What role capabilities are needed to use Elementor?

  • Hi! I’ve created a custom user role which should only have the capabilities edit_pages, edit_private_pages, edit_published_pages, publish_pages, read.

    However, when I click “Edit with Elementor” on a page when I am logged in with this role, Elementor fails to load and the page hangs.

    This failure seems to be due to a failed AJAX GET request to /wp-json/elementor/v1/globals which returns a 403 error and the following response body

    code: "rest_forbidden"
data: {status: 403}
status: 403
message: "Sorry, you are not allowed to do that."

    If I give my custom role all of the available WordPress capabilities (as though it were an admin user), then Elementor loads the globals without a problem.

    This suggests to me that there is a certain capability or set of capabilities that are required for a role to be able to use Elementor. Somewhere in the list of capabilites that my custom role does not have, must be one or more that Elementor’s REST API endpoint checks for before allowing permission to load the Globals.

    Please could you tell me what they are?

    • This topic was modified 4 years, 4 months ago by hdsteve.
Viewing 3 replies - 1 through 3 (of 3 total)

  • Any update on this?

    I also have a custom role with specific capabilities that hangs when trying to load up. The exact same posts work for admins so I know its related to the role.

    For any that may see this question in the future:

    I am not 100%, but after doing some testing it looks like you probably need “edit_posts” at the most basic level to get past the authorization error or endless loading. Even with a custom post type with custom capability and capabilities, I think the user needs “edit_posts” for saving Elementor templates and the like. That being said I did not play around with the role manager to reduce user functionality.

    Of course this will mean your role can now edit any post types with that capabilities, so I will have no other choice than to simply hide those areas of the menu for that custom role with a 3rd party plugin.

    ***** Update ******

    After some deep diving my colleague located that “edit_posts” is in fact a required capability located in “\wp-content\plugins\elementor\core\editor\data\globals\controller.php”

    The return statement in get_permission_callback() is causing the authorization check that fails:
    return current_user_can( 'edit_posts' );

    Not a permanent/well coded fix, but we simply altered this line of code to have an OR statement for our specific capability. – Be wary this fix will be overwritten when updating the plugin –

    In our case the users also could not import pre-created Elementor templates or custom templates. This might be able to be fixed with some other user capabilities, but I am not sure.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘What role capabilities are needed to use Elementor?’ is closed to new replies.