WordPress.org

1. Steve Taylor
   Member
   Posted 8 months ago #

   This plugin has a similar issue to this:

   http://wordpress.org/support/topic/plugin-quick-cache-a-wp-super-cache-alternative-bad-choice-for-capability-check?replies=1

   Basically, edit_plugins is used as the capability to include the settings page. However, I like using this line in all my wp-config.php files:

   define( 'DISALLOW_FILE_EDIT', true );

   I never want any of my clients editing theme or plugin files via the admin interface, and after a nightmare experience bringing a client's site down by careless use of it, I never want to give myself the temptation! It's useless at best to me, so I turn it off.

   When edit_plugins is used as an "admin-only" check and the above constant is true, the plugin is rendered useless.

   Why not use manage_options? It's admin-only, there's no reason (as above) that it would be disabled, and it's, let's say "semantic" (i.e. it makes sense!).

2. mc_nate
   Member
   Posted 8 months ago #

   Hey Steve!

   We'll definitely put this question in front of the developers to have a peek at, as that goes a little above and beyond what we do here.

   If you do see any other weirdness, give us a shout!

   Cheers.

3. Steve Taylor
   Member
   Posted 8 months ago #

   Thanks Nate. I've just realized, it's possible they weren't seeing edit_plugins as a general "admin-only" capability. I'm finding more and more plugins that use edit_plugins as a check for editing the plugin settings, and I've realized that some people might be mistaken in thinking that edit_plugins refers to editing plugin settings. Let your developers know that this capability is meant to refer to editing the plugin files themselves (http://codex.wordpress.org/Roles_and_Capabilities#edit_plugins). The capability for editing settings / options is manage_options.

Reply

You must log in to post.