In developing a job portal website, I faced a major challenge in managing user roles and permissions. The custom role management system I needed wasn’t available in WordPress by default. Default roles like ‘subscriber’, ‘contributor’, or ‘author’ were not flexible enough for companies wanting to post job listings. I decided to create a custom ‘perusahaan’ role with appropriate capabilities and optimal security.
As an Example
- Before: WordPress default roles that don’t fit company users’ needs
- After: Custom ‘perusahaan’ role with limited capabilities and optimal security
- Result: Better user experience, enhanced security, and controlled access for company users
Understanding the Benefits
A custom role management system provides full control over user capabilities, better security, and optimal user experience for companies wanting to post job listings without access to irrelevant WordPress features.
The Challenge
WordPress default roles don’t provide enough flexibility for company users. I need a custom role management system that can post job listings, upload company logos, but can’t access irrelevant admin features or edit other people’s posts.
Step-by-Step Implementation: Custom Role Management In WordPress
Step 1: Creating Custom Role ‘Perusahaan’
Implementation of custom role Mmanagement system with appropriate capabilities:
function add_company_role() {
add_role(
'perusahaan',
'Perusahaan',
array(
'read' => true,
'edit_posts' => true,
'delete_posts' => true,
'publish_posts' => true,
'upload_files' => true,
'edit_published_posts' => true,
'delete_published_posts' => true,
)
);
}
add_action('init', 'add_company_role');Key Capabilities:
read– Can read contentedit_posts– Can edit own postspublish_posts– Can publish postsupload_files– Can upload company logosdelete_posts– Can delete own posts
Step 2: Restricting User Capabilities
Limiting capabilities to prevent unwanted access in our custom role management system:
function update_company_capabilities() {
$role = get_role('perusahaan');
// Remove ability to edit others' posts
$role->remove_cap('edit_others_posts');
$role->remove_cap('delete_others_posts');
// Ensure ability to edit own posts exists
$role->add_cap('edit_posts');
$role->add_cap('edit_published_posts');
$role->add_cap('publish_posts');
$role->add_cap('delete_posts');
$role->add_cap('delete_published_posts');
}
add_action('admin_init', 'update_company_capabilities');Step 3: Custom Logout Redirect
Implementation of custom logout redirect for company role in our custom role management system:
function custom_logout_redirect_company($redirect_to, $requested_redirect_to, $user) {
// Check if user has company role
if ($user && in_array('perusahaan', (array) $user->roles)) {
// Redirect to homepage for company role
return home_url('/');
}
// For other roles, use default redirect
return $redirect_to;
}
add_filter('logout_redirect', 'custom_logout_redirect_company', 10, 3);Step 4: Custom Logout URL Implementation
Creating user-friendly custom logout URL for our custom role management system:
function custom_logout_url_company($logout_url, $redirect) {
// Check if current user has company role
if (is_user_logged_in() && current_user_can('perusahaan')) {
// Create logout URL that redirects to homepage
return wp_nonce_url(site_url("wp-login.php?action=logout&redirect_to=" . urlencode(home_url('/')), 'login'), 'log-out');
}
// For other roles, use default URL
return $logout_url;
}
add_filter('logout_url', 'custom_logout_url_company', 10, 2);Step 5: Admin Bar Customization
Customizing admin bar for company role in our custom role management system:
function custom_admin_bar_logout_url_company($wp_admin_bar) {
if (is_user_logged_in() && current_user_can('perusahaan')) {
// Remove default logout menu
$wp_admin_bar->remove_menu('logout');
// Add custom logout menu that redirects to homepage
$wp_admin_bar->add_menu(array(
'id' => 'logout',
'title' => __('Log Out'),
'href' => wp_nonce_url(site_url("wp-login.php?action=logout&redirect_to=" . urlencode(home_url('/')), 'login'), 'log-out')
));
}
}
add_action('admin_bar_menu', 'custom_admin_bar_logout_url_company', 999);Step 6: Security Implementation
Implementation of security measures for our custom role management system:
// Nonce verification for AJAX requests
function verify_company_nonce() {
if (!wp_verify_nonce($_POST['nonce'], 'perusahaan-ajax-nonce')) {
wp_send_json_error(array('message' => 'Security check failed'));
}
}
// Capability check for actions
function check_company_capability($capability) {
if (!current_user_can('perusahaan') || !current_user_can($capability)) {
wp_die(__('You do not have sufficient permissions to access this page.'));
}
}Step 7: Testing and Validation
Comprehensive testing to ensure our custom role management system works optimally:
- Role Creation: Custom role successfully created with appropriate capabilities
- Security Testing: Users cannot access unauthorized features
- Logout Flow: Custom redirect works properly
- Admin Bar: Customization meets requirements
Live Demo and Resources
Libraries and Technologies Used
Our custom role management system utilizes:
- WordPress Core: User roles, capabilities, hooks and filters
- Custom PHP Functions: Role management and security implementation
- WordPress Hooks: add_action, add_filter for customization
- Security Features: Nonce verification, capability checking
Results and Impact
The custom role management implementation successfully provided:
- Enhanced Security: Optimal role-based access control
- Better UX: Better user experience for company users
- Controlled Access: Limited access according to needs
- Custom Workflow: User-friendly logout and redirect
Conclusion
The custom role management system I built successfully provided an optimal solution for managing company users in the job portal. With appropriate capabilities, optimal security, and good user experience, this system became a powerful and secure backbone for user management.
This custom role management system demonstrates how WordPress can be extended beyond its default capabilities to create secure, user-friendly environments for specific business needs.
