[wp-trac] [WordPress Trac] #8535: role & capabilities/menu/user_can_access_admin_page()

Tue Dec 9 07:56:43 GMT 2008

#8535: role & capabilities/menu/user_can_access_admin_page()
----------------------------+-----------------------------------------------
 Reporter:  arena           |       Owner:  anonymous
     Type:  defect          |      Status:  new      
 Priority:  high            |   Milestone:  2.7      
Component:  Administration  |     Version:           
 Severity:  major           |    Keywords:           
----------------------------+-----------------------------------------------
 '''Hello'''

 In my plugin i grant access to the plugin settings page to editor role.

 when i login under wp admin as an editor,

 the Settings Main Menu is displayed with link : http://127.0.0.1/wp27/wp-
 admin/admin.php?page=mailpress_settings

 the plugin sub menu 'settings' is displayed with link :
 http://127.0.0.1/wp27/wp-admin/options-general.php?page=mailpress_settings

 when i click on the first link, i access the plugin page

 when i click on the second link, i have the following message : You do not
 have sufficient permissions to access this page.

 '''Bug analysis''' :

 A) the bug appears to be in the first test made by function
 user_can_access_admin_page()

 the test is this one :

 {{{
  862      if ( isset( $_wp_submenu_nopriv[$parent][$pagenow] ) )
  863          return false;
 }}}

 clicking on the second link gives :

 {{{
 $parent = options-general.php
 $pagenow options-general.php
 and of course $_wp_submenu_nopriv[options-general.php][options-
 general.php] is set ...
 }}}

 Should the value of $pagenow be the plugin page value ??

 B) Second test in user_can_access_admin_page() is :

 {{{
 865      if ( isset( $plugin_page ) && isset(
 $_wp_submenu_nopriv[$parent][$plugin_page] ) )
  866          return false;
 }}}

 If i discard the first test, everything is ok (for that particular case)

 '''SUGGESTION''' : First test in user_can_access_admin_page() should be :

 {{{
 862      if ( !isset( $plugin_page ) && isset(
 $_wp_submenu_nopriv[$parent][$pagenow] ) )
  863          return false;
 }}}

 '''Test Case :'''

 {{{
 1. Download http://andrerenaut.ovh.org/wp/wp-
 content/UserFiles/download.php?path=plugins/&fname=mailpress_wph.rar
 2. Extract/Copy to wp-content/plugins/Activate the two plugins.
 3. Go to Settings>MailPress settings>tab 'R&C' and grant access for editor
 role to settings capability.
 4. Login as an editor
 5. You should have a Setting main menu and a MailPress setting submenu.
 }}}

-- 
Ticket URL: <http://trac.wordpress.org/ticket/8535>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software