An Interest In:
Web News this Week
- April 27, 2024
- April 26, 2024
- April 25, 2024
- April 24, 2024
- April 23, 2024
- April 22, 2024
- April 21, 2024
Create a Simple CRM in WordPress: Restricting / Hiding Unused Admin Menu Items
We’ve been looking at how to create a simple CRM system in WordPress. In the last part of this series, we added code to our plugin which allowed us to search our contacts based on the data stored in Advanced Custom Fields.
Today we’ll cover how to restrict access to WordPress Administration Menu items.
Roles and Capabilities
WordPress uses the concept of Roles, where a Role can be assigned to a WordPress User. This Role defines what the User can and cannot do.
By default, WordPress has six roles:
- Super Admin
- Administrator
- Editor
- Author
- Contributor
- Subscriber
The permissions that a Role has are referred to as Capabilities, and WordPress provides lots of different capabilities (for example,install_plugins
, update_themes
, edit_pages
,etc). If you’re interested in seeing the full list of Capabilities based on Role, seethis WordPress Codex Page.
When we registered our Contacts Custom Post Type in Part 1 of this series, we defined thecapability_type
to bepost
. This means that the read, edit and delete capabilities for Contacts are the same as used for Posts. Depending on the User’s Role, this gives the User the following access to our Contacts Custom Post Type:
Capability | Super Admin | Administrator | Editor | Author | Contributor | Subscriber |
---|---|---|---|---|---|---|
edit_others_posts | Yes | Yes | Yes | |||
delete_others_posts | Yes | Yes | Yes | |||
delete_private_posts | Yes | Yes | Yes | |||
edit_private_posts | Yes | Yes | Yes | |||
read_private_posts | Yes | Yes | Yes | |||
edit_published_posts | Yes | Yes | Yes | Yes | ||
publish_posts | Yes | Yes | Yes | Yes | ||
delete_published_posts | Yes | Yes | Yes | Yes | ||
edit_posts | Yes | Yes | Yes | Yes | Yes | |
delete_posts | Yes | Yes | Yes | Yes | Yes |
Editors and Authors
Based on the above capabilities, if we want Users to be able to add, edit and delete all Contacts (including Contacts created by other Users), we’d need to use the Editor role. Let’s go ahead and create a new WordPress User with that role:
- Navigate to Users > Add New in the WordPress Administration Menu.
- Complete the username, email and password fields.
- Set the Role of the User to Editor.
- Click Add New User.
Now let’s log out of WordPress and log in as our new Editor. You’ll see that the WordPress Administration Menu has fewer options, and includes our Contacts Custom Post Type:
However, you may only want Users to be able to view other Users' Contacts without having the ability to edit or delete them. We can achieve this by using the Author role, as this role does not have edit_others_posts
or delete_others_posts
Capabilities (refer to the table above).
Create your WordPress User in the same way as we did for an Editor, this time choosing the Author role instead.
Logging in as an Author will again show fewer WordPress Administration Menu options:
When we view our Contacts, you’ll see all other Contacts created by other WordPress Users—however, we’re not able to edit or delete them:
Go ahead and add a new Contact. Once done, click onAll Contactsin the WordPress Administration Menu. Instead of seeing all Contacts created by other WordPress Users, you’ll now see Contacts that you have created, which you’re able to edit and delete:
We can still view other Users' Contacts by clicking theAlloption above the WordPress Table:
Up Next…
In the next article, we’re going to further restrict WordPress Administration functionality to selected Users, allowing them to only access the Contacts CRM.
Original Link:
TutsPlus - Code
Tuts+ is a site aimed at web developers and designers offering tutorials and articles on technologies, skills and techniques to improve how you design and build websites.More About this Source Visit TutsPlus - Code