[Vladimir]

‘manage_options’ is not required for access to “Appearance->Menu” at all.
‘edit_theme_options’ is needed for that.

[Vladimir]

Hi,

“Custom Fields” menu created by “Advanced Custom Fields” plugin is available for the role if ‘manage_options’ capability was granted to it.

If menu is not available to a current role, then it is not visible at the “Admin menu” window.

[Vladimir]

Yes, you suggested exactly the same solution, about which I think myself. Thank you.
Yes, I plan to write a module to manage a white list of arguments for the admin menu links.

[Vladimir]

I can not exclude though that some other plugin may be involved here too. It may have sense to try to deactivate temporally all plugins except WP Media Folder and URE Pro and re-test the issue. I did not make this myself to not break your site. May be you can setup a stage copy for further testing of this issue.

[Vladimir]

Hi Maria,

URE does not prevent access to the media library items for the test user with added custom filter. It works with the folders also when you open Media Library directly via menu “Media Library”. I see that “WP Media Folder” plugin does not open folders when you try to access them from the post editor page.
URE should not prevent that. Some conflict between plugins takes place here.

You have at your site an older version 2.4.1 of WP Media Folder plugin.
My test with a much later version 4.2.7 of WP Media Folder plugin from Joomunited shows that this conflict was gone. Restricted user has access to the images in any folder as from Media Library directly as via post editor page.
If that’s suitable for you I would recommend to update your version of WP Media Folder plugin to the latest one.

[Vladimir]

Hi Urs,

It’s not a bug, it’s a feature for custom URL arguments added by plugins. “Block not selected” is too restrictive. It blocks any URL which belongs to the admin menu but differs from the selected/allowed by the list of arguments. When you discover this for WP built-in features – it’s a bug. I include a fix into URE Pro directly. If URL argument comes from some plugin: for popular plugin I can add support for such plugin directly to URE Pro. For others – there is a special filter in URE Pro, which allows to change the list of allowed arguments for URL. Take a code below and insert it to your active theme functions.php file or set it as a Must Use plugin:

add_filter('ure_admin_menu_access_allowed_args', 'ure_allow_arg_for_upload', 10, 1);

function ure_allow_arg_for_upload($args) {

    $args['upload.php'][''][] = 'rml_folder';
    
    return $args;

}

This should fix your problem with redirection from this URL for restricted role.

[Vladimir]

Hi,

‘edit_posts’ is enough to be able to assign categories or tags to the editing post.
‘manage_categories’ is required in order to add new categories or tags to the list of already existing terms.

[Vladimir]

Hi,

Show a full URL (without domain) with all arguments, which you see at a browser after click ‘Search’.

[Vladimir]

Hi,

Please clarify. Does user see existing images at Media Library after you added ure_attachments_show_full_list filter returning true?
So what is a problem?
1) User can not insert existing media into a post?
or
2) User can not upload a new image into Media Library?
If the 2nd, let me know is the checkbox for “Force custom post types to use their own capabilities” option turned ON or OFF. I mean if it turned ON, then role or user should have capabilities from the ‘Attachments’ group, like ‘edit_attachments’, etc.

[Vladimir]

I installed “Page Builder by SiteOrigin” plugin. I don’t see “Live Editor” menu item at the top admin menu bar even as admin. Show me a screenshot where it should be. Or do you write about “Live Editor” button located at the general toolbar together with “Add widget”, “Add row”, “Layouts” buttons?

Look at a browser JavaScript console also. Are there any error messages before and after click “Live Editor” button at top admin menu bar?

[Vladimir]

ure_attachments_show_full_list – is not a user capability. It’s a filter/hook supported by User Role Editor Pro which allows to change its default logic. We should use it as WordPress filter, that is add PHP routine which will return true or false as shown at the linked page.

[Vladimir]

Hi,

What is a ‘Live Editor’? What plugin or theme provides this functionality? I need access to it in order to check what permissions it requires.

[Vladimir]

Redirection plugin uses ‘administrator’ role by default to protect its menu and pages.
Fortunately, plugin author makes this via custom filter ‘redirection_role’. So it’s possible to use any custom capability instead of administrator role to provide access to this plugin for user with other role.

For example, add new user capability ‘edit_redirections’. Grant it to the ‘Editor’ role. Add custom code below to your active theme functions.php file or install it as a Must Use plugin.

add_filter('redirection_role', 'change_redirection_role', 10, 1);

function change_redirection_role($role) {

    $cap = 'edit_redirections';
    
    return $cap;
}

[Vladimir]

Hi,

What redirection plugin to you use. Send download link here if it’s free. Or share its copy with support [at-sign] role-editor.com via DropBox or similar service in order I can test and investigate what permissions it requires.

[Vladimir]

Thanks. I got access to your site.
It seems that described issues with test user sjwtest were gone. Please confirm:
– I see “Log Out Everythere else” button at his user profile;
– I see “Posts/Pages/Custom Post Types Editor Restrictions” section configured to “Allow” to edit 4 pages and 4 posts categories.

As about access to the media folders for restricted user. When you apply edit restrictions to a user, such restrictions are applied to the Media Library also. Restricted user sees at the Media Library his own items (images) only. If there are know images uploaded by this user, he will see the empty Media Library.
If you wish to allow to see full Media Library withou restrictions you can use custom filter ure_attachments_show_full_list. Let me know if that helped.

[Author]

Posts