How to Allow Editors to Access Gravity Forms in WordPress (Or Assign Any Capability to Any User Role)

love Gravity Forms. It’s a feature-rich, extensible and well-maintained WordPress plugin which provides an elegant, user-friendly visual form builder interface that even fairly non-technical WordPress administrators can figure out how to use.

Nevertheless, by default, only administrators can use Gravity Forms. Other users, such as those who only have the “editor” role on your site, will be unable to build and edit forms, view entries, and import or export data. In most cases, this is probably fine. But sometimes, you may want to give someone free reign over forms without allowing them to mess with WordPress settings, activate plugins, create users, and the like. So if you don’t want to make your editors into administrators, what can you do?

The bad news is that there’s no setting inside Gravity Forms to allow anyone but administrators access. Still, there are a few other ways we can accomplish what we need.

Option One: Use an existing plugin

The User Role Editor plugin does a great job of allowing you to add capabilities to various user roles. Once you’ve installed and activated the plugin, you just need to go to Users > User Role Editor in your admin menu, select the role you’d like to modify in the drop-down at the top, and then check off every capability you’d like that user role to have. For adding and editing Gravity Forms, you’ll probably at least want to include the following capabilities:

  • gravityforms_create_form
  • gravityforms_edit_forms
  • gravityforms_view_entries (if you want the user to be able to see what has been submitted through the form)

As far as the other capabilities go (deleting forms, deleting entries, editing settings, etc.), it really depends on what want you want this user role to be able to do (and how much you trust your users).

Additional settings for the User Role Editor plugin can be found under Settings > User Role Editor.

Pros: Easy to use, requires no coding, and relies on a highly-rated and well-maintained plugin. Especially great if you also have other needs which may require a more granular control over user role capabilities.

Cons: A little bit of extra overhead, and one more plugin to maintain/keep up-to-date.

Option Two: Writing your own plugin (or download my sample)

If you don’t want to install the entire User Role Editor plugin just to do this one thing, you may also consider writing your own plugin to simply add the appropriate capabilities to your user role (no need to create an admin interface or do anything fancy). This is actually much easier than it may sound, but you will still want to know what you’re doing. I usually recommend starting with the WordPress Plugin Boilerplate, but that may be overkill for something as simple as this.

Either way, if you decide to take this route, you’ll want to open your main plugin file (e.g., pluginname.php) and simply paste in the following code:

/**
 * Add all Gravity Forms capabilities to Editor role.
 * Runs during plugin activation.
 * 
 * @access public
 * @return void
 */
function activate_pluginname() {
  
  $role = get_role( 'editor' );
  $role->add_cap( 'gform_full_access' );
}
// Register our activation hook
register_activation_hook( __FILE__, 'activate_pluginname' );

/**
 * Remove Gravity Forms capabilities from Editor role.
 * Runs during plugin deactivation.
 * 
 * @access public
 * @return void
 */
function deactivate_pluginname() {
 
 $role = get_role( 'editor' );
 $role->remove_cap( 'gform_full_access' );
}
// Register our de-activation hook
register_deactivation_hook( __FILE__, 'deactivate_pluginname' );

Swap out all instances of “pluginname” for the actual name of your plugin— it’s just important that this function name is unique.

Note that this example gives editors full Gravity Forms access, which includes the ability to delete forms and entries. You can obviously change out what you’d like, whether it be the capability being added (e.g. maybe just “gravityforms_view_entries” instead of full access) or the role being affected (e.g. “author” instead of “editor”). If you want to add more than one capability to a role, just add to the code above by calling $role->add_cap(); multiple times (once for each capability you would like to grant). In case you’re wondering about what sort of permissions you can add, here is a list of all current Gravity Forms capabilities.

Once you’ve done all this, you will want to activate (or reactivate) your plugin; this will trigger your activation hook to run, and thus add the capability to the user role of your choice. As long as you’ve also included the deactivation hook above, deactivating your plugin will remove the capability and set your site back to normal.

As a side note, it’s best not to write a function that ties into the admin_init hook, as some have suggested, since it would then be called on every single admin page load (and re-add the capability, which requires a separate write to the database, each time). We only want this to be called once.

Pros: Less overhead, shouldn’t require frequent updating

Cons: Requires basic PHP coding skills and may be a little more work up front

Download My Sample Plugin

You can click here to download a very basic plugin example which uses code similar to the example above; just install it inside your wp-content/plugins directory and activate it from the Plugins page in your WordPress admin (found in the left side menu). Keep in mind that, if left unedited, this too will give your editors full access to Gravity Forms.

Option Three: Adding access via your theme’s functions.php file

This is perhaps the quickest and dirtiest way to add capabilities to certain user roles in WordPress, and one I wouldn’t particularly recommend unless you’re in a hurry (keeping logic separate from presentation is something coders should strive for, although this can admittedly get a little murky when it comes to WordPress theme functions).

Nevertheless, it’s quite possible to add capabilities to user roles inside your WordPress theme’s functions.php file (found at wp-content/themes/yourtheme/functions.php, where “yourtheme” is the name of your active theme). 

To do this, we’re going to need to open up functions.php, and then add the following code (at the end works fine, as long as it’s before any closing ?> tag that might be there):

/**
 * Add all Gravity Forms capabilities to Editor role.
 * Runs when this theme is activated.
 * 
 * @access public
 * @return void
 */
function grant_gforms_editor_access() {
  
  $role = get_role( 'editor' );
  $role->add_cap( 'gform_full_access' );
}
// Tie into the 'after_switch_theme' hook
add_action( 'after_switch_theme', 'grant_gforms_editor_access' );

/**
 * Remove Gravity Forms capabilities from Editor role.
 * Runs when this theme is deactivated (in favor of another).
 * 
 * @access public
 * @return void
 */
function revoke_gforms_editor_access() {
  
  $role = get_role( 'editor' );
  $role->remove_cap( 'gform_full_access' );
}
// Tie into the 'switch_theme' hook
add_action( 'switch_theme', 'revoke_gforms_editor_access' );

Just note that this code, like the code in option two above, will give users with the editor role full access to do anything in Gravity Forms— be it viewing form entries, changing settings, or deleting forms altogether.

Once you’ve added this snippet, you’ll just need to reactivate the theme by temporarily switching your WordPress site to use another theme, and then immediately switch back to this theme. This is necessary in order to trigger the function that grants the capability and ensures that it only runs once. As I mentioned above, it’s best not to use the admin_init hook instead of after_switch_theme, because we don’t want this to fire (and write to the database) every time we load an admin page.

Pros: Quick, and doesn’t require a plugin

Cons: While it works fine, the theme is probably not the ideal place for this sort of thing

Final note

Any of these methods, of course, can be used to add any capability to any role, including those outside Gravity Forms. Just be sure that you exercise caution whenever you are assigning user permissions that don’t aren’t there out-of-the-box; you don’t want to go overboard and make your site vulnerable or breakable. Hopefully, you’re making your site more secure by only assigning users the additional capabilities that they actually need, rather than simply bumping everyone up to an administrator. But, as always, make sure you give your user design some careful thought before doing anything reckless. 🙂