Skip to:
Content
Pages
Categories
Search
Top
Bottom

How to hide section of profile to all but that user and admin?


  • screampuff
    Participant

    @screampuff

    9 years, 10 months ago

    Hello, I have the “Achievements for WordPress” Plugin, it basically creates an “Achievements” tab in every user’s profile and displays their Achievements.

    I would like to hide this so that only the user and admins can see their own achievements.

    I tried adding this code:

    
function hide_achievements_from_users() {
$role = xprofile_get_field_data( 'Membership' );
if( $role !='Administrator' )
bp_core_remove_nav_item('achievements');
}
add_action( 'bp_setup_nav', 'hide_achievements_from_users', 99 );

    However this obviously hides it from everyone but admins, and I can still see the achievements by going to /members/<username>/achievements, I need this to be completely hidden so the user would get a 404 error or redirect if they tried to type out the URL.

    Thanks

Viewing 4 replies - 1 through 4 (of 4 total)

  • Henry Wright
    Moderator

    @henrywright

    9 years, 10 months ago

    Hi @screampuff

    You could try the following function which will stop unwanted users from viewing the page directly if they tried typing the URL:

    function my_hide_achievements_page() {
    $role = xprofile_get_field_data( 'Membership' );

    if ( ( $role != 'Administrator' ) || ( bp_current_user_id() == bp_displayed_user_id() ) )
        return;

    // I guess we should 404 this page because this member isn't an admin or the displayed member.
    $wp_query->set_404();
    status_header( 404 );
    nocache_headers();
}
add_action( 'init', 'my_hide_achievements_page' );

    screampuff
    Participant

    @screampuff

    9 years, 10 months ago

    Thanks for the reply. I made some changes to the code before reading and was able to accomplish removing the tab from buddypress profiles with this:

    function hide_achievements_from_users() {
global $bp;
if ((bp_loggedin_user_id() == bp_displayed_user_id()) || (current_user_can('administrator'))){
return;
}
bp_core_remove_nav_item('achievements');
}
add_action( 'bp_setup_nav', 'hide_achievements_from_users', 99 );

    However I’m stuck on how to 404 the pages if they manually type out the URL

    In your code I see:

        // I guess we should 404 this page because this member isn't an admin or the displayed member.
    $wp_query->set_404();
    status_header( 404 );
    nocache_headers();

    How do I get this to apply only when it is http://mysite.com/members/<username>/achievements?


    Henry Wright
    Moderator

    @henrywright

    9 years, 10 months ago

    I’m not sure your code will work. For example, on a very quick first look, I can see you’ve done current_user_can('administrator'). I’m assuming you’re trying to check if the current user is an admin? If so, then this won’t work. The current_user_can() function takes a capability, not a role. So if you want to check if the current user is an admin, you should do something like this current_user_can( 'manage_options' )

    Ref: https://codex.wordpress.org/Function_Reference/current_user_can


    screampuff
    Participant

    @screampuff

    9 years, 10 months ago

    Thanks for that, the urrent_user_can('administrator') appears to be working as needed but current_user_can( 'manage_options' ) also works, I’ve switched to that.

    Do you have any idea how I can prevent users from manually entering http://mysite.com/members/username/achievements/ for username that is not theirs?

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘How to hide section of profile to all but that user and admin?’ is closed to new replies.

Topic Info

Topic Tags

Skip to toolbar