Custom Role Issue

  • Resolved phaesic

    (@phaesic)


    7 years, 6 months ago

    I highly doubt this is a problem with the User Role Editor plugin, but my theme author seems to be totally in the dark, and I thought someone here might be able to help me narrow down the issue.

    Currently, any custom role I create is unable to see any of the options in the backend wordpress side tool bar. They have access to everything, such as /plugins.php, /users.php, everything they should, but the links to those sections just dont show up. All WordPress stock roles seem to be able to see the menus just fine. However, even stock roles cannot see all Visual Composer elements, even if given permission in visual composers role editor. The only role able to access everything normally is the Administrator role. Its definitely a theme issue, since the 2017 theme works perfectly fine, but the theme Author cant seem to track down the issue causing it. Again, I know this isn’t a bug related to User Role Editor, but since custom roles are a big part of the issue, I was looking for something of an expert opinion on the problem.

    Thanks.

    • This topic was modified 7 years, 6 months ago by phaesic.
Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author Vladimir Garagulya

    (@shinephp)

    I can make my own tests with custom roles in case you provide me access to this theme copy (via DropBox, Google Drive or similar service): support [at-sign] role-editor.com

    Thread Starter phaesic

    (@phaesic)

    Sent, thanks again. Attached some images. Also got a bit mixed up and overcomplicated sending you the theme. You should have a second message with a Drive link to the file instead.

    Plugin Author Vladimir Garagulya

    (@shinephp)

    Nothing mysterious. This theme developer just apparently restricts access to some WP features for his own criteria. He uses not user capabilities but role IDs for that. Look at functions.php file for the direct answer on your question:

    Line # 3678:

    
if (!current_user_can('administrator') && !current_user_can('editor') && !current_user_can('author')) {
  remove_menu_page( 'index.php' );                  	//Dashboard
  remove_menu_page( 'edit.php' );                   	//Posts
  remove_menu_page( 'upload.php' );                 	//Media
  remove_menu_page( 'edit.php?post_type=page' );    	//Pages
  remove_menu_page( 'edit.php?post_type=team' );    	//Teams
  remove_menu_page( 'edit-comments.php' );          	//Comments
  remove_menu_page( 'themes.php' );                 	//Appearance
  remove_menu_page( 'plugins.php' );                	//Plugins
  remove_menu_page( 'users.php' );                  	//Users
  remove_menu_page( 'tools.php' );                  	//Tools
  remove_menu_page( 'options-general.php' );        	//Settings
  }

    There are a lot of other access restrictions through the theme’s functions.php file according to which only user with ‘administrator’ role can access some key features. For example, according to the code from line #3097 even shop_manager will not see some WooCommerce elements, etc.

    So you have a starting point to discuss with developer.

    The best practice is never use a role name inside current_user_can(). Use user capability instead and add it to the existing roles if required. Final user will be capable to decide himself grant or not that capability to another role(s) beyond a list for which a developer made this already.

    Thread Starter phaesic

    (@phaesic)

    Thank you so very much for your help, though it is disappointing to hear its somewhat deliberate. They’re either oblivious to it or being deceptive for some reason, which is not great to hear. I’m not really sure how they could not know about the problem, so I’ll discuss it some more with them, and see if they’re willing to do anything about it.

    Thanks again for your time, it was very generous of you.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Custom Role Issue’ is closed to new replies.