Support » Plugin: Simple Membership » Logical bug in Disable Access to WP Dashboard

  • In tab Settings there is a feature Disable Access to WP Dashboard which blocks all non administrator users from accessing the dashboard, stored as swpm-settings[disable-access-to-wp-dashboard] which internally does this check:

    if (!current_user_can('administrator')) {
    

    In tab Advanced Settings there is a feature Admin Dashboard Access Permission which allows other roles than administrators to access SWPM admin dashboard, stored in swpm-settings[admin-dashboard-access-permission].

    Logical bug: If first setting is checked, the second setting is disregarded and can not be used, all non-admin roles are blocked by first setting.

Viewing 6 replies - 1 through 6 (of 6 total)
  • Plugin Support mbrsolution

    (@mbrsolution)

    Hi, thank you for sharing your findings. I have submitted a message to the developers to investigate further your findings.

    Kind regards

    Plugin Author wp.insider

    (@wpinsider-1)

    It doesn’t make sense to use those two options together. Why would a site admin enable the “Disable Access to WP Dashboard” option if he also wants to give an editor access to the admin dashboard?

    The choice is there for a site admin to use one or the other or none of them. The default is to use none of those. Then some admins can select one and some can select another if they need.

    So I don’t understand what the actual bug is? What behavior are you expecting? If you explain the expected behavior then I will most likely understand the issue better.

    Thread Starter Ov3rfly

    (@ov3rfly)

    Expected behaviour:

    a) Enable access to WP Dashboard for a role which is configured to access SWPM admin dashboard.

    -or-

    b) Show a note in Settings and/or Advanced Settings if an “impossible” combination is selected.

    -or-

    c) Provide proper description at contradicting settings.

    Site admins might not know your plugin as well as you do, they use all options which are available and the current behaviour is not logical and confusing.

    Sidenote: There is another bug in Admin Dashboard Access Permission, it does not list the real existing roles on a site but only hardcoded standard WordPress roles without translated names.

    'options' => array(
    	'manage_options'       => 'Admin',
    	'edit_pages'           => 'Editor',
    	'edit_published_posts' => 'Author',
    	'edit_posts'           => 'Contributor',
    ),
    Plugin Author wp.insider

    (@wpinsider-1)

    Thank you. I agree. I will add more explanation in the help text. Also, will try to add a note when the advanced settings is saved (if both options are enabled). This will go out in the next release.

    The translation will need to be corrected (I will add a note for this).

    However, the role configuration needs to stay as is (that is intentional to reduce any kind of possible issue from a role manager type plugin messing things up and then causing problems for us). I don’t want to get tangled up with people misconfiguring things then losing access and then screaming at us.

    At some point I have to respectfully tell users to find a more heavyweight solution because this plugin is not suitable for their current project. This plugin needs to stay simple to serve the majority of the early adopters (who love it because it is simple).

    Thread Starter Ov3rfly

    (@ov3rfly)

    The translation will need to be corrected..

    Could be done similar to this:

    'options' => array(
    	'manage_options'       => translate_user_role( 'Administrator' ),
    	'edit_pages'           => translate_user_role( 'Editor' ),
    	'edit_published_posts' => translate_user_role( 'Author' ),
    	'edit_posts'           => translate_user_role( 'Contributor' ),
    ),

    Would suggest to add a note that only default WordPress roles with unchanged capabilities are supported by the plugin.

    Plugin Author wp.insider

    (@wpinsider-1)

    Thank you. I will add that.

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Logical bug in Disable Access to WP Dashboard’ is closed to new replies.