[Vladimir]

Hi,

Sermon Manager plugin uses WordPress built-in user capabilities

[Vladimir]

I need to repeat this to check and fix. What theme do you use?

[Vladimir]

Hi Ronaldus,

Yes, ‘manage_options’ is about site settings. It protects the ‘Settings’ menu. The most often it’s used by plugins which add menu item to the ‘Settings’ menu. So it’s just the Canvas theme’s developer choice.

Check that you did not give to the user with ‘manage_options’ much more permissions than you initially planned. May be you need to block some extra menu items with Admin menu blocking module.

[Vladimir]

It’s possible with WordPress multisite where you may revoke some capabilities from single site ‘administrator’ role.

You may fake ‘Ultimate Auction Pro’ plugin by adding a user capability with ‘administrator’ ID to the user role. But be ready that such user will get access to any other plugin which similar uses ‘administrator’ role to protect access to its functionality.

[Vladimir]

Hi Garrett,

I published version 4.25.1. It includes ure_restrict_edit_post_type filter, which allows to achieve your purpose. The example of this filter usage is available here:

ure_restrict_edit_post_type

[Vladimir]

Hi Ronaldus,

Canvas theme uses ‘manage_options’ capability to protect all its submenu items except ‘Settings’, which uses ‘edit_theme_options’ as expected.

[Vladimir]

Ultimate Auction Pro plugin uses directly ‘administrator’ role to protect all its menu items. Moreover it intensively checks if user has the ‘administrator’ role through its code.
This means that is no chance to replace ‘administrator’ to some other role without headache after every plugin update.

Contact plugin developer. It’s quite better to use user capabilities (or custom role) to protect the plugin, in order a client may decide himself to whom allow to use this plugin.

[Vladimir]

It was in a SPAM folder. Thanks for the note. There is no need to re-send.

[Vladimir]

Hi David,

I need a copy of mentioned plugin in order to take a look what permissions it requires. Could you send it to me?

[Vladimir]

Thanks for the good words!

[Vladimir]

I suppose that you write about some other plugin. User Role Editor Pro does not have any option to input an “URL for redirect”. Please re-check.

[Vladimir]

Hi,

>>with all theme related settings unchecked
Is it a typo ‘unchecked’? You should turn ON ‘edit_theme_options’ capability for that user role.

In case you need further help please send a copy of Canvas theme installation package to support[at-sign]role-editor.com. I will test it.
Any commercial product copy I get for testing is used at my local test environment only.

[Vladimir]

Hi Garrett,

Thanks for the detailed description of the problem. I agree with you.
Different settings for every available post type will make a system more flexible.

It requires requires though to go carefully through all related code, plus user interface changes. I will add such update in a future.

Currently as a quick workaround I will add a filter, so you can manage to what post type to apply URE’s edit restriction and for what post type to ignore them.
It’s almost ready. I will publish it with 4.25.1 update in 1-2 days.

[Vladimir]

Hi,

Thanks for the feedback.

Go to the ‘Settings -> User Role Editor -> Additional Modules’. Turn ON ‘Activate “Create” capability for posts/pages/custom post types’ option. User without ‘create_pages’ capability will can not create new pages after that.

[Vladimir]

Send plugin copy to support [at-sign] role-editor.com for the evaluation. I will look what is needed to get administrative rights for it.

[Author]

Posts