Capabilities required to edit custom code snippets

This thread is resolved. Here is a description of the problem and solution.

Problem:

The issue here is that the user wanted to know if their were any specific permissions to allow users to have access to specific components of Toolset

Solution:

Unfortunately no there isn't a comprehensive list of permissions to give users partial access to toolset components.

This support ticket is created 5 years, 7 months ago. There's a good chance that you are reading advice that it now obsolete.

This is the technical support forum for Toolset - a suite of plugins for developing WordPress sites without writing PHP.

Everyone can read this forum, but only Toolset clients can post in it. Toolset support works 6 days per week, 19 hours per day.

Sun	Mon	Tue	Wed	Thu	Fri	Sat
-	9:00 – 12:00	9:00 – 12:00	9:00 – 12:00	9:00 – 12:00	9:00 – 12:00	-
-	13:00 – 18:00	13:00 – 18:00	13:00 – 18:00	14:00 – 18:00	13:00 – 18:00	-

Supporter timezone: America/Jamaica (GMT-05:00)

Tagged: Types plugin

This topic contains 6 replies, has 2 voices.

Last updated by Ben 5 years, 7 months ago.

Assisted by: Shane.

Author

Posts

April 3, 2019 at 4:27 pm #1225336

Ben

Continuation of this ticket: https://toolset.com/forums/topic/urgent-capabilities-required-to-edit-custom-code-snippets/

Due to an issue found here (https://toolset.com/forums/topic/internal-security-issue-with-access-permissions/), I cannot use Access at the moment.

Using Advanced Access Manager, the "delete_user" capability seems to be what enables a role to be able modify or edit custom code snippets.

Without this enabled an error is thrown.

April 3, 2019 at 6:34 pm #1225416

Shane

Supporter

Languages: English (English )

Timezone: America/Jamaica (GMT-05:00)

Hi Ben,

I took a read of the ticket you've referenced.

Not sure how this is happening for you but when you create your role you should just be able to disable the manage_options from your user role.

However what you are saying is that the user will still have access to the custom code section of toolset to grant themselve this permissions correct

Please let me know.
Thanks,
Shane

April 3, 2019 at 6:40 pm #1225430

Ben

Hello Shane,

The other ticket is reference the issue with Access.

This one is reference that I have found when I use another plugin to control roles and access, the role needs to have the "delete_user" capability otherwise they can't edit or modify Toolset custom code snippets in any way (even if "manage_options" is enabled).

Please let me know if that makes more sense now!

April 3, 2019 at 7:50 pm #1225447

Shane

Supporter

Languages: English (English )

Timezone: America/Jamaica (GMT-05:00)

Hi Ben,

I see that Christian has taken up your ticket relating to this.

I recognise the issue but i'm not sure under what circumstances you would provide this level of a privilege to a user unless they are admin users.

Or is it a case where you want to provide partial access to our toolset components.

Please let me know.

Thanks
Shane

April 3, 2019 at 8:11 pm #1225457

Ben

Hello Shane,

The sort of situation where you want a user to have full "admin" access to the Toolset plugin suite, but not have admin access over the WordPress installation.

So they can use Toolset fully, Views etc, but not modify the site outside of posts, pages, CPTs and toolset. To prevent plugin/theme/any other changes to the site.

April 4, 2019 at 6:56 pm #1226078

Shane

Supporter

Languages: English (English )

Timezone: America/Jamaica (GMT-05:00)

Hi Ben,

It seems that Christian is following the exact steps that I would've done for this ticket.
https://toolset.com/forums/topic/internal-security-issue-with-access-permissions/

I would recommend closing this one here since it is more or less a duplicate of the actual issue and follow up with Christian.

Thanks,
Shane

April 4, 2019 at 7:04 pm #1226082

Ben

Thanks Shane. I will follow up there.