Multisite capabilites

  • Resolved Shane

    (@shanemarsh28)


    2 years ago

    The if statement within src/TidioLiveChat.php line 42 prevents the plugin from operating if the user does not have the capability to install plugins (which is common on our multisite install), despite being able to manage_options as set within src/Admin/AdminDashboard.php line 48. In our use case it restricts the use of your plugin to super admins only.

    The if statement is redundant as manage_options should be sufficient.

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Support kamiltidio

    (@kamiltidio)

    Hi there!

    My name is Kamil, I’m from the Tidio technical support, and I’ll gladly help you with your inquiry ??

    I had to push the question to our integrations team – I’ll keep you posted on the case.

    I appreciate your patience!

    Plugin Support kamiltidio

    (@kamiltidio)

    Hey there, I have an update from our Integrations Team.

    There is no consistency in the code regarding required permissions. In src/TidioLiveChat.php we require activate_plugins capability, and in src/Admin/AdminDashboard.php the manage_options.

    We discussed it with the team and decided to stay with activate_plugins permission. That means only the admin can manage the Tidio plugin.

    We’ll make it consitent to activate_plugins?permission in the next release.

    As for your case – could you please tell us why it restricts the use of your plugin to super admins only?

    Thank you in advance.

    Thread Starter Shane

    (@shanemarsh28)

    Hi, thanks for looking into this.

    All our client sites are in a large WP installation where on the Network Settings page (usually: /wp-admin/network/settings.php) we have “Enable administration menus” -> Plugins disabled. This means the ability to install plugins is restricted to the Multisite Super Admins and that works well for us because it allows our technical team to check what’s being installed so that we don’t have any inadvertent security issues. Sadly in this case, within a Multisite install, activate_plugins takes president over Administrator which ultimately means our client, who has Administrator access to their individual blog does not have high enough capabilities to open or interact with your plugin – whatsoever.

    In our experience there is no benefit to restricting total access to a plugin to only those who are able to install plugins – WordPress prevents unauthorised installations naturally. I’ve found developers will usually restrict access to settings pages and notifications to those with manage_options which is roughly what I suggested and would ultimately be what would happen if you removed the unnecessary (in my view), activate_plugins restriction.

    If this requirement must stay, could you make an allowance for Multisite because out of the 170+ plugins we have installed, yours will be the only one to restrict access in this way?

    Hope this makes more sense and you are able to reconsider your decision.

    Shane ??

    Ty

    (@tyranthacker)

    This was marked resolved? Is this true?

    I noticed today that Tidio now says Network Only when on a sub-site… So does this mean the plugin can only be network activated?

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Multisite capabilites’ is closed to new replies.