WordPress.org

Make WordPress Core

Opened 3 years ago

Closed 3 years ago

Last modified 14 months ago

#44194 closed defect (bug) (duplicate)

Privacy Policy Page not editable by editor role

Reported by: Ov3rfly Owned by:
Milestone: Priority: normal
Severity: normal Version: 4.9.6
Component: Privacy Keywords:
Focuses: Cc:

Description

  1. Have a page with some privacy policy and more...
  2. Users with editor role can edit this page.
  3. Set this page as "Privacy Policy Page"

Current Behaviour:

  1. Users with editor role can not edit this page any more.

Expected Behaviour:

  1. Users with editor role still can edit this page.

Why respecting the page editing capability is necessary:

Many agencies do not supply admin role users to customers, instead they supply one or more editor role users (with sometimes slightly enhanced capabilites as necessary per site) which are used by the customer to edit all the site content, which includes privacy policies.

Change History (5)

#1 @desrosj
3 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to duplicate
  • Status changed from new to closed

Thanks for the ticket, @Ov3rfly. Only allowing administrators to edit the privacy policy was a conscious decision (see #44079).

Changing the way this capability is managed is being discussed in #44176. Please add any information you have to that ticket.

#2 @juliobox
3 years ago

Same issue for me,

I pushed this plugin : https://wordpress.org/plugins/manage-privacy-options/

It does the job.

#3 @Ov3rfly
3 years ago

Thanks for the plugin, but this restriction needs to be removed without rolling out extra plugins to hundreds of sites, with a lot of additional testing required.

That restriction "feature", which btw. is not mentioned anywhere in release description or changelog, came with a minor update from 4.9.5 to 4.9.6 after all, not with a major release.

Most of our clients won't be able to use the new and shiny "privacy policy page" feature now.

#4 @Ov3rfly
3 years ago

For interested readers, as long as editor role users can't edit the privacy policy page, instead of the core feature we are now using a simple custom solution for login and registration pages, which supports

  • multiple links,
  • the real post titles,
  • configurable order,
  • any post types
    function my_login_footer() {
    	$post_ids = get_posts( array(
    		'posts_per_page' => -1,
    		'post_type' => 'any',
    		'meta_key' => 'my_legal',
    		'order' => 'ASC',
    		'orderby' => 'meta_value_num',
    		'fields' => 'ids'
    	) );
    	$links = array();
    	foreach ( $post_ids as $post_id ) {
    		$links[] = '<a href="' . esc_url( get_permalink( $post_id ) ) . '" target="_top">' . get_the_title( $post_id ) . '</a>';
    	}
    	if ( !empty( $links ) ) {
    		echo '<p style="width:272px;margin:0 auto;">' . implode( $links, ' / ' ) . '</p>';
    	}
    }
    add_action( 'login_footer', 'my_login_footer' );
    

Simply add a custom field my_legal with value 1 or 2 or other numeric order to any post you want to show.

#5 @DougJoseph
2 years ago

Our situation is even worse. We have a privacy policy page that even the site's Administrator cannot edit. Only the Super Administrator of the whole multisite network can edit it. Seems that whatever was intended as a "conscious" decision was a poor choice (i.e. a mistake), and furthermore, that some bug in the way it is implemented is causing issues even beyond what was "intended."

Last edited 2 years ago by DougJoseph (previous) (diff)
Note: See TracTickets for help on using tickets.