Remove gravity forms capabilities

The Gravity Forms plugin adds capabilities at the same level as roles (as opposed to adding capabilities to roles). This means that your users (subscribers, contributors e.t.c) may end up with access to your forms in the back end. This is because the plugin checks for that capability, rather than examine the user’s role’s capabilities.

I wrote a filter to check for and strip away this capability on authentication:

/**
 * Removes the capablity, added by Gravity Forms, from all
 *  non administrators when they log in
 *
 * This hook removes that access on login. To trigger it,
 *  the member must log out first, then back in.
 */
add_action('wp_authenticate', 'tcbarrett_authentication');
function tcbarrett_authentication($username){
  remove_gravityform_caps_from_non_admin($username);
}
function remove_gravityform_caps_from_non_admin($username){
  global $wpdb;
  $user_id = username_exists($username);
  if(!$user_id) return;

  $userinfo = get_userdatabylogin($username);
  $property = $wpdb->prefix."capabilities";
  $caps     = $userinfo->$property;
  if( $caps['administrator'] ) return;
  if( $caps['gform_full_access'] ){
    $member = new WP_User($user_id);
    $member->remove_cap("gform_full_access");
  }
}

Published by

TCBarrett

Open Source Architect (Web Geek)

7 thoughts on “Remove gravity forms capabilities”

  1. This is so very close to what I’m after for one of my client websites. Rather than giving administrators access, I’d like to give both administrators and editors access to Gravity forms (whilst removing traces of Gravity forms from subscribers/contributors as you explained).

    Is this a case of substituting ‘administrator’ for ‘editor’ in your code, or is there a little more to it?

    1. You could replace line 20 with these 3 to give you an array of roles you are happy to have the gravity forms capability:

        $allowed_roles = array('administrator', 'editor');
        foreach( $allowed_roles as $role ) 
          if( $caps[$role] ) return;
      

      (Or use in_array())

  2. Thanks – I had to tinker with it a little. The solution you posted above is right – but in addition the editor role (or whatever roles you want to give access) need add_cap() used on them as they don’t have full access by default.

  3. Hello,

    I need this code… but I don`t know in wich file I have to put it. Can you tell me, please? Thank you a lot 🙂

    1. Usually the code is added to the the functions.php file. Most of the code snippets in this blog, and all other blogs, are for that file.

  4. Hi,

    It helps a lot to me about this code but what i am looking for is that the editor can only view the entries of the gravity forms not to edit.Is it possible?.any ideas or helps would be great and appreciated.

Comments are closed.