The MU forums have moved to WordPress.org

can't add edit_users capabilities role (15 posts)

  1. jazgold
    Member
    Posted 14 years ago #

    i tried giving "edit_users" "create_users" and "delete users" capabilities to the built in "editor" role.

    but when i logged in as an editor and tried clicking on a subscriber or author, i got the gray screen error:

    You do not have permission to edit this user.

    so adding "edit_users" isn't working, even though a print_r on the $role shows that the permission is active.

    but the really weird thing is that i can delete users. so somehow it's saying "no it's too dangerous to allow the editor to edit, but sure, why not... deleting is cool by me."

    i thought maybe it was something built into the editor role, so i created a new role with a new name and tried starting from scratch, but that too only allowed deletion out of the 3 user related capabilities.

    is there another capability i need to add, or something else i need to do to get editing and adding users to work?

    thanks:)

  2. jazgold
    Member
    Posted 14 years ago #

    hrm... just upgraded to 2.8.5.2 from 2.8.4a

    and when i do this:

    $role = get_role ('editor');
    $role -> add_cap ('edit_users');
    $role -> add_cap ('create_users');
    $role -> add_cap ('delete_users');

    an editor can now create and delete users... however trying to open a profile to edit is still giving me the "You do not have permission to edit this user" error.

  3. pbagosy
    Member
    Posted 14 years ago #

    I'm getting this issue as well. Additionally, I've noticed that someone with the Editor role is fully capable of using the bulk Change role to... option at the top of the user panel to make themselves (and anyone else) and administrator.

    Any insight on an easy fix to this?

  4. andrea_r
    Moderator
    Posted 14 years ago #

    And you both cross-referenced it with this? :

    http://codex.wordpress.org/Roles_and_Capabilities

  5. jazgold
    Member
    Posted 14 years ago #

    yeah, i read through the doc at least twice, and it totally makes sense. it's a straight forward system for sure. i'm just experiencing what seems to be erratic behavior.

    if i print_r() on the an editor's roles, i definitely see "edit_users" listed. and editors can now see the " Users >> Authors and Users " admin-menu in their wp-admin area...

    and yet when an editor clicks on another user in the listing, it says that they don't have the permissions (as noted above). so the system seems to understand this halfway, but something is blocking it. but then again, it's allowing deleting, which to me seems wild. i just thought that perhaps i'm doing something common and stupid... i don't doubt the stupidity:)

    thanks

  6. tmoorewp
    Member
    Posted 14 years ago #

    WPMU only allows Site Administrators to edit every user. Even blog admins don't have the capability to edit users.

    To change this, you'll need to file a trac ticket.

  7. jazgold
    Member
    Posted 14 years ago #

    woah... a trac ticket? as in request to edit the core.

    i guess my advice to myself is "good luck" :)

    but i don't get it. why isn't it even possible to allow a user role to edit users... do they really think that developers will make bad decisions in implementation? it seems totally valid to me that there would be an environment with two levels of admins... where there a still a super admin, and lower admins who can still edit users. just seems odd they would allow you to a) edit roles in nearly ever way but b) disallow certain types things like "editing users" ... but then c) ALLOW "deleting users." that seems nuts to me. editing is safe, and deleting isn't?

    well. thanks for the response at least tmoore:)

  8. rbaier4
    Member
    Posted 14 years ago #

    This was driving me crazy. I wrote a plugin to add the edit_user capability, but it didn't work as you mentioned previously. I started digging through the core files to figure out what's going on. The problem lies in /wp-admin/user-edit.php near line 63:

    // Only allow site admins to edit every user.
    if ( !is_site_admin() && ($user_id != $current_user->ID) )
    	wp_die( __( 'You do not have permission to edit this user.' ) );

    Because of that code, no matter what you do with roles or capabilities, you won't be able to edit users unless you're the site admin, which is ridiculous. I didn't want to edit core files, but due to the way the above code is implemented, it's the only way to allow anyone other than the site admin to edit users. I commented those lines out and added this:

    $this_user_info = get_userdata($current_user->ID);
    $edit_user_info = get_userdata($user_id);
    
    if((!current_user_can('edit_users') && $user_id != $current_user->ID) || (current_user_can('edit_users') && $this_user_info->user_level <= $edit_user_info->user_level && $user_id != $current_user->ID) || (!is_site_admin() && $user_id == 1))
    	wp_die( __( 'You do not have permission to edit this user.' ) );

    That will allow anyone to edit users that has the edit_users capability as long as they are trying to edit a user with a lower user_level. It also prevents people from editing the site admin's profile. It's far from ideal, but given the heavy-handed way this is implemented in WPMU, it's the only working solution I found. The if statement could probably be simplified or changed depending on your situation.

  9. DeannaS
    Member
    Posted 14 years ago #

    Why don't you file a trac ticket to request a change along those lines - or at least something that makes it more pluggable? Donncha's pretty good about responding to trac requests.

  10. jazgold
    Member
    Posted 14 years ago #

    thanks deannas

    rbaier4, did you file a trac ticket already, or should I?

  11. rbaier4
    Member
    Posted 14 years ago #

    Thanks, I have opened a ticket for this issue:

    http://trac.mu.wordpress.org/ticket/1169

  12. donncha
    Key Master
    Posted 14 years ago #

    The reason "ordinary admins" can't edit users is because the user may belong to other blogs as well.

    An admin *cannot* delete users from the site. They can remove the user from their blog, but the user can still login. I'll see about adding a filter so that a plugin can override this check.

  13. mmcginnis
    Member
    Posted 14 years ago #

    Hi,

    I'm using WPMU for a client company with multiple multi-author blogs, and all the blog admins will be trusted. They need to be able to edit users so they can add user profiles / photos etc (as the authors will be CEOs and can't do this for themselves, *grin*).

    I looked at the fixed Trac ticket but I'm not sure how to implement it on my site so that my blog-admins will be able to edit their users. Where do I set that filter? Is this something I need to define in a custom functions.php file, or is there a checkbox somewhere I've missed? I'm on WPMU 2.9.1.1 and will soon be upgrading to 2.9.2...

    Thanks so much for your help!

    Michelle

  14. rbaier4
    Member
    Posted 13 years ago #

    In your case, it would probably make more sense to add the code to a site-wide plugin (in /wp-content/mu-plugins) that would apply to all blogs.

    If you want more granular control, you can add the code to a regular plugin which can be enabled on a site-by-site basis, or to the functions.php file in your theme. This should be good enough:

    if(current_user_can('edit_users'))
         define("EDIT_ANY_USER", "true");
  15. tomaltman
    Member
    Posted 13 years ago #

    I ran into a similar issue where nothing I input would save. It would say it was saved, but cleared out the valued I just put in.

    I had a plugin conflict with "WordPress Mobile Admin" - so if you have that one, you may try to disable it for a bit.

    Good luck,
    tom

About this Topic

  • Started 14 years ago by jazgold
  • Latest reply from tomaltman