Site security is always an important subject. And sometimes security gets in the way of letting users do what they need.
I had a client recently ask about increasing a user’s role to Administrator in order for them to be given access to Gravity Forms. But rather than giving a user access to areas of the site they may not need (or worse, could possibly abuse). So I wanted to look into giving the user access to what they need rather than giving them access to a bunch of things they didn’t need.
Here’s the code snippet I came up with:
[php_tag]
/**
* @snippet Provide access to Gravity Forms for Editors
* @url https://davejesch.com/snippets/allowing-the-editor-role-access-to-gravity-forms/
* @author Dave Jesch
* @date-written Feb 17 2013
* @testedwith Gravity Forms
* @donate $5 https://davejesch.com/send-me-coffee/
*/
function d3j_add_grav_forms_to_editor()
{
$role = get_role( 'editor ');
$role-[gt]add_cap( 'gform_full_access' );
}
add_action( 'admin_init ', 'd3j_add_grav_forms_to_editor');
This works by hooking the ‘admin_init’ action to call the function that does the work. This means that the code will only be run when a logged in user is working in the admin and not on all front-end page requests. Once called, the function uses the get_role() function to get the editor role add add the gform_full_access capability to the role.
Internally, Gravity Forms uses the gform_full_access capability to see if the current user has access to the forms and their data. The function adds the capability to the Editor role, which doesn’t normally have this. And voila, the Editors on the site now have access to Gravity Forms.
If you wanted to give access only to a certain user, you could also add checking for the current user name.