Opened 10 years ago
Closed 10 years ago
#32739 closed defect (bug) (worksforme)
Allow Non-administrators to Access the Customizer
Reported by: |
|
Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | 4.2 |
Component: | Customize | Keywords: | close |
Focuses: | Cc: |
Description (last modified by )
The following code added to function file is the stated way to provide access to the customizer for users with "edit_posts" capabilities.
function allow_users_who_can_edit_posts_to_customize( $caps, $cap, $user_id ) { $required_cap = 'edit_posts'; if ( 'customize' === $cap && user_can( $user_id, $required_cap ) ) { $caps = array( $required_cap ); } return $caps; } add_filter( 'map_meta_cap', 'allow_users_who_can_edit_posts_to_customize', 10, 3 );
The Probblem; Outside of the admin, eligible users are shown the customizer link in the toolbar, but when they click the link they get "Cheating,'uh" accusation rather than the customizer.
Change History (11)
#1
@
10 years ago
- Description modified (diff)
- Summary changed from Allow Non-administrators to Access the Customizer (Not Working) to Allow Non-administrators to Access the Customizer
- Version changed from 4.2.2 to 4.2
#2
@
10 years ago
- Milestone Awaiting Review deleted
- Resolution set to invalid
- Status changed from new to closed
#3
@
10 years ago
This specific code has been copied/pasted into many places, sequentially including:
- #28605
- https://make.wordpress.org/core/2014/07/08/customizer-improvements-in-4-0/
- https://developer.wordpress.org/themes/advanced-topics/customizer-api/
Support forum issue that was created: https://wordpress.org/support/topic/allow-non-administrators-to-access-the-customizer-not-working?replies=1.
But yeah, it does look wrong... Should probably be corrected everywhere it can be edited if it is in fact wrong, but I'm not familiar with the specifics here. @westonruter?
#5
@
10 years ago
I think using the map_meta_cap
filter maybe confused things. I've also used the following user_has_cap
filter to grant customize
cap to users who can edit_posts
:
<?php function grant_customize_cap_to_users_who_can_edit_posts( $allcaps, $caps, $args ) { if ( ! empty( $allcaps['edit_posts'] ) && ! empty( $args ) && 'customize' === $args[0] ) { $allcaps = array_merge( $allcaps, array_fill_keys( $caps, true ) ); } return $allcaps; } add_filter( 'user_has_cap', 'grant_customize_cap_to_users_who_can_edit_posts', 10, 3 );
If this is also wrong, by all means someone set me straight :-)
/cc @y2kand13
#6
@
10 years ago
- Resolution invalid deleted
- Status changed from closed to reopened
Hello westonruter,
Your last bit of code does not work either. It does provide a customizer link, but that link doesn't get the user with "edit_posts" capability past the "cheatin' uh?" Sentry.
#7
@
10 years ago
- Keywords close added
@y2kand13: Are you adding this filter inside of a theme or a plugin? It works for me when included in a plugin. Note that it has to be added before setup_theme
fires, which happens before a theme's functions.php
loads. So the code has to be executed by the plugins_loaded
action. So this means that if this functionality is loaded by a theme (e.g. on WordPress.com VIP) it will happen too late. In this case, a different approach is needed where the customize
capability gets written persistently to the user role in the database, e.g. via a one-time call to WP_Role::add_cap()
. I haven't tried this yet, but I know my colleague @shadyvb is working on it.
#8
@
10 years ago
@westonruter: Adding roles persistently isn't working for me so far on WordPress VIP ( or QuickStart to be exact ), have raised a ticket with WordPress VIP about it and still waiting for a response.
#9
@
10 years ago
Excerpt from the VIP ticket:
We're trying to give newly created roles access to customizer, but the addition of roles in real-time prevents that since the check on
customize.php
load is done before the theme is loaded ( on https://github.com/WordPress/WordPress/blob/master/wp-includes/class-wp-customize-manager.php#L226 ).
Hi y2kand13.
Where is this code from? It doesn't work because it's not granting the
customize
capability to the user. In fact, it's removing all capabilities exceptedit_posts
.This is better addressed in the support forums because it's not a core issue.