Forum Replies Created
-
Posts
-
‘Activity’ and ‘Groups’ menus are protected by ‘bp_moderate’ virtual user capability, which finally mapped to the ‘manage_options’ capability. ‘Users->Site notices’ and ‘Privacy’ menu item under ‘Settings’ are protected by the same ‘manage_options’ capability.
Check if ‘manage_options’ was granted to your ‘administrator’ role.If problem still exists, then deactivate all plugins. Will it help? Activate plugins back one by one to isolate the problem.
Try to change theme to WordPress 2017. Will it help?
Hi Arie,
I got it. Yes, in order to add new campaign with Mailster user should have ‘create_newsletters’ capability. Go to ‘Users->User Role Editor’, select your role, select group ‘Campaigns’ and turn ON the ‘create_newsletters’ checkbox, update role.
Hi Arie,
You can contact me directly via support [at-sign] role-editor.com
Is “Activate “Create” capability for posts/pages/custom post types” checkbox turned ON at the “Settings->User Role Editor->Additional Modules”? You have to turn ON for the role the’create_NNNs’ capability, where ‘NNNs’ is the same ID, which is used by Mailster plugin for editing newsletters. So if Mailster uses ‘edit_newsletters’, then role should have ‘create_newsletters’ in order to can create new newsleters.Hi,
You may send email message to support [at-sign] role-editor.com, when you need to send information directly to support service, like like login credentials. It is monitored by the authorized person only.
Messages from role-editor.com contact form are sent to that email address also.
To @csoftintl:
View restrictions for role includes blocking model: “selected” or “not selected”. When user has more than 1 role, URE takes into account view criteria from those role only, which blocking model is the same as one set for the primary role.
Do you use the same blocking model for all roles assigned to the same user?No problem. It would be my not clear English, which is not my native language.
If user can ‘manage_options’ capability, he sees “Settings->UpDraftPlus Backups” menu item, if he can not ‘manage_options’ capability, he do not see this menu item.
Other capabilities are required for the related activity in the most of cases for the quick look.One more question – Do you use the latest version of URE Pro? There was a bug probably related to your issue, which was fixed with version 4.46.
Hi,
UpDraftPlus Backup/Restore plugin protects its “Settings->UpDraftPlus Backups” menu item with ‘manage_options’ user capability. It uses a lot of other WordPress built-in user capabilities. Look:
$ grep -rn 'current_user_can(' admin.php:370: if ('index.php' == $pagenow && current_user_can('update_plugins') && (!file_exists(UPDRAFTPLUS_DIR.'/udaddons') || (defined('UPDRAFTPLUS_FORCE_DASHNOTICE') && UPDRAFTPLUS_FORCE_DASHNOTICE))) { admin.php:829: if (!UpdraftPlus_Options::user_can_manage() || (!current_user_can('update_core') && !current_user_can('update_plugins') && !current_user_can('update_themes'))) return; admin.php:960: if (!current_user_can('update_plugins')) return; admin.php:962: if (!current_user_can('update_themes')) return; admin.php:1314: if (!current_user_can('update_plugins') && !current_user_can('update_themes')) return; admin.php:1316: if (!current_user_can('update_plugins')) return; templates/wp-admin/advanced/site-info.php:90: $updraftplus_admin->settings_debugrow(__('Plugins for debugging:', 'updraftplus'), '<a href="'.wp_nonce_url(self_admin_url('update.php?action=install-plugin&updraftplus_noautobackup=1&plugin=wp-crontrol'), 'install-plugin_wp-crontrol').'">WP Crontrol</a> | <a href="'.wp_nonce_url(self_admin_url('update.php?action=install-plugin&updraftplus_noautobackup=1&plugin=sql-executioner'), 'install-plugin_sql-executioner').'">SQL Executioner</a> | <a href="'.wp_nonce_url(self_admin_url('update.php?action=install-plugin&updraftplus_noautobackup=1&plugin=advanced-code-editor'), 'install-plugin_advanced-code-editor').'">Advanced Code Editor</a> '.(current_user_can('edit_plugins') ? '<a href="'.self_admin_url('plugin-editor.php?file=updraftplus/updraftplus.php').'">(edit UpdraftPlus)</a>' : '').' | <a href="'.wp_nonce_url(self_admin_url('update.php?action=install-plugin&updraftplus_noautobackup=1&plugin=wp-filemanager'), 'install-plugin_wp-filemanager').'">WP Filemanager</a>'); central/listener.php:179: // Make it so that current_user_can() checks can apply + work central/modules/updates.php:11: if (!empty($updates['plugins']) && !current_user_can('update_plugins')) return $this->_generic_error_response('updates_permission_denied', 'update_plugins'); central/modules/updates.php:13: if (!empty($updates['themes']) && !current_user_can('update_themes')) return $this->_generic_error_response('updates_permission_denied', 'update_themes'); central/modules/updates.php:15: if (!empty($updates['core']) && !current_user_can('update_core')) return $this->_generic_error_response('updates_permission_denied', 'update_core'); central/modules/updates.php:93: if (!current_user_can('update_plugins')) { central/modules/updates.php:185: if (!current_user_can('update_core')) { central/modules/updates.php:281: if (!current_user_can('update_themes')) { central/modules/updates.php:537: if (!current_user_can('update_plugins') && !current_user_can('update_themes') && !current_user_can('update_core')) return $this->_generic_error_response('updates_permission_denied'); central/modules/updates.php:546: if (current_user_can('update_plugins')) { central/modules/updates.php:589: if (current_user_can('update_themes')) { central/modules/updates.php:625: if (current_user_can('update_core')) { central/modules/plugin.php:45: if (!current_user_can('activate_plugins')) central/modules/plugin.php:79: if (!current_user_can('install_plugins') || !current_user_can('activate_plugins')) central/modules/users.php:419: if (!current_user_can('create_users') && !is_super_admin()) { central/modules/users.php:439: if (isset($user['site_id']) && !current_user_can('manage_network_users')) { central/modules/users.php:501: if (!current_user_can('delete_users') && !is_super_admin()) { central/modules/users.php:550: if (!current_user_can('edit_users') && !is_super_admin() && get_current_user_id() !== $user["ID"]) { central/modules/posts.php:274: if (!current_user_can('edit_posts')) { central/modules/posts.php:338: if (!current_user_can('edit_posts') && !current_user_can('edit_other_posts')) { central/modules/posts.php:400: if (!current_user_can('delete_posts')) { central/modules/posts.php:469: if (!current_user_can('manage_categories')) { central/modules/posts.php:532: if (!current_user_can('manage_categories')) { central/modules/posts.php:581: if (!current_user_can('manage_categories')) { central/modules/core.php:178: if (!current_user_can('update_plugins') && !current_user_can('update_themes') && !current_user_can('update_core')) return $this->_generic_error_response('updates_permission_denied'); options.php:10: $user_can_manage = current_user_can(apply_filters('option_page_capability_updraft-options-group', 'manage_options'));“Admin menu’ main purpose is to hide/block existing access to the wp-admin left side menu items. It does not provide access for the menu item if user does not have such access.
I need access to copy of WP-Filebase Pro plugin in order to look what user capabilities are required for access to its menu. Send DropBox or Google Drive link to support [at-sign] role-editor.com
I setup such software at my local development environment only. I use it for the investigation/testing purpose only.
When I will return to my computer after 2 days trip, I will make more tests on the subject and inform you about the results.
Repeat the action which leat to request timeout and look for the latest records at:
/var/log/apache2/error.log
/var/log/syslogIs it suitable for this case to export database, plugins and theme files using “UpdraftPlus” plugin and share with me (support [at-sign] role-editor.com) via DropBox or Google Drive?
I would setup your site copy at my local dev. environment and test the issue with debugger then.Hi,
Generally, URE’s Gravity Forms access add-on modifies WP_Query SQL expression for the queries related to the GF database tables and should not influence on a WP queries related to the posts or pages.
Can you look at the server logs if they contain any related information from PHP or/and MySQL about endless recursion, timeout, etc. and share it with me?
You need to change the template which outputs user’s name, add user’s roles there using a function like below. It returns the string of comma separated user roles by user ID:
function get_user_roles($user_id) { $wp_roles = wp_roles(); $user = get_user_by('id', $user_id); $roles = array(); foreach ($user->roles as $role_id) { $roles[] = $wp_roles->role_names[$role_id]; } $roles_str = implode(', ', $roles); return $roles_str; }Home page was hidden from all users except the selected group by custom code included into the active theme functions.php file.
Hi Levent,
It’s clear now. You tried ‘Block not selected’ model at ‘Admin menu’ settings for the ‘klienttest’ role. This model is too restrictive. It blocks all URL and removes from the left side menu and from the top admin menu bar all menu items, which are not apparently allowed. It has some other side effects also.
I switched ‘Admin menu’ selection for this role to “Block selected” and reverted menu items selection. “Enable Visual Builder” button at admin menu bar is visible for this role now.You should always minimize role access via user capabilities 1st and block menu items via ‘Admin menu’ when you can not revoke user capability, as it is required for some other purpose (used by other menu item too, for example).
So I revoked from the ‘klienttest’ role these capabilities:
edit_themes,
delete_themes,
activate_plugins,
delete_plugins,
create_users,
delete_users,
promote_users.With ‘Block selected’ model you have to re-visit ‘Admin menu’ for the restricted roles after you activate new plugin, as some new menu items may become available for the roles, while they should be blocked.
