Hard coded restricted to administrator role

  • bjornwebdesign

    (@bjornwebdesign)


    9 years, 6 months ago

    Hi,

    Nice plugin, exactly what i was looking for. I’m running it on a production site now. It has users that have custom manager roles. They cannot use the plugin.

    I changed the main plugin file (wp-email-users.php):
    Row 221: if(current_user_can( ‘manage_options’ )) { //if($user_roles[0]==’administrator’) {
    Row 1309: if(current_user_can( ‘manage_options’ )) { //if($user_roles[0]==’administrator’) {

    The custom manager roles are able to use the plugin now. Can this be included in future updates?

    Regards,
    Bjorn

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author Techspawn

    (@techspawn1)

    9 years, 6 months ago

    @bjornwebdesign

    Thanks for the exact logic.. When we started with plugin basic usecase was help admins to send emails to users.
    One more we considered to not allow other users as plugin expose list of all users etc. Considering that risk we kept Hard coded restricted to administrator.

    Can you please make user with less access and test it once? We would glad to add it in future update if anyway we can control exposing entire list to everyone.

    Let us know your thoughts.

    Kind Regards,
    team techspawn

    Thread Starter bjornwebdesign

    (@bjornwebdesign)

    9 years, 6 months ago

    Hi team techspawn,

    Well, i think the best approach would be to let the admins choose, by making it a setting for the plugin.

    In my case i’m using custom roles to restrict certain site managers from updating plugins & WP etc. But they have access to all users and i want them to be able to mail all users.

    So it will be a setting something like this:

    Restrict plugin usage by: 
- Administrator only (default)
- Role ( do a query for all existing user roles and show them in a multi select dropdown list )

    When a role(s) is selected do a php in_array() to check if the current user has the correct role.

    I think this is the most flexible.

    Kind regards,
    Bjorn

    Yogi

    (@jwwwjch)

    9 years, 5 months ago

    Oh, yes please 🙂 i need this feature also 🙂

    aragato

    (@aragato)

    9 years, 3 months ago

    Yes, definately need.
    It is not comfortable to “hack” the plugin after everyupdate and remove the admin restriction.

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘Hard coded restricted to administrator role’ is closed to new replies.