Make WordPress Core

Opened 6 years ago

Closed 6 years ago

#32739 closed defect (bug) (worksforme)

Allow Non-administrators to Access the Customizer

Reported by: y2kand13 Owned by:
Milestone: Priority: normal
Severity: normal Version: 4.2
Component: Customize Keywords: close
Focuses: Cc:

Description (last modified by ocean90)

The following code added to function file is the stated way to provide access to the customizer for users with "edit_posts" capabilities.

function allow_users_who_can_edit_posts_to_customize( $caps, $cap, $user_id ) {
    $required_cap = 'edit_posts';
    if ( 'customize' === $cap && user_can( $user_id, $required_cap ) ) {
        $caps = array( $required_cap );
    return $caps;
add_filter( 'map_meta_cap', 'allow_users_who_can_edit_posts_to_customize', 10, 3 );

The Probblem; Outside of the admin, eligible users are shown the customizer link in the toolbar, but when they click the link they get "Cheating,'uh" accusation rather than the customizer.

Change History (11)

#1 @ocean90
6 years ago

  • Description modified (diff)
  • Summary changed from Allow Non-administrators to Access the Customizer (Not Working) to Allow Non-administrators to Access the Customizer
  • Version changed from 4.2.2 to 4.2

#2 @johnbillion
6 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to invalid
  • Status changed from new to closed

Hi y2kand13.

Where is this code from? It doesn't work because it's not granting the customize capability to the user. In fact, it's removing all capabilities except edit_posts.

This is better addressed in the support forums because it's not a core issue.

#3 @celloexpressions
6 years ago

This specific code has been copied/pasted into many places, sequentially including:

Support forum issue that was created: https://wordpress.org/support/topic/allow-non-administrators-to-access-the-customizer-not-working?replies=1.

But yeah, it does look wrong... Should probably be corrected everywhere it can be edited if it is in fact wrong, but I'm not familiar with the specifics here. @westonruter?

#4 @helen
6 years ago

#32850 was marked as a duplicate.

#5 @westonruter
6 years ago

I think using the map_meta_cap filter maybe confused things. I've also used the following user_has_cap filter to grant customize cap to users who can edit_posts:

function grant_customize_cap_to_users_who_can_edit_posts( $allcaps, $caps, $args ) {
        if ( ! empty( $allcaps['edit_posts'] ) && ! empty( $args ) && 'customize' === $args[0] ) {
                $allcaps = array_merge( $allcaps, array_fill_keys( $caps, true ) );
        return $allcaps;
add_filter( 'user_has_cap', 'grant_customize_cap_to_users_who_can_edit_posts', 10, 3 );

If this is also wrong, by all means someone set me straight :-)

/cc @y2kand13

#6 @y2kand13
6 years ago

  • Resolution invalid deleted
  • Status changed from closed to reopened

Hello westonruter,

Your last bit of code does not work either. It does provide a customizer link, but that link doesn't get the user with "edit_posts" capability past the "cheatin' uh?" Sentry.

Last edited 6 years ago by y2kand13 (previous) (diff)

#7 @westonruter
6 years ago

  • Keywords close added

@y2kand13: Are you adding this filter inside of a theme or a plugin? It works for me when included in a plugin. Note that it has to be added before setup_theme fires, which happens before a theme's functions.php loads. So the code has to be executed by the plugins_loaded action. So this means that if this functionality is loaded by a theme (e.g. on WordPress.com VIP) it will happen too late. In this case, a different approach is needed where the customize capability gets written persistently to the user role in the database, e.g. via a one-time call to WP_Role::add_cap(). I haven't tried this yet, but I know my colleague @shadyvb is working on it.

#8 @shadyvb
6 years ago

@westonruter: Adding roles persistently isn't working for me so far on WordPress VIP ( or QuickStart to be exact ), have raised a ticket with WordPress VIP about it and still waiting for a response.

#9 @shadyvb
6 years ago

Excerpt from the VIP ticket:

We're trying to give newly created roles access to customizer, but the addition of roles in real-time prevents that since the check on customize.php load is done before the theme is loaded ( on https://github.com/WordPress/WordPress/blob/master/wp-includes/class-wp-customize-manager.php#L226 ).

#10 @y2kand13
6 years ago

Playing around I have flat-out given users a 'customize' cap, by itself and alongside of edit_posts, either way, get the same error. Giving the user 'edit_theme_options', works... to well. Was adding the code to the function file, guess I'll try the plugin route.

#11 @y2kand13
6 years ago

  • Resolution set to worksforme
  • Status changed from reopened to closed

I concur, invoking the code via a plugin gets users with edit_post capability access to the customizer. Thanks for the clarification.

Note: See TracTickets for help on using tickets.