Osm jili login registration philippines,Mnl168 link.REGISTER NOW GET FREE 888 PESOS REWARDS!

Vladimir Garagulya
(@shinephp)

7 years ago
Hi,

One of the users of your plugin contacted me recently about access to your plugin for user without administrator privileges. You made a step forward replacing role ID in plugin menu definition to the ‘edit_plugins’ user capability.
I doubt if someone will grant ‘edit_plugins’ capability to someone except super admin. Take into account that WordPress codex security recommendations page includes a requirement to disable file editing via
```
## Disable Editing in Dashboard
define('DISALLOW_FILE_EDIT', true);
```
It’s a very good practice for the live site: as per security, as to exclude sudden site break by sudden mistake in a code. I’m sure that the large part of WordPress site owners follows this requirement.

With constant defined as above ‘edit_plugins’ capability will be replaced with ‘do_not_allow’ by map_meta_cap() function at wp-includes/capabilities.php file, line #397:
```
	case 'edit_files':
	case 'edit_plugins':
	case 'edit_themes':
		// Disallow the file editors.
		if ( defined( 'DISALLOW_FILE_EDIT' ) && DISALLOW_FILE_EDIT )
			$caps[] = 'do_not_allow';
```
So a lot of site owners even with ‘administrator’ role and ‘edit_plugins’ capability will not see your plugin menu as access to it will be prohibited.

I can use ‘manage_options’ capability instead if you wish to leave so strong level of protection.

But is there a reason for this very strict restriction for access to your plugin functionality?

A lot of site owners with multiple users wish to allow their editors and even authors to work with slideshow plugins directly. So ‘edit_posts’ user capability is quite enough in this case. Moreover you defines custom post type with ‘post’ capability type and it really users posts capabilities set for its protection.
If some parts of your plugin should be available to admin only, you can move them to the separate page/menu item, like ‘SlideShow CK->Settings’ protected by ‘manage_options’ capability.

Some developers leave the final choice of user capability for users using custom filter. So you may change create_admin_menu() function this way:
```
function create_admin_menu() {
        $user_capability = apply_filters('slideshow_ck_capability', 'manage_options');
        $this->pagehook = $page = add_menu_page('Slideshow CK', 'Slideshow CK', $user_capability, 'slideshowck_general', array($this, 'render_general'), SLIDESHOWCK_MEDIA_URL . '/images/admin_menu.png');
        add_submenu_page('slideshowck_general', __('Slideshow CK'), __('All Slideshows', 'slideshow-ck'), $user_capability, 'slideshowck_general', array($this, 'render_general'));
        $editpage = add_submenu_page('slideshowck_general', __('Edit'), __('Add New', 'slideshow-ck'), $user_capability, 'slideshowck_edit', array($this, 'render_edit'));
        // for a nice menu icon
        add_action('admin_head', array($this, 'set_admin_menu_image_position'), 20);
    }
```
Then site owner can replace default user capability for his own needs adding filter:
```
add_filter('slideshow_ck_capability', 'set_slideshow_ck_capability', 10, 1);

function set_slideshow_ck_capability($cap) {
    $cap = 'edit_posts';
    
    return $cap;
}
```

Viewing 1 replies (of 1 total)

Thread Starter Vladimir Garagulya
(@shinephp)

7 years ago

I ask a moderator to delete this topic as a duplicate to this one: https://www.ads-software.com/support/topic/user-capability-choice/

Viewing 1 replies (of 1 total)

The topic ‘User Capability Choice with recent update’ is closed to new replies.