prevent access to a specific admin page wordpress

0
votes

I've been given a task to create a specific user group for a wordpress website that can access only a single plugin, and it's pages.

In essence, admin.php?page=some_plugin_page needs to be accesible only by a specific usergroup(and the super admin ofcourse).

A few things i've noticed :
1. There is no indication to the plugin's name, only the page we wish to load.
2. There doesn't seem to be a built in method to limit access to only a specific page.

If anyone has any clue I'd really appreciate it, I'm guessing it has something to do with the way admin.php loads the plugin pages.

thanks in advance.

1
wordpress

1 Answers

1
votes

Wordpress doesn't provide an easy way to do this. I'd approach it from the plugin's side:

  • Add a new role / capability like "edit_some_plugin" using either add_role() or a plugin like Role Scoper.
  • Fork the plugin and give it a new name including editing the file headers so that it no longer auto-updates.

  • In your forked plugin, find the routines that generate the admin pages / menus. Searching for is_admin() or current_user_can() is a good place to start. Add in your new capability into the conditionals to cause these menus to be built,

    e.g. change: if (is_admin()) show_plugin_admin_menu();

    to this: if (is_admin() || current_user_can('edit_some_plugin')) show_plugin_admin_menu();

Plugins vary quite a bit in the quality and consistency of their code, so this might end up being a rather large undertaking.

The alternate is to reach out to the plugin's developer and ask them how much you'd have to donate to add this functionality to their plugin for you.