[wp-hackers] Avoiding user profile editing to non administrators
Viper007Bond
viper at viper007bond.com
Mon Dec 18 12:23:17 GMT 2006
Er, ha, that's what you said (didn't read to the end).
Yes, that'd probably be the best way (check the script), although this is a
better/easier test:
if ( 'profile.php' == basename($_SERVER['SCRIPT_NAME']) &&
!current_user_can('edit_users') ) die('Sorry, you aren't allowed to edit
your own profile.');
Although a prettier error message would probably be better. ;)
On 12/18/06, Viper007Bond <viper at viper007bond.com> wrote:
>
> Just make a plugin that checks to see if the user has the permissions to
> edit other user's profiles when someone visits profile.php. If they don't,
> die() with an error message.
>
> On 12/17/06, Tassoman (mailing) <ml at tassoman.com> wrote:
> >
> > Hello to all wp-hackers ;)
> > I just want to avoid registered users to edit their profile,
> > because
> > it's filled by data i fetch from the outside authentication program.
> >
> > But, I'm keeping user roles. So I would still let admins and editors to
> > edit other users.
> >
> > I've tried hooking to show_user_profile but it's used to add personal
> > fields to the profile form.
> >
> > Is there some hook to user profile display or the clearest method is to
> > sniff with a regex the $_SERVER['SCRIPT_NAME'] variable looking for
> > wp-admin/profile.php$ ???
> >
> > Ciao! :)
> >
> > --
> > Blogging humanum est, Tassoman ovest.
> > http://blog.tassoman.com
> >
> > _______________________________________________
> > wp-hackers mailing list
> > wp-hackers at lists.automattic.com
> > http://lists.automattic.com/mailman/listinfo/wp-hackers
> >
>
>
>
> --
> Viper007Bond | http://www.viper007bond.com/
--
Viper007Bond | http://www.viper007bond.com/
More information about the wp-hackers
mailing list