Remove gravity forms capabilities

The Gravity Forms plugin adds capabilities at the same level as roles (as opposed to adding capabilities to roles). This means that your users (subscribers, contributors e.t.c) may end up with access to your forms in the back end. This is because the plugin checks for that capability, rather than examine the user’s role’s capabilities.

I wrote a filter to check for and strip away this capability on authentication:

/**
 * Removes the capablity, added by Gravity Forms, from all
 *  non administrators when they log in
 *
 * This hook removes that access on login. To trigger it,
 *  the member must log out first, then back in.
 */
add_action('wp_authenticate', 'tcbarrett_authentication');
function tcbarrett_authentication($username){
  remove_gravityform_caps_from_non_admin($username);
}
function remove_gravityform_caps_from_non_admin($username){
  global $wpdb;
  $user_id = username_exists($username);
  if(!$user_id) return;

  $userinfo = get_userdatabylogin($username);
  $property = $wpdb->prefix."capabilities";
  $caps     = $userinfo->$property;
  if( $caps['administrator'] ) return;
  if( $caps['gform_full_access'] ){
    $member = new WP_User($user_id);
    $member->remove_cap("gform_full_access");
  }
}