- This topic has 0 replies, 1 voice, and was last updated 2 hours, 2 minutes ago by
.
-
Posts
-
Hi URE team, I’m seeing what looks like a URE/WordPress profile UI compatibility bug for non-admin roles.
Non-admin roles: Application Password create returns 201 but one-time password UI (the password itself) is not shown
Environment 1
– WordPress 6.9.1
– URE Pro 4.64.6
– PHP 8.3 (DDEV local)
– Control: Administrator user– Environment 2
– WP 6.9.4
– URE Pro 4.64.6
– PHP 8.2.30Repro steps
1. Log in as non-admin user
2. Open wp-admin/profile.php
3. In Application Passwords, enter a name and click Add Application Password.
4. Password not revealed
5. Check DevTools > Network.What happens
– Request: ‘POST /wp-json/wp/v2/users/<id>/application-passwords?_locale=user’
– Response: ‘201 Created’
– Response JSON includes uuid + password (valid create)
– But the profile UI does not show the success notice / one-time password.Control behavior
– Same test as Administrator works normally (notice appears and one-time password is shown).Note too that if URE Pro plugin is disabled the non admin users can successfully access the password.
Why this seems role/UI related
Since REST create succeeds (201 + password), backend permission/create appears okay.
The issue appears to be in the role-specific profile UI/success render path for non-admin users.Could you advise what URE setting/filter might cause this (profile restrictions, script/template availability, or capability filter behavior in wp-admin vs REST context)?
Thanks!
- You must be logged in to reply to this topic.
