[wp-hackers] Breaking down the Edit_Pages capability

[Andy Skelton]

On 1/21/06, Chris Casciano <chris at placenamehere.com> wrote:
> If there are new pages to be created that would be the call and
> responsibility of someone higher up the food chain.

Now I see what you're after. It wouldn't be too hard to use an
existing hook to check the current user's role when publishing a new
page and deny access to any given role.

Off the top of my head and without regard for aesthetics or usability,
this might do in a pinch:

function kill_new_page($status) {
 if ( in_array('administrator', $GLOBALS['current_user']->roles) ||
'static' != $status )
  return $status;

 $page = &get_page($_POST['post_ID']);
 if ( isset($page->ID) )
  return $status;

 die('You do not have permission to publish pages.');
}
add_filter('status_save_pre', 'kill_new_page');

Removing the unwanted submenu item for non-admins is another trick.

Removing the Create New Page link from edit-pages.php without hacking
the core would require buffer manipulation. Start the buffer at
'admin_menu' and handle it at admin_footer.

Cheers,
Andy