tags:

views:

52

answers:

3
Q: 

Easiest way to hide (some) wordpress plugins from users?

I'm using WordPress to make my users make their own website/blogg. I have a set up im cloning out to all the users with some special user-roles and standard plugins.

however, some of the plugins are the users not supposed to make changes to or inactivate.

is their any way to select which plugins different user roles are allowed to use, or a easy way to hide some plugins in the plugins-page but still have them working as normal?

maybee there's some plugin that helps me to do this?

+1  A: 

Each plugin will usually specify their own role/permission, which you can see if you look at their add_submenu_page() or such function calls. You can create new roles for those plugins and replace the one specified by the author, but it will also break the changes if you upgrade the plugins.

Extrakun  2010-09-14 08:38:11
This solves half of the problem, i can make it not show up in the menus. but the plugins are stil visible on the plugin-page and can be disbaled by the users. (i have to let them activate/inactiveta plugins because there are other plugins that needs to be able to be activated or inactivated.
Volmar  2010-09-14 09:49:57
Rights management is one of WordPress' weaker points. The ability to edit plugins is also one of the permission. I'll suggest giving all your special members a new role which excludes the right to edit plugins. If it is a case by case basis for each plugin, I afraid WP is not designed to handle it. Hope I am wrong though! Or you may want to look at WordPress MU.
Extrakun  2010-09-14 11:32:42
+2  A: 

You could write a plugin that uses the "all_plugins" filter hook to remove from the array plugins that you don't want displaying for a certain user. Something like this:

$plugin_credentials = array(
    'bob' => array(
            'Hello Dolly' => 1
    ),
    'jim' => array(
            'Akismet' => 1,
            'Hello Dolly' => 1,
    ),
    'admin' => "**ALL**"
);

function plugin_permissions($plugins)
{
        global $current_user, $plugin_credentials;

        $username = $current_user->user_login;

        if ($plugin_credentials[$username] == "**ALL**")
                return $plugins;

        $viewable_plugins = array();

        foreach ($plugins as $plugin) {
                if (isset($plugin_credentials[$username]) &&
                        isset($plugin_credentials[$username][$plugin['Name']]) &&
                        $plugin_credentials[$username][$plugin['Name']] == 1) {

                        array_push($viewable_plugins, $plugin);
                }
        }
        return $viewable_plugins;
}

add_filter('all_plugins', 'plugin_permissions');

Managing the user permissions in the plugin itself is not ideal, but it is probably easiest. You can expand on that idea to create admin pages for managing the users and their viewable plugins in a database table somewhere.

spuriousdata  2010-09-15 01:01:51
Volmar  2010-09-15 07:49:48
Ack! I wonder if it has something to do with wordpress's caching of the plugin list. You can try adding a wp_cache_delete('plugins', 'plugins') right before the return statement. But I'm not sure if it will help.
spuriousdata  2010-09-15 18:20:04
i've found the problem (and a solution for it).the original $plugin-array has the path to the plugin file as array key. but the $viewable_plugins-array uses the array_push function wich ads 0 as the first key 1 as next and so on. This code did the trick:$keys = array_keys($plugins);$num = 0; foreach ($plugins as $plugin) { if (isset($plugin_credentials[$userrole]) } $num++; } return $viewable_plugins;
Volmar  2010-09-16 11:46:41
awesome! Sorry I didn't catch that.
spuriousdata  2010-09-16 19:29:05
A: 

You should stratify the users. Make sure that the Admin user(s) are trusted and know not to fiddle with what they don't understand. The others should be limited to their roles. Authors, editors, etc. For example, if they're just a part of the site to write articles, then they don't need to see the rest of it. Make them an author and be done with it.

This is part of client education. If its a smaller client with less stratified roles, then make them two accounts. Tell them "this is the account you administer the site with, you'll be using this rarely. And this is the account that you'll use most of the time to write and edit. You can do all of your daily tasks here and will most likely never need the administrator account". You won't always have luck with this approach, but its less time and effort invested in crap you shouldn't be wasting time on.

Gipetto  2010-09-15 05:18:38

related questions

What's the best way to develop against WordPress on Windows when you already have IIS/SQL Server installed?
How do I use SCM with a PHP app such as Wordpress?
Getting IIS6 to play nice with WordPress Pretty Permalinks
YouTube embeds not working in WordPress after import from Blogger
Wordpress.. Is it a CMS?
How should a blog be structured to easily extract its data?
What database privileges does a Wordpress Blog really need?
What's the best way to run Wordpress on the same domain as a Rails application?
Is the syntax for the Wordpress style.css template element available anywhere?
How do you add a JavaScript widget to a Wordpress.com hosted blog?
What is the best CSS grid framework that integrates with Wordpress?
Using Apache mod_rewrite to remove sub-directories from URL
Joomla Blog/Wordpress Integration
Running a scheduled task in a Wordpress plug-in
Wordpress Category Template Question
Wordpress MediaWiki Cookie Integration
Preview theme in Wordpress
Seeking code highlighter recommendation for WordPress
Wordpress MediaWiki Integration
How do I list all Entries with a certain tag in Wordpress?
Mysql: Using "AND" Operation on tags and categories tables in Wordpress
How do I display database query statistics on Wordpress site?
Resources on wordpress theme-development
What is best blogging host for programmers/code formatting?
Wordpress theme development offline tools