下面示例代码中:
有三种角色:管理员(administrator),区管理员(districtsupervisor),普通用户(guest)。
管理员可以创建区管理员及普通用户。区管理员只可创建普通用户。
function wpse_10min_get_allowed_roles( $user ) {
$allowed = array();
if ( in_array( 'administrator', $user->roles ) ) { // Admin can edit all roles
$allowed = array_keys( $GLOBALS['wp_roles']->roles );
} elseif ( in_array( 'districtsupervisor', $user->roles ) ) {
$allowed[] = 'guest';
}
return $allowed;
}
function wpse_10min_editable_roles( $roles ) {
if ( $user = wp_get_current_user() ) {
$allowed = wpse_10min_get_allowed_roles( $user );
foreach ( $roles as $role => $caps ) {
if ( ! in_array( $role, $allowed ) )
unset( $roles[ $role ] );
}
}
return $roles;
}
add_filter( 'editable_roles', 'wpse_10min_editable_roles' );
function wpse_10min_map_meta_cap( $caps, $cap, $user_ID, $args ) {
if ( ( $cap === 'edit_user' || $cap === 'delete_user' ) && $args ) {
$the_user = get_userdata( $user_ID ); // The user performing the task
$user = get_userdata( $args[0] ); // The user being edited/deleted
if ( $the_user && $user && $the_user->ID != $user->ID /* User can always edit self */ ) {
$allowed = wpse_10min_get_allowed_roles( $the_user );
if ( array_diff( $user->roles, $allowed ) ) {
// Target user has roles outside of our limits
$caps[] = 'not_allowed';
}
}
}
return $caps;
}
add_filter( 'map_meta_cap', 'wpse_10min_map_meta_cap', 10, 4 );
评论区
发表新的留言
您可以留言提出您的疑问或建议。
您的留言得到回复时,会通过您填写的邮箱提醒您。