Lakshyajeet.

User Roles in WordPress

lakshyajeet

When working with WordPress, user roles play a vital role in determining who can access specific parts of the website, and what actions they can perform. For many WordPress administrators, its crucial to define granular access levels based on the types of content being managed on the site. Whether we are managing blog posts, products or events, its important to customize the roles and capabilities to ensure that the right people have access to the right tools. In this post, weโ€™ll explore how to set up custom user roles for custom post types and taxonomies in WordPress, with a focus on managing events.

Setting Up Custom Post Types and Taxonomies

Let’s assume we already have a CPT, Event setup with its taxonomy, Event Type.

function register() {
    register_post_type(
        'my_event', array(
        //..
        'capability_type' => array('event', 'events'),  // Define custom capabilities
        'map_meta_cap' => true,  // Use meta capabilities
    );
    register_taxonomy(
        'event-type',
        'my_event',
        //..
        'capabilities' => array(  // Define custom capabilities
                'manage_terms' => 'manage_event_types',
                'edit_terms' => 'edit_event_types',
                'delete_terms' => 'delete_event_types',
                'assign_terms' => 'assign_event_types',
            )
    );
}
add_action('init', 'register');

Customizing User Roles and Permissions

Now that we have our custom post types and taxonomies, the next step is to define custom user roles that can manage these types. WordPress comes with default roles, but we can create a new role (Event Manager) with specific permissions related to our custom post types.

function get_all_event_caps() {
    $capabilities = array();
    $post_types = array('my_event');

    foreach($post_types as $post_type) {
        $post_type_object = get_post_type_object($post_type);

        // Check if the post type object is valid.
        if (! $post_type_object instanceof WP_Post_Type) {
            continue;
        }

        // Remove default post capabilities.
        $post_type_caps = (array) $post_type_object->cap;  // Get capabilities for the post type

        // Remove default post capabilities
        unset($post_type_caps['edit_post']);
        unset($post_type_caps['read_post']);
        unset($post_type_caps['delete_post']);
        unset($post_type_caps['create_posts']);

        $capabilities = array_merge($capabilities, array_values($post_type_caps));   
    }

    $taxonomies = array('event-type');

    foreach($taxonomies as $taxonomy) {
        $taxonomy_object = get_taxonomy($taxonomy);

        // Check if the taxonomy object is valid.
        if (! $taxonomy_object instanceof WP_Taxonomy) {
            continue;
        }

        $taxonomy_caps = (array) $taxonomy_object->cap;
        $capabilities = array_merge($capabilities, array_values($taxonomy_caps)); 
    }

    return $capabilities;
}

Before assigning the permission we make a helper function to help us get all the permissions required for the Event Manager.

function event_add_roles() {
    $capabilities = get_all_event_caps();
    
    // Add each capability to the 'administrator' role.
    $admin_role = get_role('administrator');

    foreach($capabilities as $capability) {
        $admin_role->add_cap($capability);
    }

    $capabilities = array_fill_keys($capabilities, true);

    add_role('event-manager', 'Event Manager', $capabilities);
}
add_action('init', 'event_add_roles');

function event_remove_roles() {
    $capabilities = get_all_event_caps();
    $admin_role = get_role('administrator');

    foreach($capabilities as $capability) {
        $admin_role->remove_cap($capability);
    }
    
    // Remove the 'Event Manager' role.
    remove_role('event-manager');
}
  • get_all_event_caps(): This function retrieves all the necessary capabilities for our custom post types and taxonomies.
  • event_add_roles(): This creates a custom role called “Event Manager” and assigns it the necessary capabilities for managing events and event types.
  • event_remove_roles(): This function removes the custom “Event Manager” role and its capabilities.

Conclusion

Custom user roles in WordPress help maintain a secure and efficient management system, especially when dealing with multiple types of content. By defining custom post types and taxonomies along with appropriate capabilities, we can ensure that users have the right level of access based on their specific role, this approach provides the flexibility to keep our WordPress site organized and secure.

Leave a Reply

Your email address will not be published. Required fields are marked *