[wp-trac] [WordPress Trac] #8535: role & capabilities/menu/user_can_access_admin_page()

WordPress Trac wp-trac at lists.automattic.com
Tue Dec 9 07:56:43 GMT 2008

#8535: role & capabilities/menu/user_can_access_admin_page()
 Reporter:  arena           |       Owner:  anonymous
     Type:  defect          |      Status:  new      
 Priority:  high            |   Milestone:  2.7      
Component:  Administration  |     Version:           
 Severity:  major           |    Keywords:           

 In my plugin i grant access to the plugin settings page to editor role.

 when i login under wp admin as an editor,

 the Settings Main Menu is displayed with link :

 the plugin sub menu 'settings' is displayed with link :

 when i click on the first link, i access the plugin page

 when i click on the second link, i have the following message : You do not
 have sufficient permissions to access this page.

 '''Bug analysis''' :

 A) the bug appears to be in the first test made by function

 the test is this one :

  862      if ( isset( $_wp_submenu_nopriv[$parent][$pagenow] ) )
  863          return false;

 clicking on the second link gives :

 $parent = options-general.php
 $pagenow options-general.php
 and of course $_wp_submenu_nopriv[options-general.php][options-
 general.php] is set ...

 Should the value of $pagenow be the plugin page value ??

 B) Second test in user_can_access_admin_page() is :

 865      if ( isset( $plugin_page ) && isset(
 $_wp_submenu_nopriv[$parent][$plugin_page] ) )
  866          return false;

 If i discard the first test, everything is ok (for that particular case)

 '''SUGGESTION''' : First test in user_can_access_admin_page() should be :

 862      if ( !isset( $plugin_page ) && isset(
 $_wp_submenu_nopriv[$parent][$pagenow] ) )
  863          return false;

 '''Test Case :'''

 1. Download http://andrerenaut.ovh.org/wp/wp-
 2. Extract/Copy to wp-content/plugins/Activate the two plugins.
 3. Go to Settings>MailPress settings>tab 'R&C' and grant access for editor
 role to settings capability.
 4. Login as an editor
 5. You should have a Setting main menu and a MailPress setting submenu.

Ticket URL: <http://trac.wordpress.org/ticket/8535>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list