Have you tried ‘edit_users’?
Yeah, that doesn’t give access to the extended profile unfortunately, only the ‘standard’ profile, or whatever you call it.
Yep I thought that would be the case, I don’t think there’s a way round it. BP uses either bp_moderate or manage_options and bp_moderate is mapped to manage_options anyway.
Is there a way of granting just bp_moderate, without manage_options? I couldn’t see that listed as a cap (as viewed through the ‘Members’ plugin).
I think you’d execute the following code:
$editor = get_role( 'editor' );
$editor->add_cap( 'bp_moderate' );
That didn’t work either I’m afraid. Opening the extended profile returns “You cannot edit the requested user.”
I’ve looked at the code and it turns out there’s a typo in buddypress/bp-members/classes/class-bp-members-admin.php as follows:
Line 1277:
if ( current_user_can( 'edit_user', $user->ID ) || bp_current_user_can( 'bp_moderate' ) ) {
One thing to try is to change this on your copy as follows:
if ( current_user_can( 'edit_users', $user->ID ) || bp_current_user_can( 'bp_moderate' ) ) {
You can also see that the other check is for bp_moderate so maybe my code earlier was wrong? though tbh bp_moderate give a whole bunch of additional features that you probably don’t want to expose to your editors. This is the example code from wp.org:
function add_theme_caps() {
// gets the author role
$role = get_role( 'author' );
// This only works, because it accesses the class instance.
// would allow the author to edit others' posts for current theme only
$role->add_cap( 'edit_others_posts' );
}
add_action( 'admin_init', 'add_theme_caps');
Note I got the filename wrong in the above text, I’ve fixed it now.
I tried both of those (editing the typo in core file & add_cap) but neither worked unfortunately.
On checking through Members I can see that the Editor role has been granted bp_moderate, which leads me to think that this role alone is not sufficient to grant access to the extended profile page.
Do you think I should raise this as a ticket? I’m not sure if it would be considered a bug or ‘feature’.
I’ve raised another ticket, don’t think this will be the last as it’s still not working.
https://buddypress.trac.wordpress.org/ticket/8070
Thanks for you help with this @venutius, appreciated 🙂
I’m guessing there’s not much more that can be done for now.
Nope, currently it’s ‘manage_options’ or nothing. I@m still investigating, I’ll get back to you when I’ve got an update.
Hi there, I got it working for ‘edit_users’ capability but I’ve had to make three changes to class-bp-members-admin.php to do it:
https://buddypress.trac.wordpress.org/ticket/8072
https://buddypress.trac.wordpress.org/ticket/8069
https://buddypress.trac.wordpress.org/ticket/8070
For ‘bp_moderate’ it seems there are other issues this time seemingly coming from WordPress:
https://buddypress.trac.wordpress.org/ticket/8071
Thanks, will keep an eye on the tickets and hope the changes come in a future release.
Just trying to lock the site down a bit more so that we have fewer users with the more powerful priviledges.
yes, I think there’s a strong argument for adding a ‘bp_moderate_groups’ capability
Any finer-grained control over capabilities that avoids having to grant manage_options is a plus in my book. Helps a lot in locking down site security.
Yep I agree, unfortunately I found the reason why ‘bp_moderate’ did not work. BP has a function that makes sure only people with ‘manage_options’ can have this capability. It was supposed to be a temporary fix, looks like it’s permanent now. So you your use case the only hope is to get the ‘edit_users’ checks put in place.
Thanks for your help anyway. Sounds like the ‘edit_users’ fix is straight-forward enough so hopefully that will mean it appears a not-too-distant release.
I found this post, not covering BP but useful for when you give editors the ability to manage users. could be of use.
Let Editor Manage Users in WordPress
Thanks, that’s super helpful – some very useful stuff in that article.
Looking at the responses from the dev’s, it looks like the current behaviour is as designed, you can’t delegate any BP management functions without givin ‘manage_options’, I’ve proposed we change this as this was originally billed as a temporary solution.
@John hi there, I’ve been busy, I’ve created a plugin to do this for you – https://github.com/Venutius/bp-devolved-authority I’d love it if you could give it a try.
This allows selected roles to manage the various aspects of BP without needing ‘manage_options’ capability. The role would need to have ‘edit_posts’. Also the role to manage members should have the ‘list_users’ capability.
This grants this ability on the front end and on the backend. I think it provides the basic functionality but is likely to need some tweaks with regards to the front end features.
@venutius, wow – you really have been busy!
I get a ‘not allowed to access this page’ error when I try to visit the plugin settings at
/wp-admin/admin.php?page=bp-devolved-authority-settings
Logged in as administrator.
