User Role unable to edit custom field on user-edit.php

  • Resolved sspengler

    (@sspengler)


    4 years ago

    Hi there,

    we use a plugin (custom made for us) to store an expiry date of our users and an additional user information field in the database. Moreover we use different custom roles to regulate access to certain website areas. There are the WordPress core admin role, a custom “usermanager” and a “customer” role, among others.

    Usually the Usermanager enters the WordPress core edit-user.php site, enters or edits the expiry date and/or additional info field, saves and exits the site.

    But ever since a few Ultimate Member updates back, the usermanager isn’t able to enter or edit these custom fields. Any of the changes made will not be stored in the database, when they hit the “update user profile” button.

    By rolling the plugin back on a testserver we found out that this used to work perfectly fine up until v2.1.7. The issue begins in with v2.1.8.

    There is an if-condition in the custom plugin, that requires the user to have the “edit_user” capability in order to perform the field updates, if I read that correctly. But the usermanager role does have this cap of course.

    We can not say if the usermanager role was created with Ultimate Member or another role editor we used before. But anyhow, if we create a copy of the admin role with exactly the same capabilities via the UM role editor, the user of that role will not be able to edit the custom fields on edit-user.php either.

    We use a Linux/Ubuntu web server and the newest WordPress release. Rolling back the WP version didn’t help with the problem. So everything is pointing to Ultimate Member.

    Any ideas or solutions about this issue would be much appreciated. Thank you!

    • This topic was modified 4 years ago by sspengler. Reason: typo in title

    The page I need help with: [log in to see the link]

Viewing 6 replies - 1 through 6 (of 6 total)
  • Plugin Contributor Champ Camba

    (@champsupertramp)

    Hi @sspengler

    Could you please try installing this plugin?
    https://www.ads-software.com/plugins/user-role-editor/

    Once installed and activated, please go to /wp-admin/users.php?page=users-user-role-editor.php

    Now, choose the role that has the issue in the options “Select Role and changes its capabilities”.

    Please provide screenshots of the capabilities of that role and send it here so we can review it.

    Regards,

    Thread Starter sspengler

    (@sspengler)

    Thanks for the fast reply!
    Here are the screenshots you asked for. Hope they help.

    Kind regards

    Plugin Contributor Champ Camba

    (@champsupertramp)

    Hi @sspengler

    Sorry for the late response.

    Are you using a third-party plugin to display custom fields on the user-edit.php page? UM doesn’t have a functionality to display custom fields in the user-edit.php

    Feel free to re-open this thread by changing the topic status to “Not Resolved” so we can get back to you.

    Regards,

    Thread Starter sspengler

    (@sspengler)

    Hi Champ,

    yes we are using a third-party plugin to create, display and manage custom database entries for our users. And I know that this has basically nothing to do with UM.

    The problem is that a certain user role was able to edit these custom fields. But ever since UM v2.1.8 users of that role can still see the input fields on user-edit.php, but changes are not being saved. Only the admin role is able to successfully save these fields now.

    So my question would be: did UM change something about user roles in v2.1.8 and following? It can’t be a coincidence that the user role is working correctly when I roll back to v2.1.7., I think.

    Kind regards

    Plugin Contributor Champ Camba

    (@champsupertramp)

    Hi @sspengler

    There’s a security issue regarding the changing roles with administrative rights in the front-end.

    Please see our discussion on: https://github.com/ultimatemember/ultimatemember/issues/687

    Regards,

    Plugin Contributor Champ Camba

    (@champsupertramp)

    Hey there!

    This thread has been inactive for a while so we’re going to go ahead and mark it Resolved.

    Please feel free to re-open this thread by changing the Topic Status to ‘Not Resolved’ if any other questions come up and we’d be happy to help. ??

    Regards,

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘User Role unable to edit custom field on user-edit.php’ is closed to new replies.