WordPress.org

Support

Support » Plugins and Hacks » [Resolved] Security issue – Custom User Types see Admin plugin settings in their dashboard

[Resolved] Security issue – Custom User Types see Admin plugin settings in their dashboard

  • tcolling
    Participant

    @tcolling

    Hi – I installed this plugin on SanDiegoCaregiverJobs.com and then I logged in there using an Employer account. “Employer” is a custom user type created by the jobs board plugin that I’m using on that site.

    When I am logged in as an “Employer” user, I can see the settings for this plugin in the admin dashboard. Can that be prevented?

    Thanks!

    http://wordpress.org/plugins/mdp-local-business-seo/

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author christopherdubeau
    Member

    @christopherdubeau

    I set up the menu for admin only. I will look more into the permissions and do an update if there is more to add.

    Thanks for letting me know i will ge back tobyou some time today.

    Chris

    Plugin Author christopherdubeau
    Member

    @christopherdubeau

    All set the new version 0.2.3 has admin only privileges to the options page.

    I was going to place in the ability to choose the user level access, but since you mentioned the employer / employee issue there is microdata for the employer/employee/founder.

    This is a large project as variables would need to be added to the profile page. However I believe I can begin the project with a few items that are currently stored in the user area and add employee data to the microdata if wanted. This can also help with search results like “Store where Jen Works”, or “Coffee Shop Mike Smith” to help with people who visited your business, remember an employee but don’t remember where it was.

    With this I would also include a user level access drop down, starting at admin when you first install but with the option to allow any user group access if you wish.

    Thing is I wrote another plugin that imports your google webmaster tools into your admin panel so you can see the queries and pages without having to log into google webmaster tools. I’m just about finished and was planning on sending it in to wordpress today.

    Chris

    Plugin Author christopherdubeau
    Member

    @christopherdubeau

    Just wanted to let you know that the new version 0.2.4 has employees and founders now in the microdata. Both are added by the selected group in the options page.

    Name
    Profile Url
    Email
    Description

    From the profile page are included in the microdata.

    Let me know what you think.

    Chris

    tcolling
    Participant

    @tcolling

    Thanks, I just took the 0.2.4 update and it prevented users with type “Employer” from having access to the plugin’s settings in the dashboard.

    I don’t fully undertand the change you made with respect to employees and founders yet but I will study it later.

    Thanks!

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘[Resolved] Security issue – Custom User Types see Admin plugin settings in their dashboard’ is closed to new replies.