Support » Plugin: User Role Editor » 4.9.6: new privacy capability

  • Resolved Daniel

    (@dhoffmann)



    Hi there,

    does the user role support this new multisite capability: manage_privacy_options? I can’t find it in my multisite (even not with pro).

    Best, Daniel

Viewing 7 replies - 1 through 7 (of 7 total)
  • Plugin Author Vladimir Garagulia

    (@shinephp)

    Hi Daniel,

    WordPress 4.9.6 introduces 3 new user capabilities related to a new privacy functionality:
    1) manage_privacy_options (Settings->Privacy);
    2) export_others_personal_data (Tools->Export Personal Data);
    3) erase_others_personal_data (Tools->Erase Personal Data).

    WordPress maps by default all these 3 capabilities to the existing ‘manage_options’ or ‘manage_network’ for WP multisite,
    wp-includes/capabilities.php, line #562:

    
    	case 'export_others_personal_data':
    	case 'erase_others_personal_data':
    	case 'manage_privacy_options':
    		$caps[] = is_multisite() ? 'manage_network' : 'manage_options';
    		break;
    
    

    You don’t see new capabilities at User Role Editor for this reason.

    If you need to use these specific capabilities instead of general ‘manage_options’ or ‘manage_network’ (for multisite), you can re-map yourself them via ‘map_meta_cap’ filter.

    Daniel

    (@dhoffmann)

    Hello Vladimir,

    thanks for the reply. I don’t really know what that means (re-map). Should I add them in the backend of user role editor as new capabilities and assign them to admins network-wide?

    Best, Daniel

    Plugin Author Vladimir Garagulia

    (@shinephp)

    Hi Daniel,

    The code below will re-map default capability for work with privacy settings/personal data to the unique capabilities checked by WordPress initially.
    It adds new 3 privacy related capabilities (‘mange_privacy_options’, ‘export_others_personal_data’, ‘erase_others_personal_data’) to the list of WordPress built-in capabilities for User Role Editor. URE shows them in a “Core->General” group with this code.

    Take into account that in order to get access to the ‘Settings->Privacy’ submenu item protected by ‘manage_privacy_options’ user has to have ‘manage_options’ capability.
    In order to work with ‘Tools->Erase Personal Data’ submenu item protect by ‘erase_others_personal_data’ capability user has to have ‘delete_users’ capability additionally.
    You can install this code as a Must Use plugin or add it to the active theme functions.php file.

    I plan to publish today Pro version 4.47 which will include this code as an option.

    
    /** Add privacy capabilities to the related groups of WordPress built-in capabilities
     *  Hooked to 'ure_built_in_wp_caps' filter from URE_Capabilities_Groups_Manager
     * 
     * @param array $caps
     * @return array
     */
    function add_privacy_caps_to_groups($caps) {
        
        $caps['manage_privacy_options'] = array('core', 'general');
        $caps['export_others_personal_data'] = array('core', 'general');
        $caps['erase_others_personal_data'] = array('core', 'general');
        
        $admin_role = get_role('administrator');    
        if (isset($admin_role->capabilities['manage_privacy_options'])) {
            return $caps;        
        }
        
        // add privacy caps to 'administrator' role
        $roles = wp_roles();
        $old_use_db = $roles->use_db;
        $roles->use_db = true;
        $admin_role = get_role('administrator');
        $admin_role->add_cap('manage_privacy_options', true);
        $admin_role->add_cap('export_others_personal_data', true);
        $admin_role->add_cap('erase_others_personal_data', true);
        $roles->use_db = $old_use_db;            
    
        return $caps;
    }
    // end of add_plugins_caps_to_groups()
        
        
    function map_for_privacy_caps($caps, $cap) {
    
        $privacy_caps = array('manage_privacy_options', 'export_others_personal_data', 'erase_others_personal_data');
        if (!in_array($cap, $privacy_caps)) {
            return $caps;
        }
        
        $default_cap = is_multisite() ? 'manage_network' : 'manage_options';        
        foreach ($caps as $key => $value) {
            if ($value == $default_cap) {
                unset($caps[$key]);
                break;
            }
        }
        $caps[] = $cap;
        
        return $caps;
    }
    // end of map_for_privacy_caps()
    
    add_filter('ure_built_in_wp_caps', 'add_privacy_caps_to_groups', 10, 1);
    add_filter('map_meta_cap', 'map_for_privacy_caps', 10, 2);
    
    Daniel

    (@dhoffmann)

    Hi Vladimir,

    thanks a lot. Testet the code in a smaller site with code snippets and user role editor. It worked fine.

    Looking forward to the options solution.

    Best, Daniel

    eArtboard

    (@eartboard)

    I tried the above code as MU plugin in a multisite installation. I have added manage_privacy_options, export_others_personal_data, erase_others_personal_data and delete_users capabilities to a custom role.

    My issue is that I can access the “Export Personal Data” but not the “Erase Personal Data”.

    timrv

    (@tim01)

    I’m also having the Same issue. I have a multi Site Installed and tried the code above.
    export_others_personal_data Works Fine. But erase_others_personal_data gives me an Error “Sorry, you are not allowed to erase data on this site.”

    I have made sure that “delete_users” cap are added. I even tried adding “manage_network_users” and it still doesn’t work.

    add_cap doesn’t seem to do the trick here. The plugin https://wordpress.org/plugins/manage-privacy-options/ works though.

Viewing 7 replies - 1 through 7 (of 7 total)
  • You must be logged in to reply to this topic.