admin管理员组文章数量:1318580
WordPress Capabilities has always confused me, as you cannot allow granular access of certain roles to certain features. (Coming from a Drupal background)
I have the WordPress Carousel plugin installed and I am looking to allow the 'Editor' access to manage carousels, which seems like a reasonable option. But from looking within the plugin they have set permissions to the 'manage_options' capability. But I do not want the Editors to access to site-related options (e.g. Cache and other options they could break). Below is the code from the plugin which registers the post type.
What is the best way to allow the Editor permission to add/edit/delete carousel posts?
public function wp_carousel_post_type() {
if ( post_type_exists( 'sp_wp_carousel' ) ) {
return;
}
// Set the WordPress carousel post type labels.
$labels = apply_filters(
'sp_wp_carousel_post_type_labels',
array(
'name' => esc_html_x( 'All Carousels', 'wp-carousel-free' ),
'singular_name' => esc_html_x( 'WP Carousel', 'wp-carousel-free' ),
'add_new' => esc_html__( 'Add New', 'wp-carousel-free' ),
'add_new_item' => esc_html__( 'Add New Carousel', 'wp-carousel-free' ),
'edit_item' => esc_html__( 'Edit Carousel', 'wp-carousel-free' ),
'new_item' => esc_html__( 'New Carousel', 'wp-carousel-free' ),
'view_item' => esc_html__( 'View Carousel', 'wp-carousel-free' ),
'search_items' => esc_html__( 'Search Carousels', 'wp-carousel-free' ),
'not_found' => esc_html__( 'No Carousels found.', 'wp-carousel-free' ),
'not_found_in_trash' => esc_html__( 'No Carousels found in trash.', 'wp-carousel-free' ),
'parent_item_colon' => esc_html__( 'Parent Item:', 'wp-carousel-free' ),
'menu_name' => esc_html__( 'WP Carousel', 'wp-carousel-free' ),
'all_items' => esc_html__( 'All Carousels', 'wp-carousel-free' ),
)
);
// Set the WordPress carousel post type arguments.
$args = apply_filters(
'sp_wp_carousel_post_type_args',
array(
'labels' => $labels,
'public' => false,
'hierarchical' => false,
'exclude_from_search' => true,
'show_ui' => current_user_can( 'manage_options' ) ? true : false,
'show_in_admin_bar' => false,
'menu_position' => apply_filters( 'sp_wp_carousel_menu_position', 120 ),
'menu_icon' => WPCAROUSELF_URL . '/admin/js/wp-carousel-icon.svg',
'rewrite' => false,
'query_var' => false,
'supports' => array(
'title',
),
)
);
register_post_type( 'sp_wp_carousel', $args );
}
WordPress Capabilities has always confused me, as you cannot allow granular access of certain roles to certain features. (Coming from a Drupal background)
I have the WordPress Carousel plugin installed and I am looking to allow the 'Editor' access to manage carousels, which seems like a reasonable option. But from looking within the plugin they have set permissions to the 'manage_options' capability. But I do not want the Editors to access to site-related options (e.g. Cache and other options they could break). Below is the code from the plugin which registers the post type.
What is the best way to allow the Editor permission to add/edit/delete carousel posts?
public function wp_carousel_post_type() {
if ( post_type_exists( 'sp_wp_carousel' ) ) {
return;
}
// Set the WordPress carousel post type labels.
$labels = apply_filters(
'sp_wp_carousel_post_type_labels',
array(
'name' => esc_html_x( 'All Carousels', 'wp-carousel-free' ),
'singular_name' => esc_html_x( 'WP Carousel', 'wp-carousel-free' ),
'add_new' => esc_html__( 'Add New', 'wp-carousel-free' ),
'add_new_item' => esc_html__( 'Add New Carousel', 'wp-carousel-free' ),
'edit_item' => esc_html__( 'Edit Carousel', 'wp-carousel-free' ),
'new_item' => esc_html__( 'New Carousel', 'wp-carousel-free' ),
'view_item' => esc_html__( 'View Carousel', 'wp-carousel-free' ),
'search_items' => esc_html__( 'Search Carousels', 'wp-carousel-free' ),
'not_found' => esc_html__( 'No Carousels found.', 'wp-carousel-free' ),
'not_found_in_trash' => esc_html__( 'No Carousels found in trash.', 'wp-carousel-free' ),
'parent_item_colon' => esc_html__( 'Parent Item:', 'wp-carousel-free' ),
'menu_name' => esc_html__( 'WP Carousel', 'wp-carousel-free' ),
'all_items' => esc_html__( 'All Carousels', 'wp-carousel-free' ),
)
);
// Set the WordPress carousel post type arguments.
$args = apply_filters(
'sp_wp_carousel_post_type_args',
array(
'labels' => $labels,
'public' => false,
'hierarchical' => false,
'exclude_from_search' => true,
'show_ui' => current_user_can( 'manage_options' ) ? true : false,
'show_in_admin_bar' => false,
'menu_position' => apply_filters( 'sp_wp_carousel_menu_position', 120 ),
'menu_icon' => WPCAROUSELF_URL . '/admin/js/wp-carousel-icon.svg',
'rewrite' => false,
'query_var' => false,
'supports' => array(
'title',
),
)
);
register_post_type( 'sp_wp_carousel', $args );
}
- Keep in mind that 3rd party plugin dev support is off topic here – Tom J Nowell ♦ Commented Oct 21, 2020 at 10:07
1 Answer
Reset to default 0It would appear this plugin was written by a developer who was unaware of roles and capabilities.
Luckily the author passes their post type arguments through a filter named sp_wp_carousel_post_type_args, giving you the opportunity to override and add options, such as replacing the show_ui value and adding a capability array.
本文标签: permissionsAllow Editor access to a certain plugin
版权声明:本文标题:permissions - Allow Editor access to a certain plugin 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1742045853a2417777.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论