How to restrict an admin page, if the user is not superadmin?

I use the All In One Seo Pack on my multisite, but this plugin have admin pages, what is not fall under the rule what restrict the plugin pages from my users, so I using the remove_cap( $cap ); about 'edit_plugins', 'install_plugins', 'upload_plugins', but this not solving my issue. I want restrict this pages on my network's subsites:

      wp-admin/admin.php?page=all-in-one-seo-pack%2Faioseop_class.php
      wp-admin/admin.php?page=all-in-one-seo-pack%2Fmodules%2Faioseop_performance.php
      wp-admin/admin.php?page=all-in-one-seo-pack%2Fmodules%2Faioseop_sitemap.php

Topic content-restriction user-access user-roles plugin-all-in-one-seo Wordpress

Category Web

1
answered at

You can restrict any pages from your users with this code, you can know only an any part of the url. (The example restrict the all pages of AIOSP (so the all url-s on the backend what associated with the keys: all-in-one-seo-pack or aioseop) what are wriggle out of from the remove_cap( 'edit_plugins', 'install_plugins', 'upload_plugins' ); rules):

 add_action( 'current_screen', 'restrict_screen' );
 function restrict_screen() {
      if ( is_admin() ) {
      if (is_super_admin()) 
      return;
      $current_screen = "https://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];
      $find_restrict = 'all-in-one-seo-pack';
      $find_restrict2 = 'aioseop';
      $match = strpos( $current_screen, $find_restrict );
      $match2 = strpos( $current_screen, $find_restrict2 );
               if( $match == TRUE || $match2 == TRUE ) {
                //  wp_die('get out');
                $current_admin = get_admin_url() . 'index.php';
                header('Location: ' . $current_admin . '', true, 301);
                }
      }   
 }

If you want using this code to an another url, rewrite the $find_restrict, $find_restrict2 to your url's part keys or add new "find_restrict" to the code. This code redirect your users to their current site's backend index. (Or you can use the wp_die('get out');)

1
answered at

To remove from the admin menu, you could use remove_menu_page(): 

add_action( 'admin_menu', function ( ) {
    if (is_super_admin()) 
      return;
    remove_menu_page();
    // or remove_submenu_page( ...
},99);

If for some reason the page still exists, it's just missing it's menu link, you could check the get_current_screen() to see if the page is being viewed, and prevent access:

add_action( 'admin_notices', function ( ) {
    if (is_super_admin()) 
      return;
    $screen = get_current_screen();
    if ($screen->parent_base == 'all-in-one-seo-pack') { // or wtv
        wp_die('get out');
    }
},99);

About

Geeks Mental is a community that publishes articles and tutorials about Web, Android, Data Science, new techniques and Linux security.