CleanTalk · Glomberg · Nov 18, 2025 · Nov 18, 2025
diff --git a/inc/spbc-admin.php b/inc/spbc-admin.php
@@ -1022,7 +1022,16 @@ function spbc_dashboard_statistics_widget()
         $actual_plugin_name = $spbc->data['wl_brandname'];
     }
 
-    if ( current_user_can('activate_plugins') ) {
+    /**
+     * Hook. List of allowed user roles for the Dashboard widget.
+     * add_filter('spbct_hook_dashboard_widget_allowed_roles_list', function($roles_list) {
+     *  $roles_list[] = 'editor';
+     *  return $roles_list;
+     * });
+     */
+    $roles_list = apply_filters('spbct_hook_dashboard_widget_allowed_roles_list', array('administrator'));
+
+    if ( is_array($roles_list) && spbc_is_user_role_in($roles_list) ) {
         wp_add_dashboard_widget(
             'spbc_dashboard_statistics_widget',
             $actual_plugin_name,
@@ -1051,25 +1060,27 @@ function spbc_dashboard_statistics_widget_output($_post, $_callback_args)
     <div class='spbc_widget_top_links'>
         <img src="<?php echo Escape::escUrl(SPBC_PATH . '/images/preloader.gif'); ?>" class='spbc_preloader'>
         <?php
-
         if ($spbc->data['display_scanner_warnings']['critical'] > 0) {
             echo (spbc__get_accordion_tab_info_block_html('critical-for-widget'));
         }
-
-        echo '<div style="display: flex; align-self: end;">';
-        echo sprintf(
-            __("%sRefresh%s", 'security-malware-firewall'),
-            "<a href='#spbc_widget' class='spbc_widget_refresh_link'>",
-            "</a>"
-        ); ?>
-        <?php
-        echo sprintf(
-            __("%sConfigure%s", 'security-malware-firewall'),
-            "<a href='{$spbc->settings_link}' class='spbc_widget_settings_link'>",
-            "</a>"
-        );
-        echo '</div>';
         ?>
+
+        <?php if ( spbc_is_user_role_in(array('administrator')) ) {
+            echo '<div style="display: flex; align-self: end;">';
+
+            echo sprintf(
+                __("%sRefresh%s", 'security-malware-firewall'),
+                "<a href='#spbc_widget' class='spbc_widget_refresh_link'>",
+                "</a>"
+            );
+
+            echo sprintf(
+                    __("%sConfigure%s", 'security-malware-firewall'),
+                    "<a href='{$spbc->settings_link}' class='spbc_widget_settings_link'>",
+                    "</a>"
+            );
+            echo '</div>';
+        } ?>
     </div>
     <form id='spbc_refresh_form' method='POST' action='#spbc_widget'>
         <input type='hidden' name='spbc_brief_refresh' value='1'>
@@ -1107,7 +1118,7 @@ function spbc_dashboard_statistics_widget_output($_post, $_callback_args)
                 "<u>{$spbc->brief_data['error']}</u>"
             )
             . '</h2>';
-        if ( $spbc->user_token && ! $spbc->white_label ) {
+        if ( spbc_is_user_role_in(array('administrator')) && $spbc->user_token && ! $spbc->white_label ) {
             echo '<h2 class="spbc_widget_activate_header">'
                 . __('Please, visit your Dashboard.', 'security-malware-firewall')
                 . '</h2>'
@@ -1151,7 +1162,7 @@ function spbc_dashboard_statistics_widget_output($_post, $_callback_args)
                 } ?>
             </table>
             <?php
-            if ( $spbc->user_token && ! $spbc->data["wl_mode_enabled"] ) { ?>
+            if ( spbc_is_user_role_in(array('administrator')) && $spbc->user_token && ! $spbc->data["wl_mode_enabled"] ) { ?>
                 <a target='_blank' href='https://cleantalk.org/my?user_token=<?php
                 echo Escape::escHtml($spbc->user_token); ?>&cp_mode=security'>
                     <input class='spbc_widget_button' id='spbc_widget_button_view_all' type='button' value='View all'>