Skip to:
Content
Pages
Categories
Search
Top
Bottom

Custom User Role Doesn't Have Sufficient Privileges

  • @danzigism

    Participant

    Howdy folks, I’m currently using WP 3.5.1 I just upgraded to BuddyPress version 1.7.1

    I have a custom user role called “Manager” that I’ve created with the User Role Editor plugin. Prior to my upgrade to BP 1.7.1 I gave this user role total administrative access over the website except for things like plugin installations and such. This user role could also edit the profiles of all the members in the directory.

    Unfortunately since the upgrade, people with the “Manager” user role are not able to edit people’s profiles anymore because they get taken to a page saying: “Sorry, the page you have requested cannot be found or you do not have sufficient privileges.”

    I have indeed disabled all my plugins to no avail. I do have a backup just in case, but I’d really like to resolve this issue if at all possible. I double checked the permissions of the “Manager” role as well and they do have the options for “edit_profile” and “edit_users” among various others.

    Thanks so much for your time and assistance.

Viewing 10 replies - 1 through 10 (of 10 total)
  • @danzigism

    Participant

    Anybody come across this? I’d hate to give my site managers super admin privileges just to edit other members’ profiles.

    @danzigism

    Participant

    I have checked the user “capabilities” of the custom role I have created and it has all the capabilities it needs to modify WP users. They can reset passwords and modify WP related profile information but NOT BuddyPress extended profiles. Apparently though BP doesn’t use WP roles for anything besides checking for super admin privileges. Can anybody think of a way to modify BP to allow non-super admins to edit extended profile information of other users besides themselves?

    @shanebp

    Moderator

    Try giving them the ‘bp_moderate’ capabilities.

    It seems edit_profile checks to see if it’s your profile or whether
    bp_current_user_can( 'bp_moderate' ) || current_user_can( 'edit_users' )
    so adding the ‘edit_users’ cap should work.

    See bp_core_can_edit_settings() in bp-members-functions.php

    It may not be a bug, but you could find out by submitting a bug
    https://buddypress.trac.wordpress.org/

    @shanebp

    Moderator

    also – some role editors are funky.

    Make sure it’s not that plugin.
    Use this to check if your custom role really has those caps:
    https://wordpress.org/extend/plugins/members/

    @danzigism

    Participant

    Thanks for the info @shanebpdev that is very useful. After using the “Members” role editor I was indeed able to verify that the Manager role already had the “edit_users” capability. Sadly any user with the Manager role still gets taken to the “You do not have sufficient privileges” page. Perhaps it is a bug.

    I checked out the bp-members-functions.php file and found the line you spoke of and it is matching:

    if ( bp_current_user_can( 'bp_moderate' ) || current_user_can( 'edit_users' ) )

    Now “bp_moderate” does not show up as an actual WP role. The regular “moderate” role does however, and the Manager user has access to that capability.

    Just for the heck of it I changed the line to current_user_can(‘Manager’) which without any arguments does check for the name of the role. After doing so I noticed that when a manager goes to edit a member’s profile, they are automatically redirected to the member’s activity feed instead of the edit profile page.

    Something funky is going on for sure. I really appreciate you helping me out with this.

    @shanebp

    Moderator

    Perhaps try using an existing role, like Editor, instead of a custom role ?
    And add caps to that role?

    @danzigism

    Participant

    Finally figured it out!!! First I tried using a modified version of the “Editor” role as you suggested with ALL capabilities added which allowed me to edit member profiles no problem. THEN I unchecked each and every capability one by one until I found the one that triggered the problem.

    As it turns out the “manage_options” capability was the missing link. I checked off manage_options under my custom “Manager” role and waddya know, we’re back in action.

    I wonder what changed in BP 1.7.1 that requires the manage_options capability?

    Regardless, it works like a champ. Thanks a million for helping me troubleshoot this @shanebpdev – Hope your day is awesome!

    @shanebp

    Moderator

    Glad you got it sorted.

    But ‘manage_options’ is a powerful cap.
    I could see where you wouldn’t want to grant that cap to a custom role.

    Now that you can explain the issue, I suggest you submit a bug.
    https://buddypress.trac.wordpress.org/

    @danzigism

    Participant

    You’re right @shanebp

    After reading that manage_options much gives that role access to the entire Settings feature of WordPress I realized that isn’t good. Needless to say, I have used Adminimize to hide the “Settings” tab from the Manager user role for the time being but certain savvy people could still access it if they knew the URL to those settings pages.

    I submitted the bug to: https://buddypress.trac.wordpress.org/ticket/4991#ticket

    Thanks again for all of your help!

    @matthew_radich

    Participant

    Sweet! This was exactly my problem. Thanks to the two of you.

Viewing 10 replies - 1 through 10 (of 10 total)
  • The topic ‘Custom User Role Doesn't Have Sufficient Privileges’ is closed to new replies.
Skip to toolbar