[Vladimir]

Thanks for the provided access to the source code. There were similar error reports at wordpress.org support forum. I duplicate the answer here:

The reason of a problem is a line of code at the BuddyBoss platform plugin. Open wp-content/plugins/buddyboss-platform/bp-load.php file and look at the line #149:

apply_filters( 'all_plugins', 'bp_core_unset_bbpress_buddypress_active_all_plugins', - 1 );

It incorrectly calls `apply_filters’ for WordPress core ‘all_plugins’ filter. Why do I think so? Be cause of it sends to it not array with plugins list, as WordPress itself does at includes/class-wp-plugins-list-table.php:91:
$all_plugins = apply_filters( 'all_plugins', get_plugins() );
where function get_plugins() returns “array Key is the plugin file path and the value is an array of the plugin data”.

But it sends own function ‘bp_core_unset_bbpress_buddypress_active_all_plugins’ and priority value: -1. These parameters are valid for add_filter() function.
I suppose this is just a typo.

More, bp_core_unset_bbpress_buddypress_active_all_plugins() function which belongs to BuddyBoss Platform plugin accept a single $plugins parameter and returns it unchanged.

So quick fix is replace line #149 with this valid version:

add_filter( 'all_plugins', 'bp_core_unset_bbpress_buddypress_active_all_plugins', - 1 );

[Vladimir]

Hi,

Thanks for this information.

User Role Editor (URE) hides itself from not administrator users who have access to the “Plugins” page. URE uses ‘all_plugins’ WordPress filter to exclude itself from the installed plugins list.
Look at this filter official definition:

all_plugins

This filter should take parameter of type array, not the string, as BuddyBoss sends, according to the line #2 from the stack trace:

#2 /wp-content/plugins/buddyboss-platform/bp-loader.php(149): apply_filters(‘all_plugins’, ‘bp_core_unset_b…’, -1);

URE tries unset array element for its own record in line 461:

459 // exclude URE from plugins list
460 $key = basename(URE_PLUGIN_DIR) . ‘/’ . URE_PLUGIN_FILE;
461 unset($plugins[$key]);

Look at the screenshot below. I took it from PHP debugger at my test site.

$plugins parameter contains array of installed plugins as it should by WordPress design and documentation.

But at your site $plugins modified by BuddyBoss executed ‘all_plugins’ filter earlier with lower priority (-1 comparing to default 10), contains not array with plugins list, but the string ‘bp_core_unset_b…’. Finally, I see this as a reason of PHP error, raised inside URE code.

I’m ready to investigate the issue further if you can provide me BuddyBoss plugin (plus a theme if required) for testing. Share it with support [at-sign] role-editor.com via Google Drive or similar.

[Vladimir]

Turn ON ‘Show deprecated capabilities’ checkbox at the top of URE page to see ‘edit_files’ capability.

[Vladimir]

Hi,

Yoast SEO checks ‘edit_files’ capability before allow user to work with its ‘File Editor’.

Take into account that any mistake in .htaccess file may lead to site blocking. You need to think twice before allow direct file editing at the live site.

Btw., ‘edit_files’ allows to edit inside WordPress themes and plugins file.

[Vladimir]

Thanks for letting me know.

[Vladimir]

Hi,

It’s not possible using user capabilities. But it seems that you can use a filter. Tickera adds “Export PDF” tab using this filter:

add_filter( 'tc_settings_new_menus', array( &$this, 'tc_settings_new_menus_additional' ) );

function tc_settings_new_menus_additional( $settings_tabs ) {
	$settings_tabs[ 'tickera_export_mixed_data' ] = __( 'Export PDF', 'tc' );
	return $settings_tabs;
		}

You can add to this filter with larger priority (99) your own function, which will remove ‘tickera_export_mixed_data’ element from the array with the list of tabs.

Let me know if you need further help.

[Vladimir]

Hi,

Do your subsites use own domain names? Is it realized with some plugin help?

There are rare cases when POST works via redirection to a new domain name, but request for a new page does not contain POST parameters (current_role) in this case, which were send to the server initially.

[Vladimir]

You may try this solution:

add_action( 'registered_post_type', 'cpt_add_edit_permissions', 10, 2 );

function cpt_add_edit_permissions( $post_type, $post_type_object ) {

    if ( !class_exists( 'URE_Lib') ) {
        return;
    }
    
    $roles = array('administrator', 'editor');
    $lib = URE_Lib::get_instance();
    $capabilities = $lib->get_edit_post_capabilities();
    foreach( $capabilities as $capability ) {
        if ( isset( $post_type_object->cap->$capability ) ) {
            URE_Capabilities::add_cap_to_roles( $roles, $post_type_object->cap->$capability );
        }        
    }
    
}

This code automatically adds edit capabilities to roles from the all $roles array for any registered post type.
Parameters:
$post_type – post type slug, like ‘post’,
$post_type_object – self commented.

Just fill $roles array with your own roles ID, which is allowed to create new custom post types and setup this code as a must use plugin to wp-content/mu-plugins folder.

[Vladimir]

Hi,

Did you block any admin menu items for this role using “Admin menu” with “Block not selected” option?

[Vladimir]

I asked about plugin to clarify what permission allows to create custom post type. I don’t have access to the “Toolset Types” plugin though. This solution is not suitable in case it uses some widely used capability like ‘manage_options’

URE adds user capabilities for custom post type (CPT) to ‘administrator’ role automatically only when “Users->User Role Editor” page is opening. I added custom filter ure_cpt_editor_roles in order to extend the list of roles to which URE will add capabilities for CPT in addition to default administrator. It will be available with the next update.

URE page should be opened at least 1 time after new CPT was added. Will this update satisfy your needs?

[Vladimir]

Try to deactivate/activate back AdRotate plugin. Some plugins re-install its user capabilities and roles on activation.

If that will not help, you have variants 1, 2 from the mentioned article.

[Vladimir]

What plugin do you use to create new custom post types?

[Vladimir]

Hi Yaniv,

It’s possible to allow user to add/edit posts just with selected terms/categories. Use Posts edit restrictions add-on for this purpose.

[Vladimir]

Hi,

Let me share some info/recommendations.

When you allow someone to edit PHP code at your site, there is no sense to restrict that person somehow. You have to just trust the developer.
Having access to arbitrary PHP code execution developer can with just one line of a PHP code wp_insert_user(); create new user with ‘administrator’ role, re-login and get full permissions at the site.

Any code editing should be done at the stage/development copy of the site.

In relation to the auto-redirection to dashboard, I suppose that you blocked some admin menu items for this user role via Admin menu access add-on and use ‘Block Not selected’ option. Read more carefully this part of the article.

[Vladimir]

Yes, you can, just deactivate plugin, replace files, activate plugin back.

Btw., did you check if shortcode option is active at URE Settings?
If plugin was activated locally at this subsite, then you have to check this subsite Settings, not at the network admin.

[Author]

Posts