Wordpress - How can I allow authors/contributors to edit only a specific options page but not others?

1
votes

I created a simple wordpress plugin today which is essentially an options page. It is based on the instructions at this link: http://codex.wordpress.org/Creating_Options_Pages (there is example code at the bottom of that page which I used as the backbone for my plugin).

Basically, I want authors/contributors to be able to see a new tab in their admin menu, which when clicked, would take the user to a page where he/she can write some text and hit "save changes" (which would then save that text to a database). I want to later be able to call this text via something like get_option('some_option').

However, authors/contributors cannot "manage_options" & this prevented them from editing the options on the new menu tab I created. I installed a plugin called "User Role Editor" to allow authors/contributors to manage_options, but this brings the "Settings" tab in their admin menu and allows them to manage all options.

How can I allow authors/contributors to only manage_options for the plugin I created and nothing else? Can I lift permission restrictions for the plugin I created? Any guidance would be appreciated! (The plugin development went smooth but now I'm stuck).

My code is pretty much analogous to the example found in the link given above:

<?php
add_action('admin_menu', 'baw_create_menu');

function baw_create_menu() {

    //create new top-level menu
    add_menu_page('BAW Plugin Settings', 'BAW Settings', 'edit_posts', 'my-plugin', 'baw_settings_page');

    //call register settings function
    add_action( 'admin_init', 'register_mysettings' ); }


function register_mysettings() {
//register our settings
register_setting( 'baw-settings-group', 'new_option_name' );
register_setting( 'baw-settings-group', 'some_other_option' );
register_setting( 'baw-settings-group', 'option_etc' ); }

function baw_settings_page() { ?> <div class="wrap"> <h2>Plugin Name</h2>

<form method="post" action="options.php">

    <?php settings_fields( 'baw-settings-group' ); ?>
    <?php do_settings( 'baw-settings-group' ); ?>

    <table class="form-table">

        <tr valign="top">
        <th scope="row">New Option Name</th>
        <td><input type="text" name="new_option_name" value="<?php echo get_option('new_option_name'); ?>" /></td>
        </tr>

        <tr valign="top">
        <th scope="row">Some Other Option</th>
        <td><input type="text" name="some_other_option" value="<?php echo get_option('some_other_option'); ?>" /></td>
        </tr>

        <tr valign="top">
        <th scope="row">Options, Etc.</th>
        <td><input type="text" name="option_etc" value="<?php echo get_option('option_etc'); ?>" /></td>
        </tr>

    </table>

    <?php submit_button(); ?>

</form> </div> <?php } ?>
2
phphtmlwordpress
1) There's an error in your code, it's not do_settings, but do_settings_fields. 2) You are developing without WP_DEBUG enabled, otherwise you'd see that do_settings_fields( 'baw-settings-group' ); dumps an error because there's an argument missing. 3) If you are doing the add_menu_page with edit_posts capabilities, it shows up for the desired roles without need of modifying the role. Are you sure you are getting Roles and Capabilities right?brasofilo
Hi, I actually used do_settings_fields, the code above was slightly modified version of that in the link given (sorry for the confusion). And yes, the menu page shows up for users with the desired roles, but those users were not able to modify the options on the menu page because they did not have permission to "modify_options". I found the solution though (posted below).killajoule

2 Answers

2
votes

I found the solution:

function twentyeleven_option_page_capability( $capability ) {
    return 'edit_posts';
}
add_filter( 'option_page_capability_baw-settings-group', 'twentyeleven_option_page_capability' );

I added that right after the function that registers settings (In the code I provided above, that would be the function register_mysettings())

Basically, the add_filter function allows options of the group baw-settings-group (declared in the register_mysettings function by the register_setting function) to be altered by users who can edit_posts (the function twentyeleven_option_page_capability is given to add_filter as the second argument which returns 'edit_posts').

Source: http://wordpress.org/support/topic/wordpress-settings-api-cheatin-uh-error?replies=0

0
votes

You can check by user privilege:

if (current_user_can('permission')) {
... do stuff
}

So if you wanted a section for only editors/admins, for example, you could use:

function register_mysettings() {
  if (current_user_can('edit_posts') {
    //register our settings...