Permissions

It is possible to control what features are available to users by using a combination of WordPress capabilities and Redirection hooks.

Overall access to the plugin

There is a single redirection_role filter that returns the desired WordPress capability. This defaults to manage_options, ensuring only administrators can access the plugin.

You can modify the default as follows:

add_filter( 'redirection_role', function( $role ) {
  return 'edit_posts';  // Add your chosen capability or role here
} );

In versions older than 4.6 this was the only method of modifying access to the plugin, and acts globally – you either have permission or you don’t.

In version 4.6 and newer this is the default permission for everything, and also determines access to the plugin in the WordPress admin menu.

Note: do not accidentally give access to everyone!

Advanced Permissions

These permissions are only available to version 4.6 and newer.

The filter redirection_capability_check can be used to determine access to specific features in the plugin. If you disable access to a feature then it will not appear in the plugin for those users.

redirection_capability_check

  • $capability – the WordPress capability
  • $permission_name – the Redirection permission

A full list of permissions ($permission_name) can be found below.

For example, if you give edit_pages capabilities to redirection_role then any editor will have access to the plugin. If you wish restrict editors to only being able to add or manage redirects then you can do the following:

add_filter( 'redirection_capability_check', function( $capability, $permission_name ) {
     if ( $permission_name === 'redirection_cap_redirect_manage' || $permission_name === 'redirection_cap_redirect_add' ) {
         return $capability;
     }

     return 'manage_options';
}, 10, 2 );

Always default to restrictive and then grant permissions. Don’t default to permissive and remove permissions. This way if a new capability is added your users won’t automatically be granted access.

Note some capabilities may give API access to data from others. For example, when viewing a page of redirects via redirection_cap_redirect_manage the client will need to access group data. However, they will not be able to modify it.

List of permissions

The following Redirection permissions are available:

  • redirection_cap_redirect_manage – ability to view redirects
  • redirection_cap_redirect_add – ability to create redirects
  • redirection_cap_redirect_delete – ability to delete redirects
  • redirection_cap_group_manage – ability to view groups
  • redirection_cap_group_add – ability to create groups
  • redirection_cap_group_delete – ability to delete groups
  • redirection_cap_log_manage – ability to view logs
  • redirection_cap_log_delete – ability to delete logs
  • redirection_cap_404_manage – ability to view 404s
  • redirection_cap_404_delete – ability to delete 404s
  • redirection_cap_io_manage – ability to perform import/export actions
  • redirection_cap_option_manage – ability to change options
  • redirection_cap_support_manage – ability to perform support actions
  • redirection_cap_site_manage – ability to site actions

Note it generally doesn’t make sense to give permissions to delete a redirect if you cannot view it.

If your user does not have redirection_cap_support_manage permissions then any REST API tests will return an error. The REST API is always tested when an error is returned from the REST API.

Sample permission plugin

The following is a sample plugin to restrict access to the capability edit_posts (i.e. editors). If used on version 4.6 or newer it will only give them access to view and create redirects.

You can download or copy the plugin and modify as necessary.

<?php

/*
Plugin Name: Advanced Redirection Permissions
Description: Advanced access to Redirection
Version: 0.2
*/

add_filter( 'redirection_role', function( $role ) {
  return 'edit_posts';  // Add your chosen capability or role here
} );

add_filter( 'redirection_capability_check', function( $capability, $permission_name ) {
     if ( $permission_name === 'redirection_cap_redirect_manage' || $permission_name === 'redirection_cap_redirect_add' ) {
         return $capability;
     }

     return 'manage_options';
}, 10, 2 );

Download here:

advanced-redirection-permissions.zipDownload

Note a better version of this plugin with a user interface will be released in the future. Remember to activate the plugin once installed.