[Vladimir]

Thanks for the provided ability to test “WP Bakery Page Builder”.
This plugin uses own action to add submenu items and execute code for some menu items later than URE Pro checks admin menu using WordPress default ‘admin_menu’ action.

Workaround for “Grid Builder”: go to “WP Bakery Page Builder->Role Editor” menu item, scroll to your role and disable “Grid Builder” for that role.
As a result the single “WP Bakery Page Builder” menu item will be left visible. This plugin forces any user to see its “welcome” page – some kind of advertisement.

[Vladimir]

Hi,

I will need access to the latest version of “WP Bakery Page Builder” plugin for the testing purpose.
“Visual Composer->Grid Builder” from the older version is hidden as expected at my test site.

I will be out of office the next 2 days and can be able to proceed with this issue from June, 21st only.

[Vladimir]

References:
bp-core/classes/class-bp-admin.php
bp-core/bp-core-caps.php
bp-groups/bp-groups-admin.php

[Vladimir]

I did not take into account that you WP installation is multisite.

BuddyPress defines its main user capability (if network activated) as ‘manage_network_options’ instead of ‘manage_options’.
It also uses directly ‘bp_moderate’ for the ‘Groups’ menu under the multisite and does not map it to the ‘manage_options’ as it makes for the single site WP.

So some BuddyPress menu items are not available for the single site simple ‘administrator’, but available for the superadmin only.

[Vladimir]

‘Activity’ and ‘Groups’ menus are protected by ‘bp_moderate’ virtual user capability, which finally mapped to the ‘manage_options’ capability. ‘Users->Site notices’ and ‘Privacy’ menu item under ‘Settings’ are protected by the same ‘manage_options’ capability.
Check if ‘manage_options’ was granted to your ‘administrator’ role.

If problem still exists, then deactivate all plugins. Will it help? Activate plugins back one by one to isolate the problem.

Try to change theme to WordPress 2017. Will it help?

[Vladimir]

Hi Arie,

I got it. Yes, in order to add new campaign with Mailster user should have ‘create_newsletters’ capability. Go to ‘Users->User Role Editor’, select your role, select group ‘Campaigns’ and turn ON the ‘create_newsletters’ checkbox, update role.

[Vladimir]

Hi Arie,

You can contact me directly via support [at-sign] role-editor.com
Is “Activate “Create” capability for posts/pages/custom post types” checkbox turned ON at the “Settings->User Role Editor->Additional Modules”? You have to turn ON for the role the’create_NNNs’ capability, where ‘NNNs’ is the same ID, which is used by Mailster plugin for editing newsletters. So if Mailster uses ‘edit_newsletters’, then role should have ‘create_newsletters’ in order to can create new newsleters.

[Vladimir]

Hi,

You may send email message to support [at-sign] role-editor.com, when you need to send information directly to support service, like like login credentials. It is monitored by the authorized person only.

Messages from role-editor.com contact form are sent to that email address also.

[Vladimir]

To @csoftintl:

View restrictions for role includes blocking model: “selected” or “not selected”. When user has more than 1 role, URE takes into account view criteria from those role only, which blocking model is the same as one set for the primary role.
Do you use the same blocking model for all roles assigned to the same user?

[Vladimir]

No problem. It would be my not clear English, which is not my native language.

If user can ‘manage_options’ capability, he sees “Settings->UpDraftPlus Backups” menu item, if he can not ‘manage_options’ capability, he do not see this menu item.
Other capabilities are required for the related activity in the most of cases for the quick look.

[Vladimir]

One more question – Do you use the latest version of URE Pro? There was a bug probably related to your issue, which was fixed with version 4.46.

[Vladimir]

Hi,

UpDraftPlus Backup/Restore plugin protects its “Settings->UpDraftPlus Backups” menu item with ‘manage_options’ user capability. It uses a lot of other WordPress built-in user capabilities. Look:

$ grep -rn 'current_user_can('
admin.php:370:                  if ('index.php' == $pagenow && current_user_can('update_plugins') && (!file_exists(UPDRAFTPLUS_DIR.'/udaddons') || (defined('UPDRAFTPLUS_FORCE_DASHNOTICE') && UPDRAFTPLUS_FORCE_DASHNOTICE))) {
admin.php:829:          if (!UpdraftPlus_Options::user_can_manage() || (!current_user_can('update_core') && !current_user_can('update_plugins') && !current_user_can('update_themes'))) return;
admin.php:960:                          if (!current_user_can('update_plugins')) return;
admin.php:962:                          if (!current_user_can('update_themes')) return;
admin.php:1314:                 if (!current_user_can('update_plugins') && !current_user_can('update_themes')) return;
admin.php:1316:                 if (!current_user_can('update_plugins')) return;
templates/wp-admin/advanced/site-info.php:90:           $updraftplus_admin->settings_debugrow(__('Plugins for debugging:', 'updraftplus'), '<a href="'.wp_nonce_url(self_admin_url('update.php?action=install-plugin&updraftplus_noautobackup=1&plugin=wp-crontrol'), 'install-plugin_wp-crontrol').'">WP Crontrol</a> | <a href="'.wp_nonce_url(self_admin_url('update.php?action=install-plugin&updraftplus_noautobackup=1&plugin=sql-executioner'), 'install-plugin_sql-executioner').'">SQL Executioner</a> | <a href="'.wp_nonce_url(self_admin_url('update.php?action=install-plugin&updraftplus_noautobackup=1&plugin=advanced-code-editor'), 'install-plugin_advanced-code-editor').'">Advanced Code Editor</a> '.(current_user_can('edit_plugins') ? '<a href="'.self_admin_url('plugin-editor.php?file=updraftplus/updraftplus.php').'">(edit UpdraftPlus)</a>' : '').' | <a href="'.wp_nonce_url(self_admin_url('update.php?action=install-plugin&updraftplus_noautobackup=1&plugin=wp-filemanager'), 'install-plugin_wp-filemanager').'">WP Filemanager</a>');
central/listener.php:179:               // Make it so that current_user_can() checks can apply + work
central/modules/updates.php:11:         if (!empty($updates['plugins']) && !current_user_can('update_plugins')) return $this->_generic_error_response('updates_permission_denied', 'update_plugins');
central/modules/updates.php:13:         if (!empty($updates['themes']) && !current_user_can('update_themes')) return $this->_generic_error_response('updates_permission_denied', 'update_themes');
central/modules/updates.php:15:         if (!empty($updates['core']) && !current_user_can('update_core')) return $this->_generic_error_response('updates_permission_denied', 'update_core');
central/modules/updates.php:93:         if (!current_user_can('update_plugins')) {
central/modules/updates.php:185:                if (!current_user_can('update_core')) {
central/modules/updates.php:281:                if (!current_user_can('update_themes')) {
central/modules/updates.php:537:                if (!current_user_can('update_plugins') && !current_user_can('update_themes') && !current_user_can('update_core')) return $this->_generic_error_response('updates_permission_denied');
central/modules/updates.php:546:                if (current_user_can('update_plugins')) {
central/modules/updates.php:589:                if (current_user_can('update_themes')) {
central/modules/updates.php:625:                if (current_user_can('update_core')) {
central/modules/plugin.php:45:          if (!current_user_can('activate_plugins'))
central/modules/plugin.php:79:          if (!current_user_can('install_plugins') || !current_user_can('activate_plugins'))
central/modules/users.php:419:          if (!current_user_can('create_users') && !is_super_admin()) {
central/modules/users.php:439:          if (isset($user['site_id']) && !current_user_can('manage_network_users')) {
central/modules/users.php:501:          if (!current_user_can('delete_users') && !is_super_admin()) {
central/modules/users.php:550:          if (!current_user_can('edit_users') && !is_super_admin() && get_current_user_id() !== $user["ID"]) {
central/modules/posts.php:274:          if (!current_user_can('edit_posts')) {
central/modules/posts.php:338:          if (!current_user_can('edit_posts') && !current_user_can('edit_other_posts')) {
central/modules/posts.php:400:          if (!current_user_can('delete_posts')) {
central/modules/posts.php:469:          if (!current_user_can('manage_categories')) {
central/modules/posts.php:532:          if (!current_user_can('manage_categories')) {
central/modules/posts.php:581:          if (!current_user_can('manage_categories')) {
central/modules/core.php:178:                   if (!current_user_can('update_plugins') && !current_user_can('update_themes') && !current_user_can('update_core')) return $this->_generic_error_response('updates_permission_denied');
options.php:10:         $user_can_manage = current_user_can(apply_filters('option_page_capability_updraft-options-group', 'manage_options'));

[Vladimir]

“Admin menu’ main purpose is to hide/block existing access to the wp-admin left side menu items. It does not provide access for the menu item if user does not have such access.

I need access to copy of WP-Filebase Pro plugin in order to look what user capabilities are required for access to its menu. Send DropBox or Google Drive link to support [at-sign] role-editor.com

I setup such software at my local development environment only. I use it for the investigation/testing purpose only.

[Vladimir]

When I will return to my computer after 2 days trip, I will make more tests on the subject and inform you about the results.

[Vladimir]

Repeat the action which leat to request timeout and look for the latest records at:
/var/log/apache2/error.log
/var/log/syslog

Is it suitable for this case to export database, plugins and theme files using “UpdraftPlus” plugin and share with me (support [at-sign] role-editor.com) via DropBox or Google Drive?
I would setup your site copy at my local dev. environment and test the issue with debugger then.

[Author]

Posts