Forum Replies Created
-
Posts
-
Thank you for this enhancement suggestion. I will add a suitable filter with one of the next update.
Hi Michele,
WooCommerce by default uses ‘manage_woocommerce’ capability for ‘Duplicate’ link under products. It’s possible to replace it with something other using provide custom filter ‘woocommerce_duplicate_product_capability’, like this:
add_filter('woocommerce_duplicate_product_capability', 'wc_duplicate_product_cap', 10, 1); function wc_duplicate_product_cap( $cap ) { $cap = 'edit_products'; return $cap; }Hi,
Such confirmation comes out from the
check_admin_referer('log-out');function call, which if it does not find the valid _wpnonce value at logout URL shows the mentioned page with logout confirmation request:function wp_nonce_ays( $action ) { if ( 'log-out' === $action ) { $html = sprintf( /* translators: %s: Site title. */ __( 'You are attempting to log out of %s' ), get_bloginfo( 'name' ) ); $html .= '</p><p>'; $redirect_to = isset( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : ''; $html .= sprintf( /* translators: %s: Logout URL. */ __( 'Do you really want to <a href="%s">log out</a>?' ), wp_logout_url( $redirect_to ) ); }As a workaround you can use the code below, which just ignores the result of _wpnonce checking:
add_action( 'check_admin_referer', 'logout_without_confirm', 10, 2 ); function logout_without_confirm( $action, $result ) { if ( $action!=='log-out' ) { return; } if ( $result ) { return; } // It's a copy of logout code from wp-login.php, from line #666, just after check_admin_referer( 'log-out' ); call $user = wp_get_current_user(); wp_logout(); if (!empty($_REQUEST['redirect_to'])) { $redirect_to = $_REQUEST['redirect_to']; $requested_redirect_to = $redirect_to; } else { $redirect_to = add_query_arg( array( 'loggedout' => 'true', 'wp_lang' => get_user_locale($user), ), wp_login_url() ); $requested_redirect_to = ''; } /** * Filters the log out redirect URL. * * @since 4.2.0 * * @param string $redirect_to The redirect destination URL. * @param string $requested_redirect_to The requested redirect destination URL passed as a parameter. * @param WP_User $user The WP_User object for the user that's logging out. */ $redirect_to = apply_filters('logout_redirect', $redirect_to, $requested_redirect_to, $user); wp_safe_redirect($redirect_to); exit; }I think it’s safe as there is nothing more safer than just logout currently logged in user without any other conditions.
Hi,
When logged-in as editor, look at the “Screen Options” at the top right corner. Turn ON switched OFF checkboxes (if there are) to make visible related sections at the left side “Add menu items” column.
Hi,
It’s something strange with ‘User Menu’ instead of ‘Admin menu’. It goes from your translation file possibly.
The only thing I may correct. If you do not plan allow to shop_manager to edit “Admin menu” settings, you should not grant to it ‘ure_admin_menu_access’.
I need to look at the issue on site to understand what is going wrong.
Yes, it’s known WooCommerce behavior. Add manually ‘view_admin_dashboard’ capability and grant it to a role in order to have access to wp-admin without having ‘manage_woocommerce’. More details here.
Hi,
You may revoke ‘manage_woocommerce’ capability from ‘shop_manager’ role. Shop manager will lost access to WooCommerce settings page.
Btw., WooCommerce restores its user roles on every activation. I can not exclude that revoked capability will be appear at the WooCommerce built-in role again with time. It’s better to create a copy of Shop Manager role and modify it to be sure.
Hi,
I suppose that the mentioned role is restricted via “Admin menu access” add-on. If you use “Block not selected” model read carefully the “Technical Details” part of the documentation article.
Generally to grant access to the custom post type, like ‘Podcasts’:
Go to the “Users->User Role Editor” page and look at the “Custom post types->Podcasts” group. If it contains unique user capabilities, like edit_podcasts, then grant needed of them to the contributor role, similar to the ‘Posts’.
If it contains the same ‘edit_posts’, etc., read this article:In order to convert editor role back to the contributor you have to revoke from it edit_published_% (like ‘edit_published_posts’) and publish_% (like publish_posts) capabilities.
WordPress stores capabilities in the roles only. ‘administrator’ role has all existing capabilities by default. URE looks if custom capability is used by other roles before decide if it could be deleted. Custom capability does not exist after deletion, until you will not add it back manually. When you add new custom capability it’s granted to the ‘administrator’ role automatically.
Hi,
URE shows in this list only capabilities available for deletion – capabilities which are not granted to any role, except ‘administrator’. 1st, revoke capability from all existing roles, then delete it via “Delete capabilities”.
Hi,
Currently, URE does not include no such functionality.
If you block some left side admin menu item, URE should block automatically the item with the same URL at the top admin menu bar.
I plan to add ability to select what top admin menu bar item to block to one of the future versions.
Hi,
I confirm this. Simple banner plugin does not think that role may edited manually, and applies the logic: if role has ‘manage_simple_banner’ capability, thus it was granted automatically by SB plugin itself, then if role is not included into the list of roles allowed to work with SB (Pro feature), then automatically revoke ‘manage_simple_banner’ and ‘manage_options’ user capability from such role:
// Add permissions for other roles foreach (get_editable_roles() as $role_name => $role_info) { if ( $role_name !== 'administrator') { if (in_array($role_name, explode(",", $permissions_array))) { $add_role = get_role( $role_name ); $add_role->add_cap( $manage_simple_banner ); $add_role->add_cap( $manage_options ); } else { $remove_role = get_role( $role_name ); // only remove capabilities if they were previously added if ($remove_role->has_cap( $manage_simple_banner )){ $remove_role->remove_cap( $manage_simple_banner ); $remove_role->remove_cap( $manage_options ); } } } }Hi,
1. I can not use “DELETE” as it does a real “Reset”:
– removes all roles;
– executes original code from WordPress setup, which creates from the scratch 5 WordPress built-in user roles: administrator, editor, author, contributor, subscriber. That is “reset” means in this case – return WordPress user roles to its initial state.So URE’s “reset” here not only deletes roles added by other plugins, but removes any changes made by plugins or users to WordPress built-in roles.
3. I fixed the link to external article too. Thanks for pointing me that.
