Filter uncanny-learndash-groups

ulgm_max_editable_user_capability

Filters the maximum user capability allowed for editing posts within the plugin.

add_filter( 'ulgm_max_editable_user_capability', $callback, 10, 1 );

Description

Filters the capability required to edit a user. Developers can use this hook to enforce stricter user editing permissions by returning a more restrictive capability slug. This hook fires during user data validation in the REST API.

Usage

add_filter( 'ulgm_max_editable_user_capability', 'your_function_name', 10, 1 );

Return Value

The filtered value.

Examples

/**
 * Filter the maximum user capability required to edit a user.
 *
 * This filter allows administrators to define a higher capability threshold
 * for editing users, preventing users with lower capabilities from making changes.
 *
 * @param string $capability The default capability required to edit users.
 * @return string The modified capability required to edit users.
 */
add_filter( 'ulgm_max_editable_user_capability', 'my_custom_max_editable_user_capability', 10, 1 );

function my_custom_max_editable_user_capability( $capability ) {
	// Example: If the current user has the 'manage_options' capability,
	// allow them to edit users with the 'edit_posts' capability.
	// Otherwise, require the 'edit_users' capability.
	if ( current_user_can( 'manage_options' ) ) {
		// Admins can edit users who can 'edit_posts' (default behavior).
		return 'edit_posts';
	} else {
		// For non-admins, require a higher capability like 'edit_users'.
		// This prevents users who can only 'edit_posts' from editing other users.
		return 'edit_users';
	}
}

Placement

This code should be placed in the functions.php file of your active theme, a custom plugin, or using a code snippets plugin.

Source Code

src/classes/helpers/rest-api-end-points.php:1870

}

			// Input Validation
			if ( $request->has_param( 'edit-user-id' ) ) {
				$user_id = absint( $request->get_param( 'edit-user-id' ) );

				// Check if the user is an admin
				if ( user_can( $user_id, apply_filters( 'ulgm_max_editable_user_capability', 'edit_posts' ) ) ) {
					$data['message'] = __( 'You do not have permission to edit this user.', 'uncanny-learndash-groups' );
					wp_send_json_error( $data );
				}

				// For group hierarchy support
				$is_hierarchy_setting_enabled = false;
				if ( function_exists( 'learndash_is_groups_hierarchical_enabled' ) && learndash_is_groups_hierarchical_enabled() && 'yes' === get_option( 'ld_hierarchy_settings_child_groups', 'no' ) ) {
Scroll to Top