Admin’s access to front-end issue

  • Resolved janrenn

    (@janrenn)


    3 years, 9 months ago

    Hi Johannes,
    thanks for plugin!

    There is an issue with Admin’s access to front-end when editing files is disabled for security reasons with define( 'DISALLOW_FILE_EDIT', true );. The condition with current_user_can('edit_themes') on line 125 then evaluates as true even if current user is Admin. It is better to use current_user_can('admin') or current_user_can('activate_plugins').

    However, there is a workaround:

    
add_action( 'get_header', function () {
  if ( has_action( 'get_header', 'slim_maintenance_mode' ) ) {
    if ( is_user_logged_in() && current_user_can( 'activate_plugins' ) ) {
      remove_action( 'get_header', 'slim_maintenance_mode' );
    }
  }
}, 1 );
    • This topic was modified 3 years, 9 months ago by janrenn.
    • This topic was modified 3 years, 9 months ago by janrenn.
Viewing 3 replies - 1 through 3 (of 3 total)
Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Admin’s access to front-end issue’ is closed to new replies.