Control Permissions for the Flamingo Plugin (with Contact Form 7)

BySteve Burge

Contact Form 7 is one of the most popular WordPress plugins ever, with over 5 million installs.

Contact Form 7 is so popular that even it's add-ons can have 100,000's of users. Click here for our guide to Contact Form 7 permissions and there's also a guide to controlling access to Contact Form 7 admin menus.

Flamingo is a plugin which stores messages submitted through Contact Form 7. Flamingo was written by Takayuki Miyoshi, who also developed Contact Form 7.

One PublishPress user asked us this question: “I was hoping to control access to Flamingo because it contains sensitive form data. This was so my SEO guy can work on the backend but not see form submissions to respect privacy.”

Let me show you how do this with the PublishPress Capabilities plugin.

  • In your WordPress site, click the “Capabilities” link in the admin menu.
  • In the top-left corner dropdown, choose the user role you want to edit.

If you want to this user role to have access to Flamingo, make sure that both the “edit users” and “read” boxes are checked. Any user role that doesn't have both of these permissions will not be able to access Flamingo.

This next image shows what a Contributor will see with those two permissions:

Flamingo plugin menu link permissions

If you want to hide Flamingo from a user, I recommend removing the “edit users” permission. This will still allow them to use most of WordPress. However, if you remove the “read” permission, those users will be blocked from the WordPress dashboard.

Customize the Flamingo Permissions

If you want to dig into this further, look at this file in Flamingo: /includes/capabilities.php.

You'll see that all the Flamingo permissions are mapped to that single permission: edit_users.

'flamingo_edit_contact' => 'edit_users',
'flamingo_edit_contacts' => 'edit_users',
'flamingo_delete_contact' => 'edit_users',
'flamingo_edit_inbound_message' => 'edit_users',
'flamingo_edit_inbound_messages' => 'edit_users',
'flamingo_delete_inbound_message' => 'edit_users',
'flamingo_delete_inbound_messages' => 'edit_users',
'flamingo_spam_inbound_message' => 'edit_users',
'flamingo_unspam_inbound_message' => 'edit_users',
'flamingo_edit_outbound_message' => 'edit_users',
'flamingo_edit_outbound_messages' => 'edit_users',
'flamingo_delete_outbound_message' => 'edit_users',

Obviously, these permissions are not very flexible because this one permission controls everything. And relying on edit_users has consequences beyond the Flamingo plugin because this permission controls other WordPress features too.

For example, the original PublishPress user in this post didn't want to rely on edit_users because it also blocked his SEO guy from other areas of WordPress.

If you want to customize Flamingo permissions, add this to your active theme's functions.php file.

/* 
 * WordPress Flamingo plugin: capability customization
 *
 * Author: Kevin Behrens / publishpress.com
 */

add_filter('flamingo_map_meta_cap', 'my_flamingo_caps');

function my_flamingo_caps($caps) {
	// To customize for any capability, change 'edit_users' to another capability as desired:
	$new_caps = array(
		'flamingo_edit_contact' => 'flamingo_permissions',
		'flamingo_edit_contacts' => 'flamingo_permissions',
		'flamingo_delete_contact' => 'flamingo_permissions',
		'flamingo_edit_inbound_message' => 'flamingo_permissions',
		'flamingo_edit_inbound_messages' => 'flamingo_permissions',
		'flamingo_delete_inbound_message' => 'flamingo_permissions',
		'flamingo_delete_inbound_messages' => 'flamingo_permissions',
		'flamingo_spam_inbound_message' => 'flamingo_permissions',
		'flamingo_unspam_inbound_message' => 'flamingo_permissions',
		'flamingo_edit_outbound_message' => 'flamingo_permissions',
		'flamingo_edit_outbound_messages' => 'flamingo_permissions',
		'flamingo_delete_outbound_message' => 'flamingo_permissions',
	);

	return array_merge($caps, $new_caps);
}
  • Go to “Capabilities” in your WordPress admin menu.
  • Enter “flamingo_permissions” into the “Add Capability” box.
  • Click “Add to role”.
  • Now you can give this user role access to the Flamingo plugin:

Or you can deny them access to the Flamingo plugin:

Get full access to PublishPress plugins and support

Join PublishPress today and you'll get powerful publishing and permissions plugins to improve your WordPress site.

Click here and join PublishPress today

Author

  • Steve Burge

    Steve is the founder of PublishPress. He's been working with open source software for over 20 years. Originally from the UK, he now lives in Sarasota in the USA. This profile is generated by the PublishPress Authors plugin.

    View all posts

Leave a Reply

Your email address will not be published. Required fields are marked *