Support » Plugin: Content Aware Sidebars - Unlimited Widget Areas » [Plugin: Content Aware Sidebars] Sidebar controls in dashboard visible to Subscribers

  • Resolved cestrauss


    The Content Aware Sidebar plugin did an excellent job of adding custom sidebars to my Forum and Forum Category pages for bbPress. I am concerned that users may be able to “damage” them since the controls are visible in the Dashboard to users at the Subscriber level. How can I fix this so that only an Administrator can see the control panel?

    And yes, I am very new to WordPress, so assume nothing – even though my first web browser was Lynx 😉

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author Joachim Jensen


    Thanks for the feedback.

    The Sidebars menu should not be visible to Subscribers as they have the same capability requirements as Posts. It is, however, possible that a plugin has changed the Roles in your installation.

    If you want to make sure that only the administrators can manage sidebars, go to /content-aware-sidebars/content-aware-sidebars.php line 200 and replace the current code with:

    // Register the sidebar type
    			'labels'	=> array(
    				'name'			=> __('Sidebars', 'content-aware-sidebars'),
    				'singular_name'		=> __('Sidebar', 'content-aware-sidebars'),
    				'add_new'		=> _x('Add New', 'sidebar', 'content-aware-sidebars'),
    				'add_new_item'		=> __('Add New Sidebar', 'content-aware-sidebars'),
    				'edit_item'		=> __('Edit Sidebar', 'content-aware-sidebars'),
    				'new_item'		=> __('New Sidebar', 'content-aware-sidebars'),
    				'all_items'		=> __('All Sidebars', 'content-aware-sidebars'),
    				'view_item'		=> __('View Sidebar', 'content-aware-sidebars'),
    				'search_items'		=> __('Search Sidebars', 'content-aware-sidebars'),
    				'not_found'		=> __('No sidebars found', 'content-aware-sidebars'),
    				'not_found_in_trash'	=> __('No sidebars found in Trash', 'content-aware-sidebars')
    			'capabilities' => array(
    				'edit_post'		=> 'edit_theme_options',
    				'read_post'		=> 'edit_theme_options',
    				'delete_post'		=> 'edit_theme_options',
    				'edit_posts'		=> 'edit_theme_options',
    				'edit_others_posts'	=> 'edit_theme_options',
    				'publish_posts'		=> 'edit_theme_options',
    				'read_private_posts'	=> 'edit_theme_options'
    			'show_ui'	=> true,
    			'query_var'	=> false,
    			'rewrite'	=> false,
    			'menu_position' => null,
    			'supports'	=> array('title','page-attributes','excerpt'),
    			'taxonomies'	=> $this->taxonomies,
    			'menu_icon'	=> WP_PLUGIN_URL.'/'.plugin_basename(dirname(__FILE__)).'/img/icon-16.png'

    This will probably be implemented in the next version as well – it makes more sense that only the Roles that can manage Widgets can manage Sidebars.

    That did the trick – the Sidebars menu is hidden to the user who could see it before. BTW, that user had Contributor rights, not Subscriber, but that is still too low a level to be allowed near a plugin control. Somewhere in my testing of bbPress forums I must have upgraded their rights to Contributor. So your code update sets the required permission level to ‘edit_theme_options’ which is only held by the Administrator Role, correct?


    Plugin Author Joachim Jensen


    edit_theme_options is only available to the administrators, yes. You can read more about it here:

    The change will be part of the next version.

    If you encounter other problems, feel free to open a new thread in here.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘[Plugin: Content Aware Sidebars] Sidebar controls in dashboard visible to Subscribers’ is closed to new replies.