- This topic has 6 replies, 2 voices, and was last updated 9 years, 5 months ago by
.
-
Posts
-
I have set up accounts to use the primary role of subscriber.
I have used Role Editor to create a role.
If I through role editor create a group – example managers, and would like them to edit a user (purpose reset password or change role in role editor) there does not seem to be away to disallow a member of that group from changing a users primary role.I would like a member of the group to be able to add/manage a user, add them to one of the roles from role creator but not allow them to change the primary role. If this possible?
Thanks.
Hi Paul,
Right now there is no way to limit a user from changing just the primary role. From a WordPress point of view, this doesn’t limit that user from receiving capabilities, because a user can get any capability through secondary roles.
Do you mind explaining your use case? May be there is a different way.
Thanks
Syam
Hi Syam.
More info.
If I set person A up – their account along with any account will have the primary role via wordpress as Subscriber. (The minimum permissions)Via your role plugin, I can then create a group for managers.
If I allow the managers roles under ‘users’, tick the following:
list_users
create_users
promote_usersThe person in the role can change the primary role of the user, example make them an administrator etc.
It would be good if the primary role via WP could be locked down, I can’t specifically see away to do such. With the primary WP role locked down this could then allow the roles only to be changed with the promote_users ticked under the role.Hope that helps give some more info.
Will submit this and then send my email via PR.Hi Paul,
I think I don’t understand your question. promote_users will lock down all the roles. Just locking the primary role doesn’t make sense to me, because you could still assign Administrator as secondary role and the user will have all the permissions.
And why did you send your email to me?
Thanks
Syam
I have raised a support ticket.
It is logical to me how I put it.Primary WP role overrides a lot of stuff your roles will do.
If the WP roles can be blocked from being changed then your roles have more value.A standard subscriber (user) (wp role) who I would example like to add a user or change that users password can do that with those role manager permissions listed, as role manager allows to access user settings backend. Allowing minimum access via role manager to user settings and also allows that delegated person able to make anyone a editor, admin or any other WP role. If WP can be blocked from being changed then that would help keep the backed more secure.
Via the email/support ticked I’d consider doing a mini video cast to show you if you can’t replicate it.
Thanks
Hi Paul,
I don’t think I’m understanding your point.
Here is my understanding of WordPress and it’s roles and capabilities ecosystem. All roles are equal, WordPress doesn’t give any weight to a role based on it’s name. It’s weight is calculated by the capabilities a role has. It doesn’t matter whether a role is a default WordPress role or one created by a plugin. There is no such thing as primary and secondary roles (I named them like that for easy UI management). A WordPress user object has a roles array. This plugin considers a role as a primary role if it sits in the beginning of that array and all roles following that index is considered secondary (just by this plugin, not by WordPress). WordPress treats all roles equal no matter on which index a roles sits in that array. For example, you can have “Subscriber” at the beginning index and “Administrator” at the second index and you will be treated as Administrator. You won’t be treated as “Subscriber” just because it sits in the beginning.
Roles are WordPress objects. There is no such thing as WordPress role and plugin role. For example you can create a role through this plugin, that role will still exist within your site even after you deactivate this plugin.
I want my plugin to be inline with WordPress basics and it’s concepts especially when I’m working with WordPress objects. I won’t try to reinvent the wheel or workaround it. I will only implement a functionality if WordPress allows it through its filters and actions or is inline with the WordPress concepts.
Thanks
Syam
- The topic ‘User Management’ is closed to new replies.