Skip to:
Content
Pages
Categories
Search
Top
Bottom

Custom User Role Doesn't Have Sufficient Privileges

  • Avatar of danzigism
    danzigism
    Participant

    @danzigism

    Howdy folks, I’m currently using WP 3.5.1 I just upgraded to BuddyPress version 1.7.1

    I have a custom user role called “Manager” that I’ve created with the User Role Editor plugin. Prior to my upgrade to BP 1.7.1 I gave this user role total administrative access over the website except for things like plugin installations and such. This user role could also edit the profiles of all the members in the directory.

    Unfortunately since the upgrade, people with the “Manager” user role are not able to edit people’s profiles anymore because they get taken to a page saying: “Sorry, the page you have requested cannot be found or you do not have sufficient privileges.”

    I have indeed disabled all my plugins to no avail. I do have a backup just in case, but I’d really like to resolve this issue if at all possible. I double checked the permissions of the “Manager” role as well and they do have the options for “edit_profile” and “edit_users” among various others.

    Thanks so much for your time and assistance.

Viewing 10 replies - 1 through 10 (of 10 total)
  • Avatar of danzigism
    danzigism
    Participant

    @danzigism

    Anybody come across this? I’d hate to give my site managers super admin privileges just to edit other members’ profiles.

    Avatar of danzigism
    danzigism
    Participant

    @danzigism

    I have checked the user “capabilities” of the custom role I have created and it has all the capabilities it needs to modify WP users. They can reset passwords and modify WP related profile information but NOT BuddyPress extended profiles. Apparently though BP doesn’t use WP roles for anything besides checking for super admin privileges. Can anybody think of a way to modify BP to allow non-super admins to edit extended profile information of other users besides themselves?

    Avatar of shanebp
    shanebp
    Moderator

    @shanebp

    Try giving them the ‘bp_moderate’ capabilities.

    It seems edit_profile checks to see if it’s your profile or whether
    bp_current_user_can( 'bp_moderate' ) || current_user_can( 'edit_users' )
    so adding the ‘edit_users’ cap should work.

    See bp_core_can_edit_settings() in bp-members-functions.php

    It may not be a bug, but you could find out by submitting a bug

    http://buddypress.trac.wordpress.org/

    Avatar of shanebp
    shanebp
    Moderator

    @shanebp

    also – some role editors are funky.

    Make sure it’s not that plugin.
    Use this to check if your custom role really has those caps:

    http://wordpress.org/extend/plugins/members/

    Avatar of danzigism
    danzigism
    Participant

    @danzigism

    Thanks for the info @shanebpdev that is very useful. After using the “Members” role editor I was indeed able to verify that the Manager role already had the “edit_users” capability. Sadly any user with the Manager role still gets taken to the “You do not have sufficient privileges” page. Perhaps it is a bug.

    I checked out the bp-members-functions.php file and found the line you spoke of and it is matching:

    if ( bp_current_user_can( 'bp_moderate' ) || current_user_can( 'edit_users' ) )

    Now “bp_moderate” does not show up as an actual WP role. The regular “moderate” role does however, and the Manager user has access to that capability.

    Just for the heck of it I changed the line to current_user_can(‘Manager’) which without any arguments does check for the name of the role. After doing so I noticed that when a manager goes to edit a member’s profile, they are automatically redirected to the member’s activity feed instead of the edit profile page.

    Something funky is going on for sure. I really appreciate you helping me out with this.

    Avatar of shanebp
    shanebp
    Moderator

    @shanebp

    Perhaps try using an existing role, like Editor, instead of a custom role ?
    And add caps to that role?

    Avatar of danzigism
    danzigism
    Participant

    @danzigism

    Finally figured it out!!! First I tried using a modified version of the “Editor” role as you suggested with ALL capabilities added which allowed me to edit member profiles no problem. THEN I unchecked each and every capability one by one until I found the one that triggered the problem.

    As it turns out the “manage_options” capability was the missing link. I checked off manage_options under my custom “Manager” role and waddya know, we’re back in action.

    I wonder what changed in BP 1.7.1 that requires the manage_options capability?

    Regardless, it works like a champ. Thanks a million for helping me troubleshoot this @shanebpdev – Hope your day is awesome!

    Avatar of shanebp
    shanebp
    Moderator

    @shanebp

    Glad you got it sorted.

    But ‘manage_options’ is a powerful cap.
    I could see where you wouldn’t want to grant that cap to a custom role.

    Now that you can explain the issue, I suggest you submit a bug.

    http://buddypress.trac.wordpress.org/

    Avatar of danzigism
    danzigism
    Participant

    @danzigism

    You’re right @shanebp

    After reading that manage_options much gives that role access to the entire Settings feature of WordPress I realized that isn’t good. Needless to say, I have used Adminimize to hide the “Settings” tab from the Manager user role for the time being but certain savvy people could still access it if they knew the URL to those settings pages.

    I submitted the bug to: http://buddypress.trac.wordpress.org/ticket/4991#ticket

    Thanks again for all of your help!

    Avatar of Matthew_Radich
    Matt Rad
    Participant

    @matthew_radich

    Sweet! This was exactly my problem. Thanks to the two of you.

Viewing 10 replies - 1 through 10 (of 10 total)

You must be logged in to reply to this topic.