Role Access not working as intended

Hi,
The Role Access isn’t working as intended and is letting unqualified users view and edit settings.

I have a custom role on my site that has most of the capabilities that the Administrator role does (all caps minus the ones to switch themes, de/activate plugins, or install updates), however they can still see Stream in the admin menu and can access and edit the settings page even though they have not been granted access through the plugin’s Role Access setting. The Alerts menu item is also visible, but shows an access denied message when viewing it.

After some testing, it seems a check is only being done for the manage_options cap instead of checking the user’s actual role.

• This topic was modified 2 years, 11 months ago by Shannon Little.