More flexible permissions

  • Resolved David Anderson / Team Updraft

    (@davidanderson)


    10 years, 7 months ago

    Hi,

    The function nelioab_can_user_manage_plugin() provides no way for a developer to customise the result. There’s no function_exists() wrapper around the function to allow it to be over-written, or filter inside the plugin allowing the result to be affected. Please can you add something, so that it becomes possible to allow a user to administrate the plugin without having to give the manage_options capability that opens access to all plugins?

    I’d suggestion adjusting nelioab_can_user_manage_plugin() so that the result is passed through a filter with apply_filters() before being returned, so that a developer can write whatever arbitrary logic he prefers.

    David

    https://ww.wp.xz.cn/plugins/nelio-ab-testing/

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author David Aguilera

    (@davilera)

    10 years, 7 months ago

    Hi David!

    Thanks for the suggestions—it’s a pretty good idea! I’ll introduce this filter in the next release of the plugin. In the meantime, you can edit the plugin yourself as I’ll describe here, so that you can use the filter before it’s officially available:

    First of all, you’ll need to edit nelio-ab-testing/includes/utils/essentials.php. Change function nelioab_can_user_manage_plugin as follows:

    function nelioab_can_user_manage_plugin() {
  $result = false;

  // If the user is super admin, she can use the plugin
  if ( is_super_admin() ) {
    $result = true;
  }

  // If WordPress is in a multisite environment, things are slightly
  // different. Check if regular admins can manage the plugin
  if ( NelioABSettings::regular_admins_can_manage_plugin() ) {
    if ( current_user_can( 'manage_options' ) ) {
      $result = true;
    }
  }

  /**
   * Filter whether current user can manage the plugin or not.
   *
   * @since 4.3.1
   *
   * @param  boolean  $result  Whether the current user can manage the plugin
   */
  $result = apply_filters( 'nelioab_can_user_manage_plugin', $result );

  // The minimum capability that's required is <code>edit_posts</code>.
  // If we don't add this guard here, plugin fails when adding menus.
  if ( ! current_user_can( 'edit_posts' ) ) {
    $result = false;
  }

  return $result;
}

    As you can see, I’ve added the filter you requested: nelioab_can_user_manage_plugin.

    After that, you need to change one more file: nelio-ab-testing/admin/admin-controller.php. Go to line 597, where function create_nelioab_admin_pages is defined. There you’ll see we use a couple of WordPress functions for creating Nelio’s menu: add_menu_page and add_submenu_page. When using these functions, we’re supposed to specify the minimum required capability a user needs to have in order to see the related menu entry. Right now, they’re all set to manage_options. Change them as depicted in this gist.

    And that’s it! You shuold be aware of one last thing, though. Depending on the user to which you grant access to the plugin, some functionalities of Nelio might not work properly. For instance, an Editor user cannot edit menus, which means that Menu Experiments won’t work properly. As long as you’re aware of this glitches, you’re good to go!

    I hope this helps. Please, let me know how it worked 🙂

    Best,
    David

    Plugin Author David Aguilera

    (@davilera)

    10 years, 5 months ago

    Version 4.3.1 included the fix I described in this thread. I’ll mark the topic as resolved.

    Thread Starter David Anderson / Team Updraft

    (@davidanderson)

    10 years, 5 months ago

    Thank you. I did implement this and pass it on to our marketing people for testing. I am not sure what then happened, as it got a bit busy before Christmas…

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘More flexible permissions’ is closed to new replies.