I have configured some user role settings for the Editor role including giving it access to the theme editor so that users with this capability can edit the various php files of a theme.
However, when a user with Editor capability goes to Appearance/Editor and selects say header.php, instead of displaying that file for editing, it takes them to the Medial Library.
The default file shown (style.css) can be edited but if any of the other files are selected, we are taken to the Media Library!
Users with Admin capability can edit files without problem.
Any help gratefully received!
Issue with redirection may be related to these details of admin menu access module realization.
Do you know that any user with access to .php file editing can get full access to the site in a seconds? Just couple lines of PHP code may give full access. Thus, there is no sense to limit access for user with .php editing permissions in any way. You should trust such users. It’s a good practice to block file editing at production sites. Even trusted user may lead to site crash due to unintended mistake or even typo during file editing.
We couldn’t give the customer full access to the site admin directly as that would allow them to see potentially sensitive info such as our Google API and other licencing info. I appreciate that they could still get full access by manipulating the .php files available in the theme editor but that is more manageable for us than just giving them access to everything!