Have any of the recent updates addressed this issue? the only admins on our site are system administrators who do not post content. We use User Role Editor plugin to allow editors and manager roles to access widgets. Can this access be connected between the two plugins?
Some access has been restricted to Administrators only because certain features — particularly in the Conditional Logic section — can introduce potential vulnerabilities for website owners. As a temporary solution, these functionalities are now limited to Administrators, even if other roles are modified using the User Role Editor plugin.
Could you please let us know which specific functionalities are not accessible when a non-Administrator role is edited using the User Role Editor plugin? This will help us review and determine if adjustments can be made.
Hi, I’m aware of the restriction, and restricting access for non-admins has been a “temporary” fix for months. Are other solutions in development?
Conditional logic is the main reason we use your plugin, so that is the feature that our custom roles need to access. Again the only “admins” on this site are network administrators who do not post content. We use User Role Editor to create/edit roles such as Manager and Editor that have enough access to add/edit text widgets, etc without granting full admin rights.
We use conditional logic to show widgets on certain posts using the is_single() function. We have many many widgets organized this way.
If the php functions are a risk, that why not have posts use the same WYSIWYG functionality your pages feature has? It’s a search function you have already created. No need for user php at all.
Regarding the solution for non-admin access, our dev team is still actively working on a possible fix that would allow non-admin users to access the Conditional Logic tab without introducing any vulnerabilities.
According to our developers, the Conditional Logic tab may receive a new UX and additional security features. We’re currently testing these updates before implementing them.
We truly appreciate your patience as we work toward providing a permanent solution for non-admin users while maintaining the plugin’s security.
