User Role Editor security

  • webgscschool

    (@webgscschool)


    8 years, 8 months ago

    I recently installed user role editor in my testing environment to see if it could restrict user to just editing one page. I created a custom role from the Editor role and assigned it to the user. The custom role does what I want in that it will restrict the user to just editing a specific page. It also restricts the users from accessing most other dashboard items with the following exception: I have 3 plugins that the user can still access:
    1. Contact Form 7
    2. Simple Calendar
    3. PTA Member Directory

    Is it possible to remove access from these plugin’s with user role editor? I don’t see anything in the capabilities windows to restrict them.

Viewing 1 replies (of 1 total)
  • Plugin Author Vladimir Garagulya

    (@shinephp)

    8 years, 7 months ago

    Some plugins use the same capabilities which WordPress uses for access to “Posts” and “Pages”. For example “Contact Form 7” plugin protects its menu with “edit_posts” and “publish_pages” capabilities. In general, if plugin does not allow that, it’s not possible to differentiate access to the posts, pages and such plugin menu items via WP user capabilities only.

    Contact Forms 7 offers a custom filter ‘wpcf7_map_meta_cap’. Using it you can replace capabilitites CF7 uses by default.

    In case similar filter is not available you need a special tool.

    User Role Editor Pro includes “Admin menu access” add-on, which allows to block unneeded admin menu items, protected by the same user capabilities.

Viewing 1 replies (of 1 total)

The topic ‘User Role Editor security’ is closed to new replies.