Control Permissions for the Flamingo Plugin (with Contact Form 7)

Flamingo

Contact Form 7 is one of the most popular WordPress plugins ever, with over 5 million installs.

Contact Form 7 is so popular that even it's add-ons can have 100,000's of users. Click here for our guide to Contact Form 7 permissions and there's also a guide to controlling access to Contact Form 7 admin menus.

Flamingo is a plugin which stores messages submitted through Contact Form 7. Flamingo was written by Takayuki Miyoshi, who also developed Contact Form 7.

One PublishPress user asked us this question: “I was hoping to control access to Flamingo because it contains sensitive form data. This was so my SEO guy can work on the backend but not see form submissions to respect privacy.”

Let me show you how do this with the PublishPress Capabilities plugin.

  • In your WordPress site, click the “Capabilities” link in the admin menu.
  • In the top-left corner dropdown, choose the user role you want to edit.

If you want to this user role to have access to Flamingo, make sure that both the “edit users” and “read” boxes are checked. Any user role that doesn't have both of these permissions will not be able to access Flamingo.

Flamingo plugin permissions

This next image shows what a Contributor will see with those two permissions:

Flamingo plugin menu link permissions

If you want to hide Flamingo from a user, I recommend removing the “edit users” permission. This will still allow them to use most of WordPress. However, if you remove the “read” permission, those users will be blocked from the WordPress dashboard.


Customize the Flamingo Permissions

If you want to dig into this further, look at this file in Flamingo: /includes/capabilities.php.

You'll see that all the Flamingo permissions are mapped to that single permission: edit_users.

'flamingo_edit_contact' => 'edit_users',
'flamingo_edit_contacts' => 'edit_users',
'flamingo_delete_contact' => 'edit_users',
'flamingo_edit_inbound_message' => 'edit_users',
'flamingo_edit_inbound_messages' => 'edit_users',
'flamingo_delete_inbound_message' => 'edit_users',
'flamingo_delete_inbound_messages' => 'edit_users',
'flamingo_spam_inbound_message' => 'edit_users',
'flamingo_unspam_inbound_message' => 'edit_users',
'flamingo_edit_outbound_message' => 'edit_users',
'flamingo_edit_outbound_messages' => 'edit_users',
'flamingo_delete_outbound_message' => 'edit_users',

Obviously, these permissions are not very flexible because this one permission controls everything. And relying on edit_users has consequences beyond the Flamingo plugin because this permission controls other WordPress features too.

For example, the original PublishPress user in this post didn't want to rely on edit_users because it also blocked his SEO guy from other areas of WordPress.

If you want to customize Flamingo permissions, add this to your active theme's functions.php file.

/* 
 * WordPress Flamingo plugin: capability customization
 *
 * Author: Kevin Behrens / publishpress.com
 */

add_filter('flamingo_map_meta_cap', 'my_flamingo_caps');

function my_flamingo_caps($caps) {
	// To customize for any capability, change 'edit_users' to another capability as desired:
	$new_caps = array(
		'flamingo_edit_contact' => 'flamingo_permissions',
		'flamingo_edit_contacts' => 'flamingo_permissions',
		'flamingo_delete_contact' => 'flamingo_permissions',
		'flamingo_edit_inbound_message' => 'flamingo_permissions',
		'flamingo_edit_inbound_messages' => 'flamingo_permissions',
		'flamingo_delete_inbound_message' => 'flamingo_permissions',
		'flamingo_delete_inbound_messages' => 'flamingo_permissions',
		'flamingo_spam_inbound_message' => 'flamingo_permissions',
		'flamingo_unspam_inbound_message' => 'flamingo_permissions',
		'flamingo_edit_outbound_message' => 'flamingo_permissions',
		'flamingo_edit_outbound_messages' => 'flamingo_permissions',
		'flamingo_delete_outbound_message' => 'flamingo_permissions',
	);

	return array_merge($caps, $new_caps);
}
  • Go to “Capabilities” in your WordPress admin menu.
  • Enter “flamingo_permissions” into the “Add Capability” box.
  • Click “Add to role”.
Flamingo plugin for WordPress - add a new permission
  • Now you can give this user role access to the Flamingo plugin:
Flamingo plugin for WordPress, giving a new permission

Or you can deny them access to the Flamingo plugin:

Flamingo plugin for WordPress, denying a new permission

Get full access to PublishPress plugins and support

Join PublishPress today and improve your WordPress publishing. You will get full access to all the PublishPress plugins, and our legendary support.

Tags: , , ,


Leave a Reply

Your email address will not be published. Required fields are marked *

Professional publishing plugins for WordPress! Get PublishPress

  • SUBSCRIBE TO OUR NEWSLETTER
  • SEARCH THIS SITE