Skip to:
Content
Pages
Categories
Search
Top
Bottom

How to hide section of profile to all but that user and admin?

  • @screampuff

    Participant

    Hello, I have the “Achievements for WordPress” Plugin, it basically creates an “Achievements” tab in every user’s profile and displays their Achievements.

    I would like to hide this so that only the user and admins can see their own achievements.

    I tried adding this code:

    
    function hide_achievements_from_users() {
    $role = xprofile_get_field_data( 'Membership' );
    if( $role !='Administrator' )
    bp_core_remove_nav_item('achievements');
    }
    add_action( 'bp_setup_nav', 'hide_achievements_from_users', 99 );
    

    However this obviously hides it from everyone but admins, and I can still see the achievements by going to /members/<username>/achievements, I need this to be completely hidden so the user would get a 404 error or redirect if they tried to type out the URL.

    Thanks

Viewing 4 replies - 1 through 4 (of 4 total)
  • @henrywright

    Moderator

    Hi @screampuff

    You could try the following function which will stop unwanted users from viewing the page directly if they tried typing the URL:

    function my_hide_achievements_page() {
        $role = xprofile_get_field_data( 'Membership' );
    
        if ( ( $role != 'Administrator' ) || ( bp_current_user_id() == bp_displayed_user_id() ) )
            return;
    
        // I guess we should 404 this page because this member isn't an admin or the displayed member.
        $wp_query->set_404();
        status_header( 404 );
        nocache_headers();
    }
    add_action( 'init', 'my_hide_achievements_page' );

    @screampuff

    Participant

    Thanks for the reply. I made some changes to the code before reading and was able to accomplish removing the tab from buddypress profiles with this:

    function hide_achievements_from_users() {
    global $bp;
    if ((bp_loggedin_user_id() == bp_displayed_user_id()) || (current_user_can('administrator'))){
    return;
    }
    bp_core_remove_nav_item('achievements');
    }
    add_action( 'bp_setup_nav', 'hide_achievements_from_users', 99 );

    However I’m stuck on how to 404 the pages if they manually type out the URL

    In your code I see:

        // I guess we should 404 this page because this member isn't an admin or the displayed member.
        $wp_query->set_404();
        status_header( 404 );
        nocache_headers();

    How do I get this to apply only when it is http://mysite.com/members/<username>/achievements?

    @henrywright

    Moderator

    I’m not sure your code will work. For example, on a very quick first look, I can see you’ve done current_user_can('administrator'). I’m assuming you’re trying to check if the current user is an admin? If so, then this won’t work. The current_user_can() function takes a capability, not a role. So if you want to check if the current user is an admin, you should do something like this current_user_can( 'manage_options' )

    Ref: https://codex.wordpress.org/Function_Reference/current_user_can

    @screampuff

    Participant

    Thanks for that, the urrent_user_can('administrator') appears to be working as needed but current_user_can( 'manage_options' ) also works, I’ve switched to that.

    Do you have any idea how I can prevent users from manually entering http://mysite.com/members/username/achievements/ for username that is not theirs?

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘How to hide section of profile to all but that user and admin?’ is closed to new replies.
Skip to toolbar