Skip to:
Content
Pages
Categories
Search
Top
Bottom

Giving editor access to edit extended profile

  • @jhob

    Participant

    I want to give the editor role access to edit the extended profile of any user. The only way I can see to do this is with the manage_options cap, which obviously is not the sort of cap you want to give to an editor.

    Is there a way of just giving access to edit extended profiles without using the manage_options cap?

    BP 4.2, WP5.1.1

Viewing 25 replies - 1 through 25 (of 41 total)
  • @venutius

    Moderator

    Have you tried ‘edit_users’?

    @jhob

    Participant

    Yeah, that doesn’t give access to the extended profile unfortunately, only the ‘standard’ profile, or whatever you call it.

    @venutius

    Moderator

    Yep I thought that would be the case, I don’t think there’s a way round it. BP uses either bp_moderate or manage_options and bp_moderate is mapped to manage_options anyway.

    @jhob

    Participant

    Is there a way of granting just bp_moderate, without manage_options? I couldn’t see that listed as a cap (as viewed through the ‘Members’ plugin).

    @venutius

    Moderator

    I think you’d execute the following code:

    $editor = get_role( 'editor' );
    $editor->add_cap( 'bp_moderate' );

    @jhob

    Participant

    That didn’t work either I’m afraid. Opening the extended profile returns “You cannot edit the requested user.”

    @venutius

    Moderator

    I’ve looked at the code and it turns out there’s a typo in buddypress/bp-members/classes/class-bp-members-admin.php as follows:

    Line 1277:

    if ( current_user_can( 'edit_user', $user->ID ) || bp_current_user_can( 'bp_moderate' ) ) {

    One thing to try is to change this on your copy as follows:

    if ( current_user_can( 'edit_users', $user->ID ) || bp_current_user_can( 'bp_moderate' ) ) {

    You can also see that the other check is for bp_moderate so maybe my code earlier was wrong? though tbh bp_moderate give a whole bunch of additional features that you probably don’t want to expose to your editors. This is the example code from wp.org:

    function add_theme_caps() {
        // gets the author role
        $role = get_role( 'author' );
    
        // This only works, because it accesses the class instance.
        // would allow the author to edit others' posts for current theme only
        $role->add_cap( 'edit_others_posts' ); 
    }
    add_action( 'admin_init', 'add_theme_caps');

    @venutius

    Moderator

    Note I got the filename wrong in the above text, I’ve fixed it now.

    @venutius

    Moderator

    I’ve raised a ticket for this typo:

    https://buddypress.trac.wordpress.org/ticket/8069

    @jhob

    Participant

    I tried both of those (editing the typo in core file & add_cap) but neither worked unfortunately.

    On checking through Members I can see that the Editor role has been granted bp_moderate, which leads me to think that this role alone is not sufficient to grant access to the extended profile page.

    Do you think I should raise this as a ticket? I’m not sure if it would be considered a bug or ‘feature’.

    @venutius

    Moderator

    I’ve raised another ticket, don’t think this will be the last as it’s still not working.

    https://buddypress.trac.wordpress.org/ticket/8070

    @jhob

    Participant

    Thanks for you help with this @venutius, appreciated 🙂

    I’m guessing there’s not much more that can be done for now.

    @venutius

    Moderator

    Nope, currently it’s ‘manage_options’ or nothing. I@m still investigating, I’ll get back to you when I’ve got an update.

    @jhob

    Participant

    Great, many thanks!

    @venutius

    Moderator

    Hi there, I got it working for ‘edit_users’ capability but I’ve had to make three changes to class-bp-members-admin.php to do it:

    https://buddypress.trac.wordpress.org/ticket/8072
    https://buddypress.trac.wordpress.org/ticket/8069
    https://buddypress.trac.wordpress.org/ticket/8070

    For ‘bp_moderate’ it seems there are other issues this time seemingly coming from WordPress:

    https://buddypress.trac.wordpress.org/ticket/8071

    @jhob

    Participant

    Thanks, will keep an eye on the tickets and hope the changes come in a future release.

    Just trying to lock the site down a bit more so that we have fewer users with the more powerful priviledges.

    @venutius

    Moderator

    yes, I think there’s a strong argument for adding a ‘bp_moderate_groups’ capability

    @jhob

    Participant

    Any finer-grained control over capabilities that avoids having to grant manage_options is a plus in my book. Helps a lot in locking down site security.

    @venutius

    Moderator

    Yep I agree, unfortunately I found the reason why ‘bp_moderate’ did not work. BP has a function that makes sure only people with ‘manage_options’ can have this capability. It was supposed to be a temporary fix, looks like it’s permanent now. So you your use case the only hope is to get the ‘edit_users’ checks put in place.

    @jhob

    Participant

    Thanks for your help anyway. Sounds like the ‘edit_users’ fix is straight-forward enough so hopefully that will mean it appears a not-too-distant release.

    @venutius

    Moderator

    I found this post, not covering BP but useful for when you give editors the ability to manage users. could be of use.

    Let Editor Manage Users in WordPress

    @jhob

    Participant

    Thanks, that’s super helpful – some very useful stuff in that article.

    @venutius

    Moderator

    Looking at the responses from the dev’s, it looks like the current behaviour is as designed, you can’t delegate any BP management functions without givin ‘manage_options’, I’ve proposed we change this as this was originally billed as a temporary solution.

    @venutius

    Moderator

    @John hi there, I’ve been busy, I’ve created a plugin to do this for you – https://github.com/Venutius/bp-devolved-authority I’d love it if you could give it a try.

    This allows selected roles to manage the various aspects of BP without needing ‘manage_options’ capability. The role would need to have ‘edit_posts’. Also the role to manage members should have the ‘list_users’ capability.

    This grants this ability on the front end and on the backend. I think it provides the basic functionality but is likely to need some tweaks with regards to the front end features.

    @jhob

    Participant

    @venutius, wow – you really have been busy!

    I get a ‘not allowed to access this page’ error when I try to visit the plugin settings at

    /wp-admin/admin.php?page=bp-devolved-authority-settings

    Logged in as administrator.

Viewing 25 replies - 1 through 25 (of 41 total)
  • You must be logged in to reply to this topic.
Skip to toolbar