WordPress.org

Ready to get started?Download WordPress

Forums

Content Aware Sidebars
[resolved] Sidebar controls in dashboard visible to Subscribers (4 posts)

  1. cestrauss
    Member
    Posted 1 year ago #

    The Content Aware Sidebar plugin did an excellent job of adding custom sidebars to my Forum and Forum Category pages for bbPress. I am concerned that users may be able to "damage" them since the controls are visible in the Dashboard to users at the Subscriber level. How can I fix this so that only an Administrator can see the control panel?

    And yes, I am very new to WordPress, so assume nothing - even though my first web browser was Lynx ;-)

    http://wordpress.org/extend/plugins/content-aware-sidebars/

  2. Joachim Jensen (Intox Studio)
    Member
    Plugin Author

    Posted 1 year ago #

    Thanks for the feedback.

    The Sidebars menu should not be visible to Subscribers as they have the same capability requirements as Posts. It is, however, possible that a plugin has changed the Roles in your installation.

    If you want to make sure that only the administrators can manage sidebars, go to /content-aware-sidebars/content-aware-sidebars.php line 200 and replace the current code with:

    // Register the sidebar type
    		register_post_type('sidebar',array(
    			'labels'	=> array(
    				'name'			=> __('Sidebars', 'content-aware-sidebars'),
    				'singular_name'		=> __('Sidebar', 'content-aware-sidebars'),
    				'add_new'		=> _x('Add New', 'sidebar', 'content-aware-sidebars'),
    				'add_new_item'		=> __('Add New Sidebar', 'content-aware-sidebars'),
    				'edit_item'		=> __('Edit Sidebar', 'content-aware-sidebars'),
    				'new_item'		=> __('New Sidebar', 'content-aware-sidebars'),
    				'all_items'		=> __('All Sidebars', 'content-aware-sidebars'),
    				'view_item'		=> __('View Sidebar', 'content-aware-sidebars'),
    				'search_items'		=> __('Search Sidebars', 'content-aware-sidebars'),
    				'not_found'		=> __('No sidebars found', 'content-aware-sidebars'),
    				'not_found_in_trash'	=> __('No sidebars found in Trash', 'content-aware-sidebars')
    			),
    			'capabilities' => array(
    				'edit_post'		=> 'edit_theme_options',
    				'read_post'		=> 'edit_theme_options',
    				'delete_post'		=> 'edit_theme_options',
    				'edit_posts'		=> 'edit_theme_options',
    				'edit_others_posts'	=> 'edit_theme_options',
    				'publish_posts'		=> 'edit_theme_options',
    				'read_private_posts'	=> 'edit_theme_options'
    			),
    			'show_ui'	=> true,
    			'query_var'	=> false,
    			'rewrite'	=> false,
    			'menu_position' => null,
    			'supports'	=> array('title','page-attributes','excerpt'),
    			'taxonomies'	=> $this->taxonomies,
    			'menu_icon'	=> WP_PLUGIN_URL.'/'.plugin_basename(dirname(__FILE__)).'/img/icon-16.png'
    		));

    This will probably be implemented in the next version as well - it makes more sense that only the Roles that can manage Widgets can manage Sidebars.

  3. cestrauss
    Member
    Posted 1 year ago #

    That did the trick - the Sidebars menu is hidden to the user who could see it before. BTW, that user had Contributor rights, not Subscriber, but that is still too low a level to be allowed near a plugin control. Somewhere in my testing of bbPress forums I must have upgraded their rights to Contributor. So your code update sets the required permission level to 'edit_theme_options' which is only held by the Administrator Role, correct?

    Thanks!

  4. Joachim Jensen (Intox Studio)
    Member
    Plugin Author

    Posted 1 year ago #

    edit_theme_options is only available to the administrators, yes. You can read more about it here:

    http://codex.wordpress.org/Roles_and_Capabilities#Capability_vs._Role_Table

    The change will be part of the next version.

    If you encounter other problems, feel free to open a new thread in here.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic