I’m trying to disable a specific plug in (Woocommerce Pay per Post) based on User Roles.
I have three types of User Roles.
- Vendor
- Contributor
- Admin
My goal is IF the user is CONTRIBUTOR, the said plugin (Woocommerce Pay per Post) will be disable.
ELSE (ADMIN & VENDOR), activate plugin.
I’ve written this code:
// Disable Plugins to specific user
add_filter( 'option_active_plugins', 'disable_logged_in_plugin' );
function disable_logged_in_plugin( $plugins ) {
// The 'option_active_plugins' hook occurs before any user information get generated,
// so we need to require this file early to be able to check for logged in status
require (ABSPATH . WPINC . '/pluggable.php');
// If we are logged in, and NOT an admin...
if ( current_user_can('Contributor') ) {
// Use the plugin folder and main file name here.
// is used here as an example
$plugins_not_needed = array ('/woocommerce-pay-per-post/woocommerce-pay-per-post.php');
foreach ( $plugins_not_needed as $plugin ) {
$key = array_search( $plugin, $plugins );
if ( false !== $key ) {
unset( $plugins[ $key ] );
}
}
}
return $plugins;
}
The problem is it’s not working? User assigned to role ‘Contributor’ still managed to use the said plug in…
Any idea to make it work? Appreciate your help on this.
Here’s the screenshot of that plugin folder and its content.
3
Answers
The issue you’re going to run into is the fact that the code which validates a user is "pluggable" and does not execute until after all the plugins are loaded. So if you want to prevent a plugin from loading you need to put it in a must-use plugin. However, the
option_active_plugins
filter (the one that executes from WordPress to determine if a plugin should be loaded or not) happens BEFORE pluggable functions. Thus, you have no way of knowing who that user is to prevent the plugin from loading.In other words
option_active_plugins
filteroption_active_plugins
filter get loadedwp_set_current_user
) get loadedSo…
The first thing you need to do is put your code in a must-use plugin. That’s the good news. The bad news is you’ll need to find a way to validate the user in your own way. It has to be a hack of some sort, you don’t have much choice in the matter. You could try to create a PHP SESSION that stores the user info (or just capability, etc). And you need to sync that with WordPress every time the user changes. Then you must validate that PHP SESSION against the pluggable user functions once they load. A sanity check should be used to make sure they’re the same, if not throw an error.
Another option as noted by @ChrisHaas is to either contact the plugin author for guidance, or go through that plugin code to see if there are any action/filters you can/want to unset. I realized neither of these two options (or my main answer) is ideal, but because WordPress allows plugins to determine how a user could be validated. You’re stuck in a paradox.
If I was in your situation I would first try to see if using some combination of removing actions and filters (or hijacking the filters) that plugin is dependent on would be feasible. That would be the path of least resistance if it could be done.
(Also, for clarity I think you want to say you want to prevent a plugin from loading in certain situations rather than disabling it).
Your code should work, but you can check your logged in user’s role, using
Then you can use that role in the below section as parameter of current_user_can(). And it seems a typo, it should be
instead of
So changing this area might help you
You can achieve this by deactivating the plugin for that user role.
Or, if you don’t mind using a plugin, you can try the ‘plugin organizer’ plugin which supports deactivating plugins based on user roles. https://wordpress.org/plugins/plugin-organizer/
Go to the Plugin Organizer settings page and check the box next to each of the roles you want to be able to disable/enable plugins with. Then a separate container will appear on the post edit screen for you to disable/enable plugins with.