Tagged: admin menu
18/09/2017 at 07:02 #4196webyoursParticipant
I bought the Unlimited Pro version and unfortunately the first thing I try to do is already not working.
I am using the admin menu editor and blocked a couple of menu items for a specific role. Testing it with said role, I noticed no change. Resaved, testet again, not working. I completely deleted the role, set it up again, set up the menu restrictions, not working. There are no errors.
Any help would be greatly appreciated.18/09/2017 at 12:29 #4197
Send the screenshots of settings in “Admin menu” you made for a role and what menu a user with that role really sees at /wp-admin.
What plugin registered menu items, which you can not block?18/09/2017 at 14:02 #4198webyoursParticipant
Ok, I narrowed it down. I am using the Beaver Builder plugin, and if its activated, its not possible to block any admin menu items (WordPress core as well as plugin registered ones).
There seems to be a plugin conflict. I am reporting this to the BB team as well.18/09/2017 at 16:43 #4199
I tested the Beaver Builder Lite version available at wordpress.org and can not repeat an issue. I suppose that you use the Pro version. Can you share BB Pro plugin copy (via DropBox or similar service) – support [at-sign] role-editor.com? I would try to repeat the issue and isolate a reason then. I setup such copies locally and use for testing/investigation only.28/01/2018 at 21:11 #4575ueberzeugungsarbeitParticipant
I have the same problem – beaver builder pro seems to disable the menu editor. If I deactivate beaver builder pro, it works!29/01/2018 at 01:29 #4576
Can you share Beaver Builder Pro copy for testing?02/08/2018 at 16:33 #5066
I got a copy of Beaver Builder Pro plugin version 126.96.36.199 for testing from one of the clients. The result of my investigation below:
User Role Editor (URE) does not limit superadmin – for WordPress single site URE counts as a superadmin any user with ‘administrator’ role and uses WordPress’s own is_super_admin() function for the multisite installation only. URE is written this way as WordPress counts as a superadmin for single site installation any user with ‘delete_users’ capability. Such user is not a real superadmin for many cases with multiple users who can edit users only with limited roles available for the selection.
Beaver Builder (BB) plugin developers counts that they may work with user permissions very-very freely. If WordPress counts someone as a superadmin, but he does not have ‘administrator’ role for some reason. let’s grant this role to him. Why not?
Thus, even if you did not plan to grant to someone the ‘administrator’ role, just allow him to delete users, BB plugin will make it for you very freely and easily.
My conclusion – it’s incorrect way of working with user permissions.
In theory BB should grant not ‘administrator’ role, but the full list of BB capabilities only and not directly to a current user, but to ‘administrator’ role only. Some subset may be granted to editor role, etc. Leave the decision what user what permission has at the site to the site administrator, do not decide so critical question for him behind the scene.
Workaround: comment lines 255, 256, 257 at
bb-plugin/classes/class-fl-builder-user-access.phpfile and do not forget to repeat that after every BB plugin update until they update this part of code with something more compatible with security requirements.16/08/2018 at 15:30 #5080
I’m glad that I found this thread! I’m not sure if this information made it to the Beaver Builder team, but I have submitted a ticket to them referencing this thread. I’ll let you know if they are able to fix this.
Jake16/08/2018 at 15:36 #5082
Thanks for this and upcoming information. The author of this topic have made the same and did not get response from BB developers yet.20/08/2018 at 02:39 #5093
I received a response from the Beaver Builder team:
We’ve had similar reports from other customers so we have been looking at the best way to approach this to avoid issues. We haven’t come up with a stable solution yet – we’re still testing the best approach.
Hopefully we’ll get some good news soon!
Jake20/08/2018 at 03:13 #5094
Good news that they work on a problem. Let’s wait for the update.25/09/2018 at 13:20 #5147
It appears that the Beaver Builder team may have fixed this issue. The change log for v2.1.5 has the following entry:
Changed delete_users capability to manage_options for builder UI and added fl_builder_admin_settings_capability filter.
I’ve emailed them to confirm that this change is geared towards this fix. They confirmed that this should fix it!
Jake25/09/2018 at 13:51 #5148
Thanks for this update. It would be good to know the results of your tests.25/09/2018 at 15:09 #5149
They confirmed that the new update should fix it!25/09/2018 at 15:14 #5150
- You must be logged in to reply to this topic.