Status filter view_history_capability – allow only admin users

  • Hello,

    can you confirm that this code is not necessary anymore when using Partial Stealth Mode introduced in version 5.6?

    I have added this code to every single website to only allow Admins to access Simple History, because in my eyes Simple History is an Admin tool. But I am not sure anymore if I perhaps missed something in the changelogs in the last approx. 2 years.

    From current testing without this code every user has access to Simple History (also editors). If Partial Stealth Mode is enabled, then this will take over, meaning no one has access except the users mentioned in Partial Stealth Mode.

    I wonder, could this be in the settings as well? In the initial stage it could be a simple checkbox.

    /**
     * Change capability required to view main simple history page.
     * Default capability is "edit_pages". Change to for example "manage options"
     * to only allow admins to view the history log.
     */
    add_filter('simple_history/view_history_capability', function ($capability) {
        $capability = 'manage_options';
        return $capability;
    });

    Thanks for your information about this

    best regards
    Markus

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author P?r Thernstr?m

    (@eskapism)

    Sorry for the late reply, been busy.. I want to double check this before giving a “true” answer, but yes that code would not be needed when partial stealth mode is activated. I did test this during development but I need to test it again just to be sure-sure!

    Thread Starter markussss

    (@markussss)

    Take your time, I just finished yesterday to switch over every single site to the new partial stealth mode. I disabled my more custom code for allowing only selected users (other conversation / thread) and only used your slim code instead. I also tested it, and it seems to work reliably.

    However, I still kept this mentioned filter simple_history/view_history_capability to change the global capabilities from editor to administrator. I see it as a fallback for now, should things go south. Then at least the second code would fire and only admins would have access.

    Of course, every code snippet I can get rid of for sure, is a good code snippet as it just reduces maintenance, human error, compatibility issues, etc.

Viewing 2 replies - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.