current_user_can('administrator')){ $caps[] = 'do_not_allow'; } } break; case 'delete_user': case 'delete_users': if( !isset($args[0]) ) break; $other = new WP_User( absint($args[0]) ); if( $other->has_cap( 'administrator' ) ){ if(!current_user_can('administrator')){ $caps[] = 'do_not_allow'; } } break; default: break; } return $caps; } } $ras_user_caps = new RAS_User_Caps();
This bit of code could be added to the theme
functions.php
file, but we prefer to put this into a custom plugin so that if the theme is ever changed, the rules still apply.