install_plugins permissions fails on protected environments

  • Resolved UnchartedDesign

    (@uncharteddesign)


    1 year, 1 month ago

    It seems this permission was changed in the latest release of the plugin. It was previously manage_options.

    Relying on install_plugins does not work since a non-writeable filesystem set by DISALLOW_FILE_MODS will automatically make that false. However it doesn’t speak to the user’s permissions or the functionality of the plugin.

    A workaround is to set DISALLOW_FILE_MODS to false, but that introduces other UI issues for sites with locked code directories, for example sites that are built using Git.

    1. Pantheon’s Environment: In Pantheon’s ‘test’ and ‘live’ environments, or while in Git mode on ‘dev’, certain WordPress capabilities, such as?install_plugins, are automatically revoked to make the WordPress admin UI reflect the non-writable nature of these environments.
    ?
    2. WP All Import Pro Assumption: The plugin checks if a user has the?install_plugins?capability to determine if its admin menu should be displayed. Since this capability is revoked in the said Pantheon environments, the plugin’s menu doesn’t appear. This is on line 11 of?wp-content/plugins/wp-all-import-pro/actions/admin_menu.php

Viewing 1 replies (of 1 total)
  • Plugin Author WP All Import

    (@wpallimport)

    Hi @uncharteddesign,

    This was an intentional change to ensure that only those with the highest permissions in a multisite environment can access WP All Import.

    You can revert back to using the “manage_options” capability by adding this to your wp-config file:

    define( 'WPAI_WPAE_ALLOW_INSECURE_MULTISITE', 1 );
Viewing 1 replies (of 1 total)
  • The topic ‘install_plugins permissions fails on protected environments’ is closed to new replies.