#10313 closed defect (bug) (wontfix)
Editors not allowed to save settings on themes / plugins
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | Priority: | normal | |
| Severity: | major | Version: | 2.8 |
| Component: | Role/Capability | Keywords: | |
| Focuses: | Cc: |
Description
Considering the simplest plugin code that saves some text on database (see sample attached).
Login with your ADMIN username, and you will be able to save those settings to database.
Now login with any EDITOR level user, and try to save the settings.
You will get the message "Cheatin’ uh?" on yourdomain.com/wp-admin/options.php
Also noticed that the level 5 was defined so editors should be able to save that with no problems at all.
Tested up to 2.8.1 beta2
Attachments (1)
Change History (4)
#1
@
16 years ago
- Milestone 2.8.1 deleted
- Resolution set to wontfix
- Status changed from new to closed
Consider this: Are your editors supposed to be able to modify global blog options, or to add/manage postings.
If you so wish for your editor levels to be able to manage the entire blog, you need to install a Role managing plugin and grant the priviledge 'manage_options' to the Editor Role.
#2
@
16 years ago
Of course, The other way to look at it, that this reporter is seeing it as is:
The plugin has specified its page can be viewed by non-admins, therefor, options.php should allow this users of this level to modify any of that pages optiosn (Perhaps using the Whitelisting functionality??)
Eitherway, It'll require more code on the plugins behalf. Either whitelisting with some new functionality in WP, Or for the plugin to post to itself and handle permissions instead.
Sample code, and prove of evidence