Change WordPress user roles and capabilities Forums Bug Reports Custom Admin Menus – Serious Bugs

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • #1655
    ONYX Desgin
    Participant

    First of all, great plugin. I bought the Pro version because admin menu blocking is the main function that I need. Saved me a lot of time. Thank you for that. But I am having some serious issues that I believe are bugs in your URE_Admin_Menu_Access class.

    I have a few special non-admin user roles that still need to access certain parts of the back-end. I would like these users to be able to get to the back-end simply by typing [site-url]/admin/ even though they do not have access to most of the admin including the admin dashboard/home screen.

    I haven’t fully dissected your code, but it looks like there are some problems with how admin links are handled by the URE_Admin_Menu_Access class. I believe the problem is either in the extract_command_from_url() method or the get_first_available_menu_item() method, which, unless I am mistaken, work together in the redirect_blocked_urls() method to try to get the user.

    I have a simple custom admin menu with submenus. The parent_slug is ‘ovc’, so the url of the first submenu item is automatically [site-url]/wp-admin/admin.php?page=ovc. When I am logged in as the custom role type and I try to go to /admin, it redirects me to [site-url]/wp-admin/ovc . I also notice in the backend admin menus editor for your plugin, it lists only ‘ovc’ (the slug) in the url column. I think you just need to add some logic to understand when an admin link is actually a slug that needs to be appended to the url as admin.php?page=[slug]

    An issue that is probably directly related: If I manually navigate to the correct url, it works, as does the rest of your admin menu blocking. BUT, it only works if the role’s ‘Block Menu Items’ setting is set to ‘Selected’ in URE admin menus editor. If that option is set to ‘Not Selected’, which is the option I wanted to use (although it’s not a big deal either way), the admin menu blocking and redirection breaks a lot more.

    Thank you for a great plugin, I hope this issue is fixed soon.

    #1657
    Vladimir
    Keymaster

    Thanks for the information.
    Could you tell me from what plugin that custom menu is, so I may directly test URE with it?

    As about “Block not selected” option, it works currently as straightforward as it named – blocked (as result user is redirected) all not selected URLs. So if some link is clicked from the allowed page, but that link was not selected at menu items list (it may even be not presented there) user will not get access to it.

    #1733
    birgitEFGS
    Participant

    Came here to report a similar bug. Am using the Pro version of the plugin, Divi theme from Elegant Themes (which also has a user role settings section). When I enable the Admin Menu module, using “Not selected” will cause serious problems with the user’s access to the post edit screen. Detailed explanation follows:

    I want the Contributor role to only be able to edit posts of the Page type, but when you disable edit_posts the Tags section is rendered unusable (it’s there but with no input field). So, I allowed everything basic posts related and in stead turned to the Admin Menu module, checking menu items using the “Not selected” option. When I tried to edit my Page (as a Contributor), the list of posts (Pages) would just reload. I could not get to the edit post screen. Certain combinations of ticks would cause a redirect to the Dashboard instead of reloading the list of Pages.

    Using the “Selected” option, everything seems to be working fine.

    #1736
    Vladimir
    Keymaster

    @birgitEFGS: Thanks for the information. I plan to limit a list of “not selected” URL blocked by “admin menu access” add-on with the URLs only which are included to the admin menu. This should resolve issues similar to one with posts edit page blocking. I will include this fix to the next update (1-2 weeks).

Viewing 4 posts - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.