Filter uncanny-learndash-groups

ulgm_max_password_reset_user_capability

Filters the capability required to reset user passwords, allowing customization of access for password reset functionality.

add_filter( 'ulgm_max_password_reset_user_capability', $callback, 10, 1 );

Description

Filters the capability required to reset a user's password via the REST API. Developers can change the default 'edit_posts' capability to restrict password resets to users with different roles or permissions, enhancing security and access control.

Usage

add_filter( 'ulgm_max_password_reset_user_capability', 'your_function_name', 10, 1 );

Return Value

The filtered value.

Examples

/**
 * Restrict password reset capability to users with higher privileges.
 *
 * This filter allows administrators to define a capability that is required
 * to be able to reset other users' passwords. By default, 'edit_posts' is used,
 * which typically includes administrators and editors.
 *
 * @param string $capability The capability required to reset user passwords.
 * @return string The modified capability.
 */
add_filter( 'ulgm_max_password_reset_user_capability', function( $capability ) {
    // Example: Only allow users with the 'manage_options' capability (Super Admins/Administrators)
    // to reset other users' passwords.
    // This is a more restrictive setting than the default 'edit_posts'.
    if ( current_user_can( 'manage_options' ) ) {
        return 'manage_options';
    }

    // If the current user doesn't have 'manage_options', we can either:
    // 1. Fallback to a less restrictive capability if available.
    // 2. Return an empty string or a capability that no one has to prevent resets entirely.
    // For this example, we'll ensure it's at least 'edit_posts' if not 'manage_options'.
    // In a real-world scenario, you might want to be more strict.
    return $capability; // Or return 'edit_posts' if you want to ensure it's at least that.
}, 10, 1 );

Placement

This code should be placed in the functions.php file of your active theme, a custom plugin, or using a code snippets plugin.

Source Code

src/classes/helpers/rest-api-end-points.php:1629

$site_name = get_network()->site_name;
		} else {
			$site_name = wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES );
		}
		foreach ( $users_ids as $user_id ) {
			$user_id = absint( $user_id );
			// Check if the user is an admin
			if ( user_can( $user_id, apply_filters( 'ulgm_max_password_reset_user_capability', 'edit_posts' ) ) ) {
				if ( count( $users_ids ) == 1 ) {
					$data['message'] = __( 'You are not allowed to reset the password of this user.', 'uncanny-learndash-groups' );
				} else {
					$data['message'] = __( 'You are not allowed to reset the password of one of the users.', 'uncanny-learndash-groups' );
				}
				wp_send_json_error( $data );
			}
Scroll to Top