[Vladimir]

Hi Laurent,

If it’s possible to look at your site with superadmin privileges, send URL and user/pwd credentials to support [at-sign] role-editor.com

[Vladimir]

Yes, WPForms (I tested WPForms Lite) uses ‘manage_options’ capability by default for all its menu items. Good news that WPF does not check ‘manage_options’ directly, but makes it via function wpforms_get_capability_manage_options(), which allows to replace ‘manage_options’ with any other capability using custom filter ‘wpforms_manage_cap’. Try to add own piece of code to the active theme functions.php file or setup it as a must-use plugin:

function replace_wpf_cap( $cap ) {
  return 'capability_of_your_choice';
}

You can add custom capability ‘wpf_edit_forms’, for example and use it in this filter.
I do not exclude that WPF Pro may use another permissions for its menu items and pages.

[Vladimir]

User Content view restrictions add-on.
You need 1st to add restrictions for all pages which should not be viewable by not logged-in users – open page for editing and select for it at least “Any User Role (logged in only)” at the “Content view restrictions” section.
Then you can allow to the selected role to view the selected pages by ID list – via Users->User Role Editor. Or make it directly for the every page – selected at the page editor which roles can view this page.

[Vladimir]

Hi Denish,

Yes, it should copy admin menu settings for the roles from the main site to a new created site. But you still need to configure this manually via active theme functions.php or must-use plugin. Use this code for that.

[Vladimir]

Thanks for the provided access. I confirm a problem and can reproduce it at my test environment to make further investigations.
The reason is that post editing ‘edit.php?…’ link is blocked via ‘Admin menu’, but WooCommerce uses the same link with another set of parameters for the product attributes deletion. Somehow URE Pro counts the ‘edit.php?post_type=product&page=product_attributes&delete=4&_wpnonce=…’ link as blocked and redirects user to the dashboard instead. I have to investigate the issue to decide if it’s possible to find the solution for this conflict.

Generally, ‘Admin menu’ is the secondary level permissions tool. 1st level is always capabilities. We should revoke all unneeded capabilities from the role 1st. I see that you fully blocked for shop_manager role via “Admin menu” the “Appearance”, “Users”, “Links” menus. If revoke “edit_theme_options”, ‘list_users’ and ‘manage_links’ capabilities from shop_manager role, then this menus will be blocked for the role by WordPress itself.

The same is correct for the ‘Pages’ menu. I revoked all ‘_pages’ capabilities from shop_manager role at the demo site and this menu was disappeared from the user access.

The same is true for all custom post types menus, currently protected by ‘edit_posts’ capability. If revoke, all ‘_posts’ capabilities from shop_manager role, then you will not need to block related menus via ‘Admin menu’. It resolves the issue, when shop manager can not delete product attributes also.

Possible problem with this workaround is the ‘edit_posts’, ‘edit_published_posts’, ‘edit_others_posts’, ‘delete_posts’ capabilities are required by default for editing Media Library items.

I will inform you about the result of my further investigations on the subject.

[Vladimir]

Is it possible to look at this subsite with superadmin privileges? If Yes, send URL and admin and test users login/pwd to support [at-sign] role-editor.com

[Vladimir]

Hi,

1) Does user have single role? (just to exclude restrictions set to 2nd role granted to this user).

2) If you will turn Off temporally “Administrator menu access module” checkbox at URE Settings page will redirection disappear?

[Vladimir]

It seems you may need to work on additional configuration. If you use “Block not selected” model then read carefully this part of the documentation article for “Admin menu blocking” add-on.

Another way – swap checkboxes selection and use “Block Selected” model.

[Vladimir]

The problem is related to the “Advanced custom fields Pro” plugin included into your theme. It’s marked as compatible with WordPress 5.2. But WordPress 5.4 includes long waited related update – it calls itself the ‘wp_nav_menu_item_custom_fields’ action, which allows to add custom UI elements to the front-end menu administration page. Outdated version of “Advanced custom fields Pro” calls ‘wp_nav_menu_item_custom_fields’ itself. That was a reason of duplicate output from URE Pro. I added checking if output for menu item was done to exclude similar issues in future.
I uploaded the updated version of code to your site. Thanks for your help with investigating this problem.

[Vladimir]

Thanks. I confirm the problem and investigate the issue with your installation.

[Vladimir]

OK. Thanks for the feedback.

[Vladimir]

If it’s possible to look at your site with admin credentials send URL and username/pwd to support [at-sign] role-editor.com

[Vladimir]

Hi,

It’s a known bug. You can try the beta version 4.56.b1, which includes the fix. You may take it from the “Download” page.

[Vladimir]

Dashboard widgets are realized as meta boxes really. Try meta boxes access add-on to hide it for selected role.

[Vladimir]

Thank you for the valuable suggestion. I applied it. It will be available with the next update.

[Author]

Posts