User Role Editor WordPress plugin – Change roles easily

User Role Editor - plugin for WordPress

User Role Editor

User Role Editor WordPress plugin allows you to change standard WordPress user roles capabilities with easiness of a few mouse clicks. Just turn on check boxes of capabilities you wish to add to the selected role and click “Update” button to save your changes. That’s done. Add and tune your own custom roles which you can assign to the users then. You can create new role as a copy of existing one. Delete self-made roles. Change defaul user role.
Multi-site support is provided.

Why it could be necessary? Let’s suppose you wish that your multi-authored blog contributors upload their own graphics to use in their posts. WordPress “contributor” role has no such capability by default. In such situation you have needed to change user role capabilities manually using SQL client as I described at “How to change wordpress user role capabilities” post, if you have enough knowledge in that field. But what to do if you have not?


Good news – This task is simple now, just use this plugin

User Role Editor

The latest version: 4.30. Quant of downloads: 3430592
download

Change roles

Take a look at the “User Role Editor” plugin main form (click to open image in the original size):
User Role Editor main form

  • Select a role you wish to change from the drop down list at the top. Page will be refreshed automatically and show you the capabilities list for the selected role. Make your corrections, check/uncheck correspondent check boxes and click “Update” button to save your changes. If you wish to apply this change for all sites of your multi-site WordPress network, turn on “Apply to All Sites” check box at the top of the form before press “Update”.
  • If you prefer to see capabilities names in form e.g. ‘Edit pages’ instead of WordPress ‘edit_pages’ standard form turn on the “Show capabilities in human readable form” checkbox at the right top corner of the main form. Move mouse over capability name and you will see its alternative form name.
  • According to WordPress Codex User Levels were introduced in WordPress 1.5, they were replaced by Roles and Capabilities in WordPress 2.0, and were finaly deprecated in WordPress 3.0. Thus you can hide them in order they do not mess you in your work with roles. Keep “Show deprecated capabilities” check box at the to right corner of the form unchecked for that. If for any reason you need to see user levels, turn on that check box.
  • If you don’t wish to save changes you can click “Cancel” button.
  • If you are needed to restore roles capabilities you have before your or installed plugins made 1st modification to them, use “Reset” button. “User Role Editor” will restore roles and capabilities to its clean state. You will get roles stuff just after WordPress installation. Be very careful with this operation as you will definitely lose any changes you or your plugins made to user roles from the time of fresh WordPress installation. Consider to make backup copy of your database before proceed with “Reset” operation.

In order to add/remove your custom role, change default role for new user, add/remove custom user correspondent buttons from the right toolbox panel.

  • If you need your own custom role, create it with “Add Role” button. Input new role name into input text field at “Add New Role” box, select existing role from drop-down list if you wish to use its capabilities as starting point for further work and click “Add” button. Remember that you can use latin letters, digits and an “_” underscore sign in your role names. Subscriber role is copied by default if you don’t select such role yourself.
    user-role-editor-add-new-role
  • Unnecessary self-made role can be deleted with “Delete Role” button. Select role and click “Delete” button for it. Only custom roles appear in the list of roles available for deletion. If some role is assigned to the user or selected as default role for new users it will not appear in this list. Option “Delete all unused roles” is available.
    user-role-editor-delete-role
  • Select the role which you wish to use as default for any new created user from the list opening “Default Role” box by click at the “Default Role” button.
    user-role-editor-default-role
  • Use “Add Capability” button in order to add new user capability. Remember you can use only latin alphabet letters, digits and underscore sign in the capability name.
    user-role-editor-add-capability
    How to use new added user capability? Turn it on in the role you select and check if current user has such capability in your plugin or active theme functions.php file. For example,

     if (!current_user_can('some_capability_you_added')) {
       echo "You don't have permission for it!";
       return;
    }
  • If you need delete custom capability added by you or some of your old plugins, which you don’t use anymore use “Delete Capability” button. “User Role Editor” doesn’t allow to delete built-in WordPress capabilities and capabilities which are used by any role.

This video prepared by Webucator.com shows the installation and basic usage of User Role Editor WordPress plugin:

User permissions management

With help of “User Role Editor” you can assign additional capabilities directly to the users. Open users list by click on the “All Users” link at the “Users” submenu. Find needed user, move mouse pointer to his name and click “Capabilities” link as on screenshot below:
User Capabilities Editor link
At the form opened you can assign to user another role and/or add to him capabilities which not included to his role:
Change user capabilities
You can not turn off capabilities included to the role assigned to this user. You can add/remove other capabilities. They will be applied directly to the user as you click the “Update” button. If you wish to built a fully custom capabilities set for this user, without limitation of any role, select “No role for this site” from drop-down list at the top and make it.

User Role Editor Settings

User Role Editor has its own options page under the WordPress Settings menu (under Network Admin is plugin was network activated).
user-role-editor-settings

User Role Editor Pro

Do you need more functionality with premium support in real time? Do you wish remove advertisements from User Role Editor pages?
Buy Pro version. It includes extra modules:

  • Block selected admin menu items for role.
  • “Export/Import” module. You can export user roles to the local file and import them then to any WordPress site or other sites of the multi-site WordPress network.
  • Roles and Users permissions management via Network Admin for multisite configuration. One click Synchronization to the whole network.
  • Per posts/pages users access management to post/page editing functionality.
  • Per plugin users access management for plugins activate/deactivate operations.
  • Per form users access management for Gravity Forms plugin.
  • Shortcode to show enclosed content to the users with selected roles only.
  • Posts and pages view restrictions for selected roles.

Pro version is advertisement free. Premium support is provided by plugin author Vladimir Garagulya. You will get an answer on your question not once a week, but in 24 hours or quicker.

User Role Editor

For more information about WordPress user roles please read these articles
WordPress Admin Menu Permissions;
WordPress user capabilities;
activate_plugins WordPress user capability;
edit_dashboard WordPress user capability;
Delete posts and pages WordPress user capabilities set;
delete_plugins WordPress user capability;
moderate_comments WordPress user capability;
Roles and Capabilities article at codex.wordpress.org;

Translations

If you wish to check available translations or help with plugin translation to your language visit this link
https://translate.wordpress.org/projects/wp-plugins/user-role-editor/

Русская версия этой статьи доступна по адресу ru.shinephp.com

Dear plugin User,
If you wish to check available translations or help with translation visit this link
https://translate.wordpress.org/projects/wp-plugins/user-role-editor/

Special Thanks to

  • Lorenzo Nicoletti – for the code enhancement suggestion CUSTOM_USER_META_TABLE constant is used now for more compatibility with core WordPress API.
  • Marcin – For the code enhancement. This contribution allows to not lose new custom capability if it is added to other than ‘Administrator’ role.
  • FullThrottle – for the code to hide administrator role at admin backend.

You are welcome! Help me with bugs catching, share with me new ideas about plugin further development and link to your site will appear above.

Change Log

[4.30] 01.12.2016

  • Update: compatible with WordPress 4.7
  • New: "Granted Only" checkbox to the right from the "Quick Filter" input control allows to show only granted capabilities for the selected role or user.

[4.29] 10.11.2016

  • New: User Role Editor own user capabilities are grouped separately under Custom capabilities.
  • Update: URE_Lib::is_super_admin() uses WordPress core is_super_admin() for multisite setup only. Superadmin is a user with 'administrator' role in the case of single site WordPress installation.
    This is the difference with the WordPress core which counts as a superadmin (for single site WP installation) any user with a 'delete_users' capability.
  • Update: BaseLib::option_selected() calls were replaced with the calls of a similar selected() function from WordPress core.

[4.28] 20.10.2016

  • New: WooCommerce plugin user capabilities (if exist) are grouped separately under Custom capabilities.
  • Update: Temporally raised permissions flag is taken into account when checking, if user has a superadmin privileges. WordPress is_super_admin() function was replaced with custom wrapper to define if current user is a real superadmin or just a local admin with the temporally raised (add/edit users pages) permissions.

[4.27.2] 15.09.2016

  • Update: There was a conflict with plugins which use a '|' character at the custom user capabilities: e.g. 'Nginx Helper | Config' from "Nginx Helper' plugin.
  • Fix: PHP notice was removed: Undefined property: URE_Role_View::$multisite in wp-content/plugins/user-role-editor/includes/classes/view.php on line 143
  • Fix: WordPress multisite: Settings link under the URE plugin at the plugins list leads to the network admin now, not to the the single site settings page, which does not exist.
  • Fix: WordPress multisite: conflict with "Visual Composer" plugin was resolved: single site administrators could now use Visual Composer editor.
  • Fix: WordPress multisite: changed role name was not replicated to other sites when user clicked "Update" with "Apply to All Sites" option turned ON.

[4.27.1] 22.08.2016

  • Update: There was a conflict with plugins which use a '/' character at the custom user capabilities: e.g. vc_access_rules_backend_editor/disabled_ce_editor from Visual Composer.
  • Update: add/delete, escape, validate user capability code extracted from URE_Lib to the separate URE_Capability class

[4.27] 18.08.2016

  • New: Total/Granted counters were added to the capabilities groups titles.
  • New: "Columns" drop-down menu allows to change capabilities section layout to 1, 2 or 3 columns.
  • New: Capabilities section is limited in height and has independent scrollbar.
  • Update: User Role Editor page markup was updated to use more available space on page.
  • Update: URE_Ajax_Processor class allows to differentiate required user permissions according to action submitted by user.
  • Fix: CSS updated to exclude text overlapping at capabilities groups section when custom post type name is not fitted into 1 line.
  • Fix: required JavaScript files were not loaded at "Network Admin->Settings->User Role Editor" page.

[4.26.3] 25.07.2016

  • Fix: Selecting a sub-group/list of caps does make the ure_select_all_caps checkbox select all within that group, but checking that box when at the "All" top-level group did not work.
  • Fix: Notice: Undefined property: URE_Role_View::$apply_to_all

[4.26.1] 14.07.2016

  • Fix: some bugs, like 'undefined property' notices, etc.

[4.26] 14.07.2016

  • New: User capabilities were groupd by functionality for more convenience.
  • Update: URE_KEY_CAPABILITY constant was changed from 'ure_edit_roles' to 'ure_manage_options'. To make possible for non-admin users access to the User Role Editor without access to the 'administrator' role and users with 'administrator' role.
  • Update: User receives full access to User Role Editor under WordPress multisite if he has 'manage_network_plugins' capability instead of 'manager_network_users' as earlier. This allows to give user ability to edit network users without giving him access to the User Role Editor.
  • Update: Multisite: use WordPress's global $current_site->blog_id to define main blog ID instead of selecting the 1st one from the sorted list of blogs.
  • Update: use WP transients at URE_Lib::_get_post_types() to reduce response time.
  • Update: various internal optimizations.

[4.25.2] 03.05.2016

  • Update: Enhanced inner processing of available custom post types list.
  • Update: Uses 15 seconds transient cache in order to not count users without role twice when 'restrict_manage_users' action fires.
  • Update: URE fires action 'profile_update' after direct update of user permissions in order other plugins may catch such change.
  • Update: All URE's PHP classes files renamed and moved to the includes/classes subdirectory

[4.25.1] 15.04.2016

  • Fix: Selected role's capabilities list was returned back to old after click "Update" button. It was showed correctly according to the recent updates just after additional page refresh.
  • Update: deprecated function get_current_user_info() call was replaced with wp_get_current_user().

[4.25] 02.04.2016

  • Important security update: Any registered user could get an administrator access. Thanks to John Muncaster for discovering and wisely reporting it.
  • URE pages title tag was replaced from h2 to h1, for compatibility with other WordPress pages.
  • Fix: "Assign role to the users without role" feature ignored role selected by user.
  • Fix: PHP fatal error (line 34) was raised at uninstall.php for WordPress multisite.
  • Update: action priority 99 was added for role additional options hook action setup.

[4.24] 17.03.2016

  • Fix: PHP notice was generated by class-role-additional-options.php in case when some option does not exist anymore
  • Enhance: 'Add Capability' button have added capability to the WordPress built-in administrator role by default. It did not work, if 'administrator' role did not exist. Now script selects automatically as an admin role a role with the largest quant of capabilities and adds new capability to the selected role.
  • New: User capabilities page was integrated with "User Switching" plugin - "Switch To" the editing user link iss added if "User Switching" plugin is available.
  • Marked as compatible with WordPress 4.5.

[4.23.2] 03.02.2016

  • Fix: PHP warning "Strict Standards: Static function URE_Base_Lib::get_instance() should not be abstract" was generated

[4.23.1] 01.02.2016

  • Fix: 'get_called_class()' function call was excluded for the compatibility with PHP 5.2.*
  • Fix: ure-users.js was loaded not only to the 'Users' page.

[4.23] 31.01.2016

  • Fix: "Users - Without Role" button showed empty roles drop down list on the 1st call.
  • Update: Own task queue was added, so code which should executed once after plugin activation is executed by the next request to WP and may use a selected WordPress action to fire with a needed priority.
  • Update: Call of deprecated mysql_server_info() is replaced with $wpdb->db_version().
  • Update: Singleton patern is applied to the URE_Lib class.
  • Minor code enhancements

[4.22] 15.01.2016

  • Unused 'add_users' capability was removed from the list of core capabilities as it was removed from WordPress starting from version 4.4
  • bbPress user capabilities are supported for use in the non-bbPress roles. You can not edit roles created by bbPress, as bbPress re-creates them dynamically for every request to the server. Full support for bbPress roles editing will be included into User Role Editor Pro version 4.22.
  • Self-added "Other Roles" column removed from "Users" list, as WordPress started to show all roles assigned to the user in its own "Role" column.
  • 'ure_show_additional_capabilities_section' filter allows to hide 'Other Roles' section at the 'Add new user', 'Edit user' pages.

Click here to look at the full list of changes of User Role Editor plugin.

FAQ

– Does it work in multi-site environment?
Yes, it works with multi-site installation. By default plugin works for every blog from your multi-site network as for locally installed blog without multi-site feature.

URE Multi-site feature

URE Multi-site feature


To update selected role globally for all Network you should turn on the “Apply to All Sites” checkbox.

– How to duplicate my custom created roles from main blog of my multi-site network to new created one?
“User Role Editor” makes it for you automatically. As new blog added to your network, “User Role Editor” copies full roles staff from your main blog to the new created one.

– Why administrators of single site of multi-site network do not see “User Role Editor” under “Users” menu?
URE is disabled for single site administrator by default. If you wish to enable it for single site adminitstrator add this line of code into your blog wp-config.php file

define('URE_ENABLE_SIMPLE_ADMIN_FOR_MULTISITE', 1);

Do not forget about the own User Role Editor’s user capabilities set.
In order local administrator finally get access to the “User Role Editor” you have to add ‘ure_edit_roles’ user capability to the ‘administrator’ role. User Role Editor capabilities are added to the ‘administrator’ automatically for the single WordPress installation only.

– I have large multi-site network. After click “Update” button with “Save to all sites” checkbox turned on nothing is happened. I got the blank page.
It is PHP script execution time limit problem. Other network update method is available as alternative from version 3.5. Due to my tests it works approximately 30 times faster. Try it. It will be great, if you share your experience with me. In order to select alternative method of all sites update add this line to you blog wp-config.php file

define('URE_MULTISITE_DIRECT_UPDATE', 1);

It does nothing automatically, just select other algorithm when you press “Update” with “Apply to All Sites” checkbox turned on next time.
If you define WP_DEBUG equal to 1 or true constant in wp-config.php file, URE with this directive shows update execution time in milliseconds as additional technical information.

– How to edit “Administrator” role? I don’t see it in the roles drop down list.
“Administrator” role is hidden from the roles drop down list by default.
You can see/edit “Administrator” role starting from version 3.4. Insert this line of code

  define('URE_SHOW_ADMIN_ROLE', 1);

into your wp-config.php file and login with administrator account for that.
If for any reason your “Administrator” role missed some capabilities added by plugins or themes, you can fix that now. But be careful with changing “Administrator” role, do not turn off accidentally some critical capabilities to not block your admin users.

– Does it work with WordPress versions prior 3.0?
Starting from version 2.2 plugin works with WordPress 3.0 and higher only. For earlier WordPress versions use plugin version 2.1.10

download

I am ready to answer on your questions about this plugin usage and help with possible problems. Use User Role Editor plugin forum or this page comments and site contact form for that please.

Thanks,
Vladimir ShinePHP.com

Tags: , , , ,

  • Pingback: How to change WordPress User Role capabilities | ShinePHP.com()

  • Pingback: How to change WordPress MU User Role capabilities | ShinePHP.com()

  • claudio

    what is level 1, 0 ecc?

  • shinephp

    user levels comes from WordPress 1.5 and exists in the current WP versions for compatibility reasons. The comprehensive answer on your question can be found at
    http://codex.wordpress.org/Roles_and_Capabilities
    and
    http://codex.wordpress.org/User_Levels

  • Aaron

    I am able to select the checkbox for “moderate_comments” (for the “Author” role, for example), and the ability to “approve”, etc, shows up in the drop-down, however, there is no where to select and moderate a specific comment.
    i.e. the “hoverover” menu doesn't pop up to allow access to the “Approve” link, nor does the checkboxes appear to the left, that would allow you to select it and then use the “Bulk Actions” drop-down.
    I could probably hack the core php, but, I figured you'd want to address this in your code (if possible).

  • shinephp

    As 'author' can edit its own posts only, I suppose that with 'moderate_comments' capability he can approve comments on his own posts only. Did you check author's own post comments or comments for other posts? I will check myself how it works this evening…

  • shinephp

    Yes, short test confirmed that user with role “Author” can moderate comments for its own posts only. If you wish to delegate him comments moderation for other authors posts, you need to add the “edit_other_posts” capability to the “Author” role. Thus user with role “Author” will have ability to moderate comments for any post (but together with ability to edit those posts).

  • Hello, thanks for your plugin! Everythings works fine except moderate comments for contributor. Do you have any idea why it doesn't work? Using wp 2.9.1

  • I got it. Everything is ok I just forget set edit_published_posts. Thank you once again for plugin!

  • shinephp

    Thanks to you for telling me that and, of course, for using this plugin :).

  • Mark

    Anyone know if you can get this working so I can have the editor role use plugins?

  • shinephp

    If I understand you right, you wish to have ability to extend User Role Editor functionality yourself using co called plugin for plugin technique? Please share your idea, what you wish to realize. May be I will include some filter or hook into URE plugin code or realize that functionality directly in URE if it will be interesting for other users.
    Thanks,
    Vladimir.

  • Guillaume

    Hi !
    Very nice plugin !
    One question though:
    If I allow an Editor to create users, Edit them & possibly Delete them, could I prevent him from creating, editing & deleting Admin users ?

    Thanks for Reply

  • shinephp

    Hi!
    Thanks for the comment.
    At the current stage giving to the Editor role create_users, edit_users, delete_users capabilities doesn't prevent user with this role from creating, editing, deleting users with Administrator role.
    Good question. Ideally, user with the lower privileges role shouldn't create/edit/delete users with higher privileges role. The problem is that WordPress doesn't know about hack or changes which we make with its roles and capabilities set.

  • Guillaume

    May be it could be possible to hook the action of doing smth on a user with a higher privilege AFTER the click… not sure, but if I allow, through URE, an editor to create/edit users, but not to delete users, you still have the link “delete” below each user and the test is done after you have clicked on “delete”, resulting in a “you have no right for doing this” (or smth like this 🙂 )

  • shinephp

    Yes, it will be more secure to exclude such possibility (edit admin users) for users without admin role at all. I will investigate WordPress source code if I can hook of filter something there to achieve this purpose.

  • Hi,
    I downloaded this plugin for one feature, ability to allow editors to choose their theme. I did this by clicking the “Switch Theme” checkbox but this also enables the Widgets drop-down for editors which I dont want. Any way to prevent this and just allow the editor to choose theme?

    Thanks for the plugin,
    Mark

  • Hi,
    I found out that Themes and widgets are bundled together in the wordpress API.
    I came up with a solution to this by editing the wp_widgets_add_menu() function in functions.php – line 2794

    I wrapped the statements in: if ( current_user_can('edit_users') ){ }

    function wp_widgets_add_menu() {
    if ( current_user_can('edit_users') ){ //Prevent Widgets from being a sub-menu of Themes for Editors
    global $submenu;
    $submenu['themes.php'][7] = array( __( 'Widgets' ), 'switch_themes', 'widgets.php' );
    ksort( $submenu['themes.php'], SORT_NUMERIC );
    }
    }

  • shinephp

    Hi Mark!

    It's good that you found your own way to resolve this issue. Another, more universal decision could be to add new capability, e.g. 'manage_widgets' and change 'switch_themes' at wp_widgets_add_menu() function to 'manage_widgets'. I had a doubt if such functionality (new capabilities creation) could be needed. Thanks for giving me good example :). I will include that in one of the next versions, possibly.

    Regards,
    Vladimir.

  • shinephp

    It seems I found the decision. Administrator role and users with Administrator role are hidden now from any user without Administrator role permissions. Please try URE version 2.0 and let me know the result.

  • keith

    how can I use this to change the user role of the new MU blog owners?

  • Thanks so much for this, I’ve been tryign to find a plugin like this that wasn’t buggy for months. It works perfectly for what I need it for. (hope this didn’t double post)

  • shinephp

    There is no way to change the default user role of new MU blogowner this time. Current default role change feature works for the ordinal users of blogs only and does not for blog administrators. Can you share with us what you wish to realize with such change? I will take it into account for one of next versions possibly.

  • zeaks

    Thanks so much for this plugin. I've been trying to find one that works for me without too many bugs for months and this has worked great for what I need it for.

  • Uche

    What is the advantage of this plugin over the capability manager plugin?

  • shinephp

    It seems that User Role Editor has almost the same functionality as Capability Manager. URE doesn't allow to add new capabilities for this moment.
    The main advantage in this case is the code efficiency. Capsman installation package .zip file has 261K in size. URE has 106K size only, which as 2.6 times smaller. Installed Capsman has 702K in size which is as 3.67 time larger then 192K URE installed copy size. What is the reason of such difference? Capsman uses author made Alkivia framework for its work. URE is written on the clear PHP and WordPress API. It is WordPress user's choice what plugin to prefer and install to its blog.

  • Pingback: User Role Editor German translation update | ShinePHP.com()

  • Pingback: wp-popular.com » Blog Archive » User Role Editor WordPress plugin | ShinePHP.com()

  • Pingback: User Role Editor v.2.0.3 Japanese translation | ShinePHP.com()

  • Brian

    I've heard that in WordPress 3.0 we will be able to create new content types besides posts and pages. Will this plugin extend to allow certain capabilities on each individual type of content to each role?

  • shinephp

    Capabilities list is not hard-coded. URE gets it directly from WordPress database. When you install some new plugin which adds its own capabilities you will see them in the URE capabilities list automatically. So I think if WordPress 3.0 will add any new capabilities for new content types you will see them and can to add/remove to/from selected role.
    I will investigate the subject on the WordPress 3.0 beta 1 installation and return with more details related directly to your nice question. Thanks.

  • Bill Sevier

    Is there a way to prevent users from changing their passwords in the “edit user” section of the dashboard? I really need to do this. I have a private blog for a volunteer group, and with to use one user name and one password. I must prevent users from changing the password for everyone.

    Thanks

  • Pingback: How to block WordPress admin menu item | ShinePHP.com()

  • shinephp

    I think that in this case it is more reliable do not allow to users edit user profile at all. Please look at this post, which I made specially to answer on your question.

  • Pingback: User Role Editor WordPress plugin Polish translation | ShinePHP.com()

  • Jenine

    Hello,
    I have WPMU installed, and am having a little trouble with the Role Editor Plug-in. The options for “install_plugin” and “install_theme” don't seem to work for me. Right now I get a permissions error if a user with every capability checked tries to add a new theme. I wondered what I must be forgetting. Thanks for advice you might have :o)

  • shinephp

    Hello Jenine,
    Thank you for the question.
    With WPMU we have one user with superadmin privileges, who really can install/remove plugins and themes. All other users even with 'administrator' role assigned can activate/deactivate plugins and select themes only. 'administrator' role works for its local blog not for all WPMU site and with some limitations.
    URE plugin works with settings inside local blog where plugin is called – this is wpmu compatibility territory. Current version of URE know nothing about superadmin and his super rights.
    It could be fine to know your and other URE users (who use it on WPMU) opinion – is it needed to extend URE functionality in this direction: may be hide capabilities which doesn't work for local blogs from local blog roles, add some features to work with site wide super admin role capabilities. I didn't investigate the subject yet and don't know what is possible to do with super admin capabilities without changing core WP source code. But if it is interesting for URE plugin users I can include this task to the future URE development plan. Thanks again.

  • Jenine

    Thanks Shine, that makes since. We will proceed without that feature. I definitely understand the security issues. It was just something I needed to check on. 🙂

  • Erik

    This looks like a great plugin! I have a site with three blogs. I wish to limit some of my users to only gain access to 2 of the 3 blogs. Is that possible with this plug in? If not, do you know if some other tool that might help me?

    Thanks alot!

  • In the blog editor (Site Admin-Blogs-Edit selected blog) you have Blog Users section:
    1st – you can remove users from that blog which you don't wish they have access. Those users still left in the wpmu users list and will have access to other blogs. Try with one and see what will be happened.
    2nd – in Blog Users section you can assign a role to every user of that blog. Try create an empty role with URE plugin and assign it to those users whom you wish to forbid access to that blog.
    I hope it will help you to resolve your problem.

  • Erik

    Ah thanks for fast answer. I am beginner at wordpress and do not understand where I can “remove users from that blog which you don't wish they have access”. You write in “Site Admin-Blogs-Edit selected blog”, I dont find this place. Either I check at post / edit blogposts or I check under User, but nowhere to find. Under your plug-in user role editor there is nothing about my three different blogs, only about general stuff.

    I am logged in as superadmin.

    Thanks!

  • Pingback: User Role Editor WordPress Plugin Italian | ShinePHP.com()

  • Please look at screenshots attached. If something still is unclear let me know. I will write a post about this possibly.
    http://shinephp.com/wp-content/uploads/2010/05/
    http://shinephp.com/wp-content/uploads/2010/05/

  • Erik

    Aha, I´m running wordpress not wordpress mu, perhaps thats why I am not getting the same options as on the screenshots. Is it possible to solve my problem with the original wordpress?

    Thanks again for the help!

  • Check this plugin CaPa Protect. As it is written in plugin description: Posts in a protected Category or Pages will not be visible unless the user or role has privileges to see it.
    There are a lot of other plugins , but many of them are not compatible with the latest WordPress version.

  • I thought that we talk about WPMU :). In case of single/original WP every single blog have its own users list/table in the database. So you need to work just with blog 3. Close new users registration. Make posts private. And that is done. Only registered for blog 3 users will have access to it. If it is not that purpose you search about, please give me more details. What do you wish to achieve with blog 3?

  • Erik

    Ah sorry I should have told you it was orginal WP from the start. Where do I access this database so I can edit users and make post private?

  • Go to WP admin dashboard and act according to screenshots:
    1) http://shinephp.com/wp-content/uploads/2010/05/… – check if this check box is turned off to forbid new users self-registration.
    2) To make post private user this WP interface
    2.1.) http://shinephp.com/wp-content/uploads/2010/05/
    2.2) http://shinephp.com/wp-content/uploads/2010/05/
    You can close the post with password OR make it private, that is accessible for registered users only.
    New users you can register yourself via admin – Users section.

  • Erik

    Again thanks a lot for the patience and help. If I passwordprotect entries or make them private, they are not accessbile to the public on the website. I want anybody that visits my site to be able to view everything.

    This site that I consists of three parts. Two blogs that my friends should be able to contribute freely too and one blog that is acctually more like a “static site” but that is programmed as a blog category since it was easier for me to create the site that way. So what I really want to do is forbid certain roles to contributes or edit a specific catergory.

    Perhaps I can close the possibility for a user role to change category so all their entries end up in a pre-definied category (blog)?

    Thanks!

  • No problem. Now I understood what you wish. When you talked about 3 blogs I meant 3 separate WordPress installations (3 sites) 🙂 in my answers.
    If you give a contributor role to your friends, they will can write post with any categories. But all theirs posts will be left as drafts. Contributor can not publish the post. You as admin or your most trusted friend with editor role will check if posts has right category, change category if needed and then publish that post. This way you will have your pseudo-static blog part with special category untouchable.
    Is this way suitable for you?

  • Erik

    hehe I see now that I have not been so clear about what I am after, but now you understand exactly what I mean.

    Your solution with divided contributer / author is going to work but I was hoping to get around the fact that my friends enties will be left as draft. It will work but if it is possible it would be better if the contributor could post online right away, without me needing to check it.

    Thanks!

  • Try this plugin Assign users categories. Simple, but first test shows that it works and does exactly that what you wish.

  • Pingback: Wordpress: As a forum « Scar.form « this.isn't.it.()

  • I think its a bit IRONIC that you cannot control which users roles can control the “user roles editor”… you would think that this plugin would have thought to add that in lol. Other then that I've loved it and think you guys did a great job.

  • Thank you.
    About “controlling which user roles can control User role editor”: It's not a bug, it's a feature. I'm sure that administrator role only should have ability to use User role editor.
    Do you wish to delegate some capabilities and role management staff to the other user role? If Yes, then for what purpose? This function is very critical. Please explain, what you wish to achieve, give me more details. I don't see for what it could be necessary now…

  • Kiir

    It seems not to work with WP 2.7

  • It is written for 2.8+. I didn't even tried URE plugin with 2.7. Consider to upgrade your blog to a newer version!

  • Brent Campbell

    Just an FYI … the plugin Exec-PHP doesn't play nice with your plugin. When you active it (Exec-PHP), you lose all edit options for all users except ADMIN.

    Just thought you would like to know.

  • Thank you, Brent, for this information. I will check the issue and try to fix it if problem exists on the URE plugin side.

  • I played with Exec-PHP v.4.9 and URE installed and activated together under WP 2.9.2. They works fine for me both. Can you give me more details? What role lose all edit options after Exec-PHP plugin activation in your case? Do you see new capabilities added by Exec-PHP: exec_php and edit_others_php? May be you should to add edit_others_php capability to the role in order to it not lose edit options for others posts? There are a lot of possible vulnerabilities with wrong permissions to execute PHP code, so be careful with it.

  • I have WordPress version 2.9.2 and attempted to install this plug-in. The installation process falsely stated success. Although I can create new roles, WordPress does not acknowledge the existence of those roles. ie: create a Guest_Author role with exactly the same permissions as Author, but WordPress will not allow them to be assigned a post or write a post. Permissions related to non-core abilities are not even saved.

    I read here about people using the plug-in with WPMU, NOTHING IN THE INSTALL verbiage stated needing WPMU. I don't even know why the system allowed me to install a plug-in that I cannot use.

  • Pingback: Des articles réservés aux membres identifiés ! - Le site des Utilisateurs de NetLiberté.org()

  • WPMU is mentioned here for the compatibility information only. URE plugin is developed for the single user WordPress first of all. That's why you can install it. Thus, you've setup the right thing to the right place.
    After you create new role, did you assign any permissions to it? Have you success with that operation? If something was wrong please describe your steps in details and error messages if you have any. Check the .log file in the plugin directory. Some information could be found there. Check your site PHP error log file if it is setup. Any concerning details are very useful to define the reason of your problem and fix it.
    So I need more details from you to analyse it and return to you with possible decision.
    Thank you,
    Vladimir.

  • Pingback: How to: Thumbnails in WP- MIAVERSE()

  • colonel

    Hi.

    This is a nice, robust plugin. I am running it with WP 3.0 in multisite mode. I have installed it in the plugins directory and “network activate”-ed it. However, when I create roles, they only apply to one site at a time. They do not propagate to all the sites, new or existing. It would not be feasible for me to recreate the roles for each new site every time.

    Have you checked to see if this plugin will work with WP 3.0 multisite? Am I doing something wrong? Thanks for your help and this fine plugin.

  • Hi,

    Thanks for the good words about URE plugin.
    There are no any mistakes from your side. User Role Editor (URE) plugin works with one site per time only, – that site, under which it is called by site administrator. This version of URE doesn't support real multi-site features, such as all sites automatic role propagating, etc… Thanks for your question, I will consider it in one of the future URE versions. Unfortunately, time for the open source development is a real problem, so I can not tell you that such features will be available soon. May be in the August, after my return from the summer vacation.

    Regards,
    Vladimir.

  • Widget Buster

    Hi,

    I am trying to list a role using this code.

    http://wpengineer.com/list-all-users-in-wordpress/

    Can you tell me how to determine the ID of a role I created with your plugin — or some other way to simply list the role by Firstname Lastname in a widget. That's all I'm trying to do.

    Thanks.

  • colonel

    No problem. I just set up a site as a template and then cloned it. I got lucky. That worked fine. The user roles got cloned too.

  • Hi,
    ID of a new role is exactly that word which you assigned to it when create it. If you create a role “new_role”, then it has the id “new_role”.
    User levels are deprecated in WP 3.0 so don't use it if possible.
    To get user Id list for the selected role, e.g. “subscriber” you can use this SQL query
    SELECT user_id
    FROM wp_usermeta
    WHERE meta_key='wp_capabilities' AND meta_value like '%subscriber%'
    Then build user names list for that IDs, etc…

  • One blogger asked me:
    – I would like to give someone access to the widgets but not make them an admin. How do I do this with your plugin?
    My answer is:
    You can create new role, e.g. 'widgetor', turn on for it minimal subscriber capabilities: 'read' and 'level_0'. Then add 'edit_theme_options' capability.
    That's it. Just assign that role to the correspondent user.
    If you wish to exclude some submenu items from 'Appeareance' menu beside the 'Widgets' item, you may go the way as described at
    http://www.shinephp.com/how-to-block-wordpress-… post.
    May be you have another decision? Share it.

  • First off – great plugin! Awesome idea, solid implementation.

    @colonel – I have the same issue, and it sounded like you came up with some sort of solution. Can you tell me more about that? I would really appreciate it.

  • Thanks.
    You can found information needed to realize that what you wish at the http://www.shinephp.com/how-to-change-wordpress… post. You can update User roles record at the wp_options tables of the new site with the roles data from the main site and thus, have the same duplicated roles set.

  • From the plugin users discussion I guess that it could be interesting for a lot of people – to have the ability to duplicate user roles data set from one WordPress site to another one.
    I think about adding export/import feature to the User Role Editor plugin in order to make roles data set duplication for the other sites as easy as possible. Please, share your experience and let me know if you are interesting in this additional feature for the URE plugin.

  • Xoxo Moonwitch

    Hello! Can this plugin let the editor role to modify the new menu implemented in WordPress? Thank you!

  • Jaclynne

    Hi, Thank you for this plugin, it is just what I was looking for.

    The only issue I have is that since installing it, no user is able to use the flash uploader due to “HTTP error”. Do you have any idea what might be causing this?

    Thank you.

  • Hello,
    Menu editor available via “Appearance” submenu. If you turn on “edit_theme_options” capability for the “editor” role, you let your editor to manage your blog menu. Be aware that there some other items in the “Appearance” submenu: Themes, Widgets, Background, Header. The most dangerouse is the “Widgets” in case if you have widget which allows to execute any PHP code.

  • Hi,
    Did you install the only User Role Editor plugin this time? I use Flash uploader without any problem with URE plugin installed.
    Are you sure that Flash uploader worked before URE plugin installation? May be some other plugin is the reason of your ploblem? You can try to deactivate URE plugin and see is there any changes in your flash uploader behaviour?

  • Jaclynne

    Hi, I installed an older version of the flash player which has solved this issue. The plugin is working with 3.0 without any issues. Thank you.

  • Pingback: How to: Thumbnails in WP | Playground()

  • Pingback: 发布两个WP后台插件的中文语言包 | Jacky小站()

  • Julie Strietelmeier

    I just upgraded to WP3.0 yesterday and installed this plugin. I had been using an older plugin called Role Manager ( http://www.blogperfume.com/plugin-role-manager-… ). It worked well with the previous version of WP, but wasn't compatible, so I switched to this one. :o) It works well except for 1 issues that I've found so far.

    For anyone with the existing admin role, we can't create a new post and insert an image without first saving the post as a draft. If we don't do this first, when we click the Insert Image button, it goes to a blank screen.

    Regards,
    Julie Strietelmeier
    http://the-gadgeteer.com

  • Ric

    Hi Vladimir. Fantastic plugin and so simple but effective to use! Just what I was looking for. One question because of a small issue, though: when I edit the “Authors” capabilities, I have a Flash gallery plugin (GRAND Flash Album Gallery) and that plugin is exactly the access I want to give the “Authors”. In your user role edit, the options for this plugin show up, which is great. But every time I select them:

    FlAG overview
    FlAG Use TinyMCE
    FlAG Upload images
    FlAG Import folder
    FlAG Manage gallery
    FlAG Manage others gallery
    FlAG Change skin
    FlAG Add skins
    FlAG Delete skins
    FlAG Change options

    and click “update”, they automatically unselect themselves, resulting in not giving the Authors access to them. Would you know why this is happening?
    Thanks for your help!!
    Ric

  • Thanks for the information, Julie. Excuse me for the late reaction – I had a vacation. I will check the issue and return with the decision.

  • Yourtd

    Hello Vladimir,

    Same issue as Rick. I choose editor, place check marks beside ngg gallery options, click up-date, but none of the settings are saved.

  • Hi,
    thank you and Rick for the signal. I will try to repeat this issue and then return with code update.

  • Hi Ric,

    I reproduced your problem with Grand Flash Album Gallery Plugin capabilities management. FLAG plugin author uses capabilities names with spaces inside – which could not be a valid identifier in HTML and JavaScript. That's the reason of a problem. I fixed it with adding some workaround code. If you wish to try it, download this updated package
    http://shinephp.com/wp-content/downloads/wordpr
    I will publish it at wordpress.org little later, after making some other minor changes. Please let me know, how it works for you.

    Regards,
    Vladimir.

  • Please check my answer to Ric below.

  • I could not repeat your situation on my test site. User Role Editor shouldn't allow to change built-in administrator role. Are you sure that such behavior appeared just after URE plugin installation and did not exist on your site earlier?

  • Ric

    Hi Vlad! Fantastic. Works perfectly now! I must say, brilliant service you have provided – both in the plugin itself and replying/solving issues. I really appreciate it. Thanks!!

  • Brandon

    Hi Vladimir

    Is there a way to allow a user to only modify the background image and header image upload? I am using twenty ten and I have tried every role option available outside of the Admin, and those options are not appearing for me. Thanks.

  • great plug-in. Having some trouble getting the right combination of rights to allow for a user to have access to edit pages where they are assigned as the page authors. edit pages, edit published pages, and publish pages but when edit the page as admin, they do not show up as a possible editor. is there a better way of doing this?

    Using wp 3.0.1 and role editor 2.1.7

  • I do use it on more than 1 blog, this is a great plugin.
    I use it now on a 3.0.1 it works okay, on the site http://hierlive.com I have “strangers” who need the role for the webcam / text / voice chat ……. permissions in the WP is than difficult with the standard…… this plugin helps very much to my site !
    great thanks!
    Ben

  • in my localhost. i have added users manually. and i tryed to change their role by adding the usermeta values. i gave userid 1234 -> a:1:{s:6:”author”;s:1:”1″;} for author . but when i see in the administrator panel. it still shows the user as “none” . After that i changed it through the admin page . and it got changed. the same value[a:1:{s:6:”author”;s:1:”1″;}], which i gave manually was there below & now it shows it as author. how can i manually change a users role through mysql . ?

  • I suppose that you have some differences in meta_value field though. Try this SQL expression:

    update wp_usermeta set meta_value=’a:1:{s:6:”author”;s:1:”1″;}’
    where user_id=1234 and meta_key=’wp_capabilities’ limit 1

    You can use correspondent umeta_id value to simplify where expression of course.

  • Brad

    I think I had a similar problem. Sorry if I’m stepping out of place Vladimir for replying to John, please let me know if I am. If the user logs in and creates & publishes a page first, then you as admin go look at their published page, the page should show them as author.

    Hope this helps.

    BTW Vladimar, this is a GREAT plug-in, perfect for what I needed!!! Brad

  • Thanks, Brad.
    I appreciate your help. Please, feel free to take part in any discussion.

  • Rg

    Hi.. I’d like to translate a localized version of this plugin. How could I start doing it?

  • Hi.
    – download and install poEdit software
    http://www.poedit.net/
    – Find your language code at
    http://codex.wordpress.org/WordPress_in_Your_Language
    – Go to the user-role-editor/langs/ subdirectory. Find ure.pot file there. Rename it to ure-.po (you can see a lot of examples at the lang folder).
    – Open it with poEdit. Make your translation. Save changes.
    – Send me your language .po, .mo files.
    – Do not forget to include into email link to your site and translation for the string
    ‘For the help with
    translation’. I will use that information to place greeting at shinephp.com and plugin readme.txt file.

  • Pingback: Have you ever wanted a nicer meta widget? « Barnowls()

  • Pingback: chinmoy29 on "Create Authors and assign them to a page or pages" | w3 experts()

  • Did you assign a new (Sales) role to user under which you make test login?

  • Anonymous

    Hi love the plug in it has allowed me to set my site up almost perfectly.

    I have a request though. Could a button be added that removes the display name or nick name option for a user? I wish to force registered users to use their real names and not have the option to chose a nick name or display name. If you do not wish to add this feature could you suggest how I can modify my WP installation to remove the option from users profile page.

  • Hi,
    I hope this post could help you to achieve needed result:http://brassblogs.com/cms-platforms/wordpress/hiding-information-from-the-wordpress-adminI did not test it myself. But it is looked as a working code. Include it to your blog theme functions.php file. Delete or comment rows for information which you do not want to hide. And test it.

  • Nasanction

    Is there a list as to what the levels are, and what they do? IE: Level 0 thru Level 10.
    Thanks in advance for any help…

  • Pingback: Custom User Roles and WordPress Core Code Compatibility Issues | ShinePHP.com()

  • Read this article about user levels http://codex.wordpress.org/User_Levels. Be aware that
    quote: “User Levels were introduced in WordPress 1.5, they were replaced by Roles and Capabilities in WordPress 2.0, and were finaly deprecated in WordPress 3.0. “.

  • URE plugin doesn’t change any WP functionality itself. It just changes user’s role capabilities set. I can suppose that something is wrong with role which is assigned to your user. Could you list his role capabilities here?

  • Pingback: User Switching WordPress plugin review | ShinePHP.com()

  • Anonymous

    Hey Vladimir,

    After installing your fantastic plug-in on 3.0.1 and providing the user with edit_files and upload_files, I noticed the user is unable to actually edit uploaded media. For instance, when the user mouses over an image in the media library, only the view option is available, so user is unable to actually delete a single image. The only way that I have found to accomplish deleting media is with a bulk action. Can you confirm?

    Thanks again for the plug-in!

  • Hi!1st, I’m sure that you gave user at least edit_posts additionally to work with Media Library, right? As such user can edit his own posts only and his own media in library. To add user ability to edit others media you need to add ‘edit_other_posts’ capability to his role. Thus, he will see ‘Edit’ link in the Media library for every media. To add ‘Delete Permanently’ link there you need to add ‘delete_other_posts’ capability to the user role.Thanks for the good words about URE plugin.

  • Nams

    Hi Vladimir,

    Nice plugin. I have a problem though. I use my site as a CMS and want my client to be able to add and edit pages, etc. I have created a new user for this eg, “client” and made him an ‘Editor’. I don’t want him to be able to see the Plugins or Tools etc, only a few pages. BUT I am using WordPress 3.0.1 which uses a menu manager which is in the ‘Appearances’ menu. I want my client to be able to add new pages, then go to the menu options in Appearance and add the page to the menu BUT I don’t want him to see the other options in the Appearance menu, such as Themes, Widgets, Editor, etc. Is there a way to allowing the client to ONLY see the Menus part of Appearance WITHOUT seeing the other options?

    Cheers,

    Nam

  • Hi Nam,
    Look at How to block WordPress admin menu item post. It will show you to how to hide and block unwanted menu items from Admin dashboard.
    WordPress dashboard menu is defined in wp-admin/menu.php file. Look at line #157. I think that you can exclude this
    $submenu[‘themes.php’][5]
    element from submenu array to hide ‘Themes’ submenu item, etc.

  • SK

    Hi, thanks for the plugin. I am able to have a peace of mind when I delegate proofreading jobs to other people who will have to edit my posts.

    So I change to role of the editor to only able to edit post, edit published post, and edit other posts, as well as pages. I didn’t check the box for comment moderation, but I found out that the editors can still unapprove, edit, and trash the comment, how can that be fixed? thanks

  • Hi,
    I don’t know how it could be fixed without changing the core WordPress code. But that is not a good practice :).
    If you look at the ‘wp-admin/edit-comments.php’ you see at the begin of file (line 12) that ‘edit_posts’ is a pass capability to this script functionality.
    Further in the code we can see that ‘moderate_comments’ capabilty is checked for the ‘Empty Spam’ and ‘Empty Trash’ links only. We could not find any other capability checked in this script. Thus, ‘edit_post’ is the main capability having which user can make with comments all that he/she wants.
    If you decide to edit ‘edit-comments.php’ you can replace all ‘edit-post’ to the ‘moderate-comments’ and get what you wish with a high probability (I didn’t make a test myself :).

  • This plugin http://wordpress.org/extend/plugins/simple-admin-menu-editor/ could help you. You should be aware that it just hide selected menu items, but do not block them – your registered visitor with capabilities still can call correspondent script directly via right URL.

  • Razman

    Hi,
    i’ve installed a plugin called WP JobBoard. i want to create a user capability to control over a specific part of the plugin in my WP backend. For example, i want to assign a user to control the ‘Edit Job’ section only, not the entire WP JobBoard plugin. Is there any manuals for dummies like me?

    Thanks!

  • Hi,
    1) If WP JobBoard supports its own user capabilities then it’s easy. Just add needed JobBoard capabilities to the one of existing or new created roles with “User Role Editor” plugin help and it’s done.2) If WP JobBoard doesn’t support its own user capabilities as some other plugins do, then it is not easy task to achieve your purpose. You can take one of such plugins, e.g. WordPress Download Monitor as an example of how to add to WordPress and use your own capabilities, investigate its code and realize your own user rights model for WP JobBoard plugin. You should to change its source code for that, of course.

  • Raj

    Hi Vladimir, I have installed the plugin but get an error on the settings page. Fatal error: Class ‘SimplePie’ not found in …/wp-content/plugins/user-role-editor/ure-lib.php on line 427.I would kindly appreciate any help as I am not fully code savvy.

  • Raj

    Sorry my mistake, that error is for the new plugin feed! The settings page itself appears blank without any error messages. :/

  • This problem is related to your WordPress version, I guess. If you use WP version under 3.0 please downgrade URE plugin to 2.1.10 version from your backup or http://downloads.wordpress.org/plugin/user-role-editor.2.1.10.zip
    I have included note about it into readme.txt installation notes and at the begin of URE page here at shinephp.com before publish this v. 2.2. User Role Editor update.

  • TXsunra

    Vladimir …. Why do I keep getting this message ..

    Fatal error: Cannot instantiate non-existent class: simplepie in /home/mpetrea/public_html/wp-content/plugins/user-role-editor/ure-lib.php on line 427

    Line 427 says this $feed = new SimplePie();

  • Jacek

    Fatal error: Class ‘SimplePie’ not found in /virtual/eu/pinezki/wp-content/plugins/user-role-editor/ure-lib.php on line 427

  • What WordPress version do you use? If it is less than 3.0, you have a problem with URE 2.2. Use previouse URE 2.1.10 instead. It is mentioned twice: at readme.txt and here, on site.

  • It is WordPress version related problem. Is your WP older than 3.0?
    If Yes, you have a problem with URE 2.2. Use previouse URE 2.1.10 instead. It is mentioned twice: at readme.txt and here, on site.
    If you WP 3.0 or 3.0.1, than please let me know in order to find a fix the real problem.

  • HR

    Hi Vladimir,

    WP3.01 up and running here and the same error as Jacek above

  • Thank you for the information. It is my mistake. I will fix it ASAP (possibly in hour).
    Thanks again to all who helped me to isolate this.

  • Updated 2.2.1 version is published. Please update your URE plugin installation to the latest one – “Fatal error: Class ‘SimplePie’ not found in” is fixed there.

  • Prof. Dr. YoMan

    Up and running. Thx!

  • Stephberg

    Hi Vladimir!

    Love your plugin and I’m using it on a multisite install. I just upgraded to the latest version (2.2.1 from 2.1.10) on my local test server running WP 3.01 and I lost the “User Role Editor” entry under the “Users” menu in the admin.

  • Stéphane Bergeron

    Ok, must be something weird with my local install as it updated fine on the live server. Any idea what might prevent the menu entry from appearing? I’m not getting any error messages.

  • Hi Stephane!
    Let me guess, function to show URE menu entry in the Users menu is called with checking ‘create_users’ capability. If your current user has not such capability you will not see ‘User Role Editor’ menu entry.

  • Stéphane Bergeron

    Yep, that’s exactly what it was. I had to check the ability for site admins to create users in the Options page of the Super Admin menu. That option was checked on the live site so it worked there.

    Thank you VERY much for this awesome plugin.

  • Marc

    Hello,

    I installed User Role Editor 2.2.1 and after the activation process other plugins or the footer will not be displayed.
    Is there a permission/redirection problem ?! All widgets from the WPG2 Plugin and the WPG2 site is noch available.

    When I deactivate the plugin all is fine.

    Can you help me ?

    Thanks,
    Marc

  • Hello Mark,

    I will check if any compatibility issue exists between URE and WPG2 and write about the result.

    Regards,
    Vladimir.

  • Ma’moun

    Does it support custom post types that introduced in WordPress 3.0?

  • URE plugin gives you ability to edit existing WordPress roles (add/remove capabilities), add new roles and fill them with capabilities according to your requirements. As WP has no special capabilities to manage users access to the custom post types, URE can not help you with this task.

  • Noclans

    Hello

    thx for this plugin and your work, but in the last version, i have an error :

    Fatal error: Out of memory (allocated 34078720) (tried to allocate 77824 bytes) in wp-includes/class-simplepie.php on line 14440

    My blog is running on WP 3.0.1 and URE Version 2.2.1

    Have any idea ?

    ps : excuse for my poor english, it isnt my first lang.

  • Hello,

    Is it possible for you to increase PHP memory limit in your site php.ini? For example
    memory_limit = 64M
    If you use shared hosting and can not increase PHP memory limit open ure-options.php file from wp-content/plugins/user-role-editor directory and comment lines # 172, 173, 174.
    That is a ShinePHP.com News section. It uses class-simplepie.php RSS engine to retrive data from shinephp.com and show it at the User Role Editor plugin options page.

  • Peter

    Hi, I have a question.

    Any action I seem to do, wether selecting an option for a role or even adding a new role causes it to log me out and wont let me re log in unless i delete the redirect from the URL. Any ideas why this might be happening?

  • Hi,
    No ideas :). URE plugin doesn’t use any redirection technique itself. How other plugins works at your site? Any similar behavior? May be some rool at your site .htaccess works here…
    As a final variant I could to take a look on your situation from your admin back-end. If it is possible for you send me URL and admin creadentials via this site Contact form or to my email which you can find at the plugin readme.txt file.

  • Roman

    Hello Vladimir,

    Do I understand correctly that URE is not compatible with Buddypress?
    (after activation I see no URE setting menu in admin).

    thank you.

  • Hello Roman,

    I didn’t test URE with Buddypress together yet. It is a first signal. There is known issue with URE setting menu under multi-site WordPress installation. Superadmin user has not ‘create_users’ privilege from time to time. I’m searching the workaround. Is it your case?

  • Roman

    thanks for reply,

    I have multisite + Buddypress and after activation of URE I simply don’t see URE settings under WP settings menu, but if press settings link of URE on the plugins page (near activate/deactivate links), it returns me to the dashboard. Therefor I can not even conclude whether there are any ‘create_users’ like issues. What is good, I have no any fatal errors after activation 🙂

  • This problem is described in details here
    http://shinephp.com/community/topic/cant-access-plugin-settings-page
    Please read. You can find a hint for the temporal workaround there.
    I will try to resolve the issue as soon as have enough time :).

  • Anonymous

    Hey Vladimir,
    I am using WPMU 2.9.2 – Can URE create a new role for entire site or only per blog?

    I currently use Capability Manager, which only creates new role per blog. So I must add new role for each new blog.

    I want plugin that create new role available on all blogs in my site.

    Is this possible with URE?

    Thanks,
    Pat

  • Hello Pat,No, URE works with one blog at the time only (a current one), not with entire site. There were the same requests from other URE users already. So I keep this idea in my development plan. But I can’t say when I realize that, may be this month, may be the next one. General problem – the lack of time :).Regards,Vladimir.

  • Vladimir: What about menus? I want to use your plugin because it’s simple, but I can’t add access to the menus for the Editor role. Will you be adding this soon?

  • URE works with existing capabilities only. I don’t plan to add ‘new capabilities’ functionality.
    Try to add ‘edit_theme_options’ capability to the Editor role. Editor should see the ‘Appearance’ menu and ‘Menus’ item there then.
    If you need more advanced control on the admin menu, try to use code discussed in
    http://www.shinephp.com/how-to-block-wordpress-admin-menu-item/ post to hide and block from user unneeded items
    or see if you can use ‘Simple Admin Menu Editor’ plugin in addition to URE. Be aware that this plugin just hide/show menu items, do not prevent direct link requests to the hidden items.

  • Hi, Vladimir.

    This looks like a great plugin, but I can’t get it to work.

    When I Activate or Network Activate URE, nothing happens. There is no control panel anywhere, and when I click settings in the plugins linst, I am just taken to the Main dashboard (…wp-admin/?c=1).

    I have a fairly new WP 3.0.1 Network – it was a clean setup a few days ago. I have experimented with other plugins, but they have all ben deactivated, and for the most part deleted, and I have run the clean options plugin to see if I could clean away the problem. No luck.

    I have tried installing both from the plugin installer, and by downloading your latest version and uploading manually via FTP.

    Do you have any idea what could be wrong? Or what I can do to figure it out?

    Best regards

    Christian

  • Hi Christian,

    I’m sorry about problem you have. It is known problem for the multi-site WordPress configuration. I hope to fix it this weekend. Look here for the fast workaround
    http://shinephp.com/community/topic/cant-access-plugin-settings-page

    Thanks for giving URE a try :).

    Regards,
    Vladimir.

  • Pingback: The Blog of Dennie Briggs and Plugins « Ian's Den()

  • Thanks for your quick reply. That worked like a charm. 🙂

  • Hello again, Vladimir.

    I’ve been experimenting a bit now, and I like URE. It is easy to use, but it seems it can’t do what I hoped. Maybe you can tell me if it is even possible?

    I want to create a special role for all site owners on a network, with quite limited capabilities (basically work with posts, pages and uploads, and little else – less than editor, a bit different from author). However, even if I can create this role in URE, or edit an existing role to fit, my new role can’t be applied (automatically or manually) to subblogs. Is this right? If so, do you know if there is another way to do what I am looking for?

    Christian

  • Thanks.URE works with one blog/sub-blog at the time, that blog under which it is executed. There were requests of the functionality to add/edit role for all sub-blogs simultaneously in multi-site configuration. This feature is included in my development plan. The time is a real problem, so I could not say when it will be realized exactly.Workaround: It could be done manually. 1st way, direct edit of WordPress database. Read these posts for the guideline:http://www.shinephp.com/how-to-change-wordpress-user-role-capabilities/http://www.shinephp.com/how-to-change-wordpress-mu-user-role-capabilities/2nd way, use current URE for that. Just login to every sub-blog and create/edit role you need for that sub-blog. It is possible, of course, if you have not so much sub-blogs.

  • David Sword

    the option “edit_posts” allows editing of Media, but reveals “Posts” in the admin navigation – My clients need to “edit” media, but not “edit” or see “Posts” at all .. in the future where there ever be more specific allowance for media, or is this as specific as it can get?

    love the plugin – will donate when website launches!

  • Dinis

    Hi Vladimir,

    I have a website running WordPress 3.01 and when I try to activate the plugin it spits out the message “Plugin could not be activated because it triggered a fatal error.”
    I have installed wordpress via simple scripts on bluehost.
    Would you be able to help me?

    Thanks in advance,

    Dinis

  • Hi Dinis,

    It is strange, as URE just delete one old option and creates a new one during activation. That’s all.

    Try to set WP_DEBUG (define(‘WP_DEBUG’, true);) – true in your blog wp-config.php file. It could help to see more details about errors on screen. If you see that debug output, please try to find information related to the User Role Editor plugin (any file beginning from ‘ure-‘ are from the URE plugin package) and show it here.

    Regards,
    Vladimir.

  • Thanks, David, for the good words.
    URE plugin manages existing capabilities (included to the WordPress and added by the plugins). I did not plan to add any such functionality (create new capabilities) yet. It would make URE more complex for the users.
    You can hide and block posts related menu items yourself, using technique described in this post.
    http://www.shinephp.com/how-to-block-wordpress-admin-menu-item/
    Pay attention to the useful code additions to this post in the comments.

  • Pingback: The Making of the EngX | EngX – The Engineering Exchange()

  • Anonymous

    Hello. I have installed this plugin and it is available in my dashboard. I have altered the Author settings so that users can only edit/delete PAGES for which he is an author. I have added certain users to various pages as authors. When I log in as that particular person, he is only able to VIEW his pages, not EDIT. If I check “edit others pages” then the author has access to ALL pages which I do not want. What is the problem? And how can I correct it?

  • Hello. Please show the list of capabilities included into your modified Author role. I will check what does WordPress check comparing to what your altered Author role really has.
    If you excluded ‘edit_post’ capability, then problem could have the same reason as described at
    http://www.shinephp.com/custom-user-roles-and-wordpress-core-code-compatibility-issues/

  • Ma’moun

    Does this plugin support custom post types that came with WP3?

  • User Role Editor works with WordPress existing roles and capabilities only, that is you can select from standard WordPress capabilities and capabilities added by other plugins. WordPress 3.0 did not added any new capabilities for managing access level to the custom post types. When and if such capabilities appear in WordPress you will see them in the User Role Editor automatically.

  • I have yet to try your plugin, but expect to in the next couple days. It looks very good.

    Until then, I have a question about compatibility. If I add a new role, will that role show up in the “Authors” dropdown box in the Post or Page panels, for assigning to an article? The reason I ask is because I tried Members by Justin Tadlock, but newly created roles did not show up in the Authors dropdown list.

    Also, will User Role Editor work with a plugin like Adminimize, that can control what menus, submenus, and dashboard features are available to a given user role? Thanks for your help!

  • You see user names at the “Authors” dropdown box, not the roles. So you can assign user as an Author to the post or page, not the role.
    Yes, User Role Editor is compatible with Adminimize plugin. You will see any new created role at Adminimize plugin interface.
    Usin Adminimize be aware that it only change visual presentation of admin interface. It doesn’t really block functionality which you see deactivated at Adminimiza interface. Experienced User still could call ‘deactivated’ functionality via URL direct call, e.g. /wp-admin/post-new.php, etc.

  • Yes, thank you Vladimir, in “Authors” dropdown box, I meant user names with a created role. I created a role of Manager in Members, and the user associated with that role would not show up in the user list to assign as an author for an article. I’ve already tested it with yours and that functionality works perfectly, thank you.

    On a different matter, I’ve created a role of Manager in User Role Editor (URE), and initially had the capabilities “delete_plugins” and “edit_plugins” unchecked, but the plugins tab did not show up at all in the admin panel for the user with that Manager role. I then assigned the Manager role every capability except user management capabilities, and the plugin menu tab and submenus continue not to show up in the admin panel for the user with that Manager role. This is a brand-new install of WordPress 3.0.1 with only URE installed and activated.

    By the way, I found your comment about Adminimize enlightening. I see that User Role Editor already does admin menu and submenu activation/deactivation to some extent. Is this full deactivation that blocks access to the page completely for that user? I like how Adminimize can get down to a very granular level of not showing particular plugin menus, dashboard widgets, and such. Can URE do this as well, or do you recommend another plugin or process which gives granular, COMPLETE activation/deactivation functionality as you describe?

  • To be clear about my purpose Vladimir, I want to assign a role that I can have a virtual assistant or client use to set up a blog, that still prevents her from potentially deleting or demoting my user access to the site unintentionally!

    So, in further testing, I determined that by checking EVERY capability in the list and saving it, I was able to get the Plugins menu to show in the Manager role. I then unchecked “edit_users” and “edit_plugins” and “delete_plugins” which gets me 99% of the way there. Unfortunately, URE still shows up in the plugin list and could be deactivated. If that happens with a created, non-administrator role, does the user’s role get demoted, to an editor for example, or could it become promoted, to an administrator? I hope my question and aim are clear.

  • Please excuse all these messages, but Disqus doesn’t play nice on your page on my computer and I can’t edit my previous entries.

    I’ve determined a couple more things:

    1) if I deactivate URE from within the Manager user’s Plugins panel, I can then see the administrator user in the Users list and delete it;

    2) the one capability that can be unchecked that causes the Plugins tab to disappear from the user’s admin menu is “delete_users”. All the others can be checked and unchecking this one alone still causes the entire Plugins menu and its submenus to vanish. However, I can still navigate to the menu directly through “/wp-admin/plugins.php”.

    Is there a way to create a capability “deactivate_plugins” or even better “deactivate_user_role_editor” or “edit_user_role_editor_options”? I’m looking for security for my user account and its role and capabilities, without limiting my assistants or clients from being able to manage other admin areas. Other than that, this looks like a terrific plugin Vladimir. Thanks for making it available. I look forward to your response.

  • Thanks, Dion, for your questions.After URE deactivation all changes made to the roles staff are left in WordPress database and still works. But you are right, measures preventing from admin user deletion are gone with URE deactivation together.I confirm that ‘Plugins’ menu is managed with ‘delete_users’ capability for blog alone and super_admin rights under multi-site environment.Do you need your virtual assistant may manage blog users? Currently, URE settings page is unavailable for user if he has not ‘edit_users’ capability. I will change that to ‘delete_users’ possibly to make URE more compatible with WordPress core code. If you exclude ‘list_users’ capability from your Manager role too, that user will not see users list, and have not an option to make something with admin user, even after URE plugin deactivation.Another way you can go is described athttp://www.shinephp.com/how-to-block-wordpress-admin-menu-item/You can hide needed menu items with Adminimize plugin and block the direct URL calls using technique described at that post. Just block ‘plugins.php’, ‘plugins-install.php’, ‘plugin-editor.php’ for example.Feel free to ask questions if you need further assistance.

  • Vladimir, first let me thank you for being so quick in reply. 🙂

    Virtual assistant does not need to have any access to users, so that would be fine. However, I need her and clients to be able to install, activate, and adjust settings of plugins. Problem is, if they can access plugins, they can deactivate URE, and then delete administrator or any other users. So the real problem is not Users capabilities, but plugin capabilities.

    Do you have any suggestions for how to block deactivation of plugins generally, or URE specifically?

  • Let me correct you a little. If you let somebody to install plugins and not trust him/her enough that is the REAL problem. Via plugin installation feature user can install any code to your WordPress site (via ‘Upload’ feature) and make with it whatever he wish (get DB access, change anything in WP settings, make backdoors, etc.). WordPress could not limit free code execution inside plugin. It is possible to make it via WordPress plugin repository too. There is no any security check for plugin before upload it to WordPress repository. So bad guy could upload malware code into WordPress plugin repository, install it to the client blog from there and update repository to hide suspicious code from the community.

    Finally, you have not any defense from your assistent if you let him install plugins. You can just build regular backups to make full restore of your site via FTP if something will go wrong.

  • Very true, Vladimir! I guess I just grew up with the philosophy, “trust the Universe … and lock your doors.” 😉

    I know that a better mousetrap sometimes just builds a better mouse; I simply don’t want to make it fall-over easy for someone who’s feeling a little devilish or adventuresome.

    Along those lines, I used the suggestions from the page you recommended and built a redirect from the settings link in User Role Editor which works perfectly, here:


    function permissions_user_role_editor_redirect() {
    $result = stripos($_SERVER['REQUEST_URI'], 'users.php?page=user-role-editor.php');

    if ($result!==false && !current_user_can('edit_themes')) {
    wp_redirect(get_option('siteurl') . '/wp-admin/index.php?permissions_error=true');
    }

    }

    add_action('admin_menu','permissions_user_role_editor_redirect');

    The problem is, I copied the exact same code and filled in the variables for Adminimize, but it doesn’t work. I think the redirect is failing because of something to do with Adminimize coming from the options-general.php page, as shown:


    function permissions_adminimize_redirect() {
    $result = stripos($_SERVER['REQUEST_URI'], 'options-general.php?page=adminimize/adminimize.php');

    if ($result!==false && !current_user_can('edit_themes')) {
    wp_redirect(get_option('siteurl') . '/wp-admin/index.php?permissions_error=true');
    }

    }

    add_action('admin_menu','permissions_adminimize_redirect');

    Any ideas?

  • OK. I just wished to be sure that you know.About code for blocking the Adminimize settings page. Your code example is fine. I tried it successfully under my test site. It works as expected.Yes, wp_redirect could fail in some circumstances. I met that behavior once and did not find the reason :).Another way to block access to the Adminimize:I checked Adminimize plugin code. It checks ‘switch_themes’ and ‘unfiltered_html’ capabilities to show its settings page in the ‘Settings’ menu. If your ‘Manager’ role will have not one of that capabilities, then user with that role will not have access to ‘Adminimize’ interface. May be it will resolve your problem.

  • Thanx for your good articles and your replies.

    2nd way isn’t really doable for the kind of project I’m looking for, though, and 1st way looks a bit too tricky for me for now. I understand your problems with time 🙂 I guess I’ll just have to wait a bit with the functionality I’m looking for.

  • Hotjoint

    Can i delete a role that was not created with this plugin? I have a role that one plugin created and want to delete it

  • If you see that role in the “User Role Editor” role selection drop down list, then – Yes, you can. I mean, role should be created as standard WordPress role. Additionally, “User Role Editor” allows to delete role if it is not in use only. That is such role should not be assigned to any user. In other case you can not select that role for deletion.

  • yeah! i did it!!! thanx a lot! 🙂 this delete all the role in the DB right?

  • If it is not multi-site installation that ‘Yes’. Under multi-site configuration current URE version makes updates for the current blog/site only. That is you need to make update site by site.
    Reade these posts
    http://www.shinephp.com/how-to-change-wordpress-user-role-capabilities/
    http://www.shinephp.com/how-to-change-wordpress-mu-user-role-capabilities/
    if you wish to know more about how WordPress stores its roles and capabilities data.

  • Is there a way to give editors permission to create and delete users but not delete any admin users?

  • Info

    Hi,

    I’m using WordPress 3.0.1. I want to allow contributers to edit posts that they have already had published, but for the edited post to only be published with permission of the site admin. Can I do this using your plugin?

  • Yes. Such limitation was in the previous version. But current one lost it by my mistake. You can try this update
    http://www.shinephp.com/wp-content/downloads/wordpress/plugins/user-role-editor-2.2.3.zip
    where I fixed that. While URE is active user can not edit users with ‘administrator’ role. Be careful if you decide deactivate URE plugin. Remove edit_user capability from not administrator users before that.
    I don’t publish it at wordpress.org as I near to finish the next version of URE plugin, which will be true multi-site one.

  • great stuff. gonna give it a try. thanks heaps!

  • Hi,
    This is just a draft plan, how to realize that. You could try to add ‘edit_published_posts’ capability to your ‘Contributor’ role. It should add to contributor ability to edit published posts. If ‘Yes’ then half of the task is done. The second half could be realized as additional code in your theme functions.php. WordPress has ‘publish_post’ action, which fired every time when post is published or published post is updated. So you need to check in this action hook if user is contributor and change post status to ‘unpublished’.
    Let me know if you need further help with this subject.

  • works beautiful!

  • John

    You mentioned that a “Network feature, something like super-admin global role editor will be added in the nearest release.” Any ideas when that will be coming out? Also would it be possible to request a new feature? I’m looking for a plugin to not only manage roles from one account for all sites, but I also need the ability to add custom user capabilities to the roles. Any chance that such a feature will be possible?

  • Thanks for the questions.
    1) It is difficult to give you the exact date: may be next week, but may be next month. It depends from how free time I will have to work on the plugin. One thing, I can say exactly, I’m working on this update.
    2) Yes, it is possible. I included it to my development plan for “User Role Editor” plugin.

  • Thank you for the feedback.

  • quadracentifiable

    GREAT plug in! What are the “levels” for? And is there any way to give, say an Editor, access to only certain pages? Thanks 🙂

  • Trs912

    Looks like a neat plugin. Is there a way to enable users to be allowed to use a certain plugin? For example, Im using a plugin that allows me to import photos. Can I set it up so users can use that plugin option as well, but not be able to delete or add other plugins? So, basically I just want them to be able to utilize One plugin.

    Thanks,
    Mike

  • User Levels were introduced in WordPress 1.5, they were replaced by Roles and Capabilities in WordPress 2.0, and were finaly deprecated in WordPress 3.0.
    More details are here:
    http://codex.wordpress.org/User_Levels
    http://codex.wordpress.org/Roles_and_Capabilities
    User Role Editor could help you visually manage WordPress roles and its capabilities set.

    If you need more advanced control on the users access to your blog content (like an access to the concrete pages) look on the “Role Scoper” (http://wordpress.org/extend/plugins/role-scoper/) plugin or similar one additionally.

  • Thanks. About your question:
    It is not so easy task. Generally plugin’s author defines user level which is allowed to use his plugin. So if author decided that his plugin could be used by blog admin only – you can change that by editing plugin code only.
    In your case it is not enough for the user to see the plugin menu item to use it. User needs to have some additional capabilities (like upload_files, unfiltered_html, etc.) in order to plugin works correctly. User Role Editor could help you achieve that.
    But, when you give user additional capability you need to check that you don’t make a security hole in some other place and user can do that things only that you wanted he do…

  • Rwest

    I just installed this plug in and got this
    Deprecated: Assigning the return value of new by reference is deprecated in C:wampwwwnlccblogwp-includesclass-simplepie.php on line 738

    Deprecated: Assigning the return value of new by reference is deprecated in C:wampwwwnlccblogwp-includesclass-simplepie.php on line 1108

    Deprecated: Assigning the return value of new by reference is deprecated in C:wampwwwnlccblogwp-includesclass-simplepie.php on line 1602

    Deprecated: Assigning the return value of new by reference is deprecated in C:wampwwwnlccblogwp-includesclass-simplepie.php on line 1643

    what is wrong?

    I am using WordPress 3.0 on localhost at this time

  • >> What is wrong?
    I think – nothing. This message is about PHP 4 style object creation, like
    $this->sanitize =& new SimplePie_Sanitize;
    SimplePie class is not written by me. It is opensource project
    http://simplepie.org/
    which code is included into WordPress 3.0 package. So the step to clear code from deprecated PHP features is for them, SimplePie authors. I think it will be done but not so fast, as a lot of providers uses older PHP versions including 4.0.

  • Francisco Ernesto Teixeira

    Hello, I’m a orphan user of Capabilities Manager Plugin (the developer discutinued). I updated it to work on WP3 like a charm. But a looked a way to give to users it and add a Group Manager (ex.: a user can add a role “Potato”, a rule “Ruffles” and can be a user these both groups). And now I’m using your plugin because is still developed.

    And wait for your contact!

  • Hello,
    You are welcome.
    My contact is included into URE plugin readme.txt file.

  • 4bco

    Thanks for the great plug-in. I thought I was going back to the design board when an editor couldn’t update the text in a sidebar widget until I found this! You’re a life saver! Thanks again.

  • It’s a pleasure for me to get such feedback. Thanks to you for using this plugin :).

  • Alby54

    I need to create a role that can modify users (i.e. activate unverified users) but I do not want the User Role Editor panel to become available for that role. To give you an example; if I check ‘edit_users’ for role ‘Author’ … all the authors can modify users lower than their own level but through the panel they can also edit the privileges for Editors and other higher level users. There’s definitely something wrong…I’m using the basic theme with wp 3.0.2 and the problem occurs even if I disable all the remaining active plugins. Any hint?

  • Please read my answer to Good Web Design below in this thread. I think it will help.

  • Pdreed

    Hi I finally got the plugin configure live I want. But it is not allowing user to read private post or pages. I setup a new role with the read_private_pages and read_private_posts plus as edit page and post options. Create user with this new role. Login as that user can can get to edit options and others wanted. But none of the private posts/page are show to the user. Why?

  • Hi,
    I can suppose only that you missed some key capability in your new role possibly. WordPress documentaion says ‘Private posts are visible only to you (and to other editors or admins within your site) ‘. So you can try to get Editor role as the starting point for your new role and exclude unneeded capabilities from it step by step checking if user still can see private posts on every step.

  • Ben

    I’m trying to allow the Editor roll to add new pages to the menu in WP 3.0.2 but not sure how to do that. I also wanted to remove the dashboard. Any thoughts?

  • John B.

    Hello Wladimir,

    do you know when your plugin will be available for multisite administration ?

    Thanks
    John B.

  • Hello John,
    I work on the subject and plan to publish real multi-site version of URE plugin at the end of December, 2010.

  • – If you see at line #166 of wp-admin/menu.php you will see that ‘edit_theme_options’ capability required to see ‘Menus’ item at the ‘Appearance’ submenu.
    – To remove dashboard from your admin backend try technique described at this post
    http://www.shinephp.com/how-to-block-wordpress-admin-menu-item/
    or look if one of these plugins (‘Adminimize’, ‘Simple Admin menu editor’) could help you.

  • Hi,
    ‘Widgets’ is placed in the ‘Appearance’ submenu. Access to to this submenu is controlled by the ‘edit_theme_options’ capability. Add it to the Editor role and your editors will get access to the Widgets (including Themes and Menus).

  • Cheese Head

    Zdravstvuite Vladimir, thanks for a great plugin!

    I’ve read through all the pages of posts and this in the only one that addresses the same issue I have. My WordPress website has articles type posts and in addition to normal type posts, I want to have Wiki type posts. I’ve checked the current WP plugins and none are simple/seem to fit, thus I have created a Wiki User ID with Contributor status as simpler Dashboard and I was going to pass out the User ID and Password to members who want to help build the Wiki’s. (You can see my website by googling cheese forum). My problem thus as above post, Contributors can update the Wiki type posts, but I’d like to be able to admin approve the changes before they publish.

    Thus two questions, first any advice on setting up Wiki type posts/articles, and second while I can use four plug in to give Contributors ability to “edit their published posts”, where and how do I do the second half (I’m using Atahualpa theme)?

    Thanks in advance!

  • Helga

    Thanks a lot for this plugin. There’s just one problem: Users with modified roles are no longer listed in the drop-down menus for changing the author of a post. So, when another user sends me a text, I enter it and then want to designate him or her as the author in WordPress – they’re no longer listed.

  • As I see, WordPress includes into this dropdown list only users with ‘user level’ > 0. Be aware that it is not enough just check ‘level_1′ in your new custom role, if this role is assigned to a user already. WordPress 3.0.4 doesn’t check a role when builds this dropdown menu users list. It checks wp_usermeta.meta_value DB table field for the meta_key=’wp_capability’. This field is changed when you change role for the user via user profile editor. So you need to change role to such user to some other role then change it back to your custom role to have needed wp_capability setting in wp_usermeta table for your user.

  • Helga

    Yeah, that solved the problem. Many thanks!

  • Hi, does this plugin allow you to redirect comment moderation emails to the editors instead of the admins.

  • Hi,
    No. URE plugin will not help you with this.
    Moderation email is sent by ‘wp_notify_moderator’ function located in wp-includes/pluggable.php file. It takes email address to send message from the ‘admin_email’ option, using this line of code:
    $admin_email = get_option(‘admin_email’);
    WordPress applies some filters before sending email. So it could be possible add something like ‘CC:’ field value to the email headers using ‘comment_moderation_headers’ filter and send moderation email copy to your blog editors.

  • Germán

    Hi, i like very much your plugin, is very useful.
    I have a question:

    can i give permissions only to edit custom post types and not regular types (posts, pages)?

  • Hi,
    No, you can not, as there are no capabilities for the custom post types in WordPress capabilities list. Generally, it is needed to add new capabilities, and check them additionally anywhere where capabilities for regular types (post, pages) are checked. Somewhere it could be done with actions or filters, somewhere – the only possibility is to edit core WordPress code.
    User Role Editor plugin works with capabilites included already to the widest ‘Administrator’ role and allows to change those capabilities staff in the other smaller roles. Checking if a role has the capability or not, somewhere in WP code, is not the task of URE plugin.

  • rshartist

    I had looked everywhere to try find a tip about disable or hide visibility option such as sticky post, private, so I can allow author publish their own posts without requiring me to review post and publish for them. Any suggestion to allow me just hide that one tiny option.

  • t0n3

    Excellent to hear, Vladimir, I look forward to managing URE settings globally for all my network sites.

  • Thanks. My apologies for the delay with multi-site feature release. Time is a problem as always :). I will try to make it this month…

  • Grezes

    I have given the Editor role all the edit themes options and still anyone with the Editor role cannot manage themes. The “Editor” link under Appearances is not available. I also tried creating a role with all capabilities added and still the “Editor” option did not show up under Appearances.

    Running WordPress 3.0.4 in multisite
    URE: 2.2.2

  • I just tested that. The key capability is ‘edit_themes’. I tried it even with minimal ‘Subscriber’ role. If user has ‘edit_themes’ capability in his role, he should see ‘Editor’ menu item in the ‘Appearance’ submenu. Please check and let me know.

  • IldiW

    Hi, your plugin is a lifesaver, thank you!
    Could you clarify something for me and I’m sorry if it’s something obvious. What’s ‘private’ means in ‘read private pages’ or ‘publish private posts’? I have a few people running a community website and what they want to have is that only the person who published the page (not post) originally should be able to change it or delete it. Is ‘private’ good for this or is it something completely different? Many thanks!

  • Hi,
    Word ‘private’ in capability means that this functionality is available to the administrator or editor only. For example, setting the page visibility to private means that page are only visible to blog Editors and Administrators. Or with URE plugin for users with role which contains capability like ‘read_private_page’, etc.
    More details about that could be read here http://en.support.wordpress.com/posts/post-visibility/.
    By default only page author can edit/publish his page. User should have editor or administrator role to edit, publish, delete pages owns by others.

  • Thanks for the good words. It’s a pleasure to get such feedback from the plugins users. And thanks to Google Translate. I don’t know Spanish :).
    Can you please give me more details what do you mean when ask to implement ‘nav-menus.php”?

  • Albert

    Hola muchas gracias por responder, igual ocupo Google Translate! 🙂

    WordPress 3.0 trae la opción de crear menú, esto es a través del siguiente enlace “www.mysite.com/wp-admin/nav-menus.php”

    Usted puede añadir la opción para dar permiso a los usuarios a está opción y ellos poder crear su propio menú por favor, y muchas gracias.

  • Norman

    Thank you for a very useful plugin. I’m having trouble with one thing though. I would like a user with editor role to be able to update the plugins. Even though I’ve checked “edit plugins” and in fact everything else mentioning plugins, an editor still cannot see plugins at all in the dashboard.

  • For single-site configuration WordPress allows to work with “Plugins” submenu superadimns only. Look at the /wp-admin/menu.php line 182
    if ( is_super_admin() ...
    is_super_admin() function from wp-includes/capabilities.php checks if user has ‘delete_users’ capability for single-site configuration, line 1219:
    if ( $user->has_cap('delete_users') )

  • Alex

    Hi. I’m having the same problem. WordPress 3.0.4 Multisite. I edit the Editor role to include Themes but the menu doesnt appear and no changes seem to have been made. Is this a bug or is there anything i can do as a workaround? It seems to work fine on a single site install. Thanks

  • Ups! Important note – I have made test for the single site install only. My apologies to Grezes 🙂 who clearly marked that uses multisite installation. I will make another test and return with its result.

  • Norman

    Thank you for your reply. I gave the editor role ‘delete_user’ capability, but not ‘edit users’, ‘list users’ or any other user management role. This seems to work and the editor can now update plugins, but cannot see any other user than himself.

  • Grezes

    Vladimir, I just added a reply to the WordPress.org Forum. Basically when I enable Multisite, the “editor” option disappears. If I comment out the multisite options in wp-config.php, it reappears again. I can only conclude that URE does not work when multisite is enable in WP 3.0.4.

  • Grezes, I repeat here my answer from the WordPress.org forum, for other users convenience:
    You wrote about right facts. But let me do not agree with your conclusion. It is the strategy which WordPress developers selected – only network superadmin can edit themes under the multi-site configuration.
    I tested that under WordPress 3.1 Release Candidate 3.
    Just try it with your mult-site superadmin user and check the ‘Appearance’ menu under ‘Site Admin’. You will not see the ‘Editor’ menu item there, inspite of you have the superadmin rights. The ‘Editor’ menu item moved to the ‘Network Admin’ dashboard ‘Themes’ submenu under the multi-site configuration. It is included into the separate file ‘wp-admin/network/menu.php’ only and requires the ‘manage_network_themes’ privileges to see that submenu.
    In the ordinal aministrator dashboard menu ‘wp-admin/menu.php’ we see that the ‘Editor’ menu item is excluded apparently for multi-site configuration, see line 159:

    // Add 'Editor' to the bottom of the Appearence menu.
    if ( ! is_multisite() )
    add_action('admin_menu', '_add_themes_utility_last', 101);
    function _add_themes_utility_last() {
    // Must use API on the admin_menu hook, direct modification is only possible on/before the _admin_menu hook
    add_submenu_page('themes.php', _x('Editor', 'theme editor'), _x('Editor', 'theme editor'), 'edit_themes', 'theme-editor.php');
    }

    URE makes its work. It changes role as you wish. Only that functionality is declared for “User Role Editor” plugin. It doesn’t change anything else except role capabilities list. WordPress fully ignores ‘edit_themes’ capability under the multisite configuration if user is not the superadmin.

    Yes, URE does not support multisite environments, – but in that part only, that it writes changes to role for the current site only. You can not replicate role changes to the all sites of your network with one click in the version 2.2. But it will be possible in the next version. It is compatible with WP 3.1 RC 3 and it is almost ready. I should finish some tests yet before publish it.

  • Multi-site administration is available with URE version 3.0. Edit role under current blog, turn on ‘Apply to All Sites’ checkbox, press update – you’ve got it – role will be updated through all sites of your network. If role doesn’t exist for some site it will be created.

  • E Rapisardi

    I am using e-commerce plugin. Is there a way to add to list of functions the e-commerce ones?
    thanks

  • Generally, if a plugin adds its own capabilities or role to the WordPress role and capabilities set you will see and can manage them with the help of URE plugin. If a plugin uses some own capabilities internally, URE could not help you, as it works with WordPress built-in roles and capabilities storage only.

  • E Rapisardi

    thanks

  • Pingback: Is unfiltered_html capability deprecated? | ShinePHP.com()

  • jeremy

    I came across this Plugin when I was trying to find a solution to allow for one of my WP sites to allow for Roles in the WP-Admin so that I could have several users who only had access to edit only one page in the site. However, I keep getting an error when trying to activate the Plugin in WP:

    Fatal error: Allowed memory size of 16777216 bytes exhausted (tried to allocate 14592 bytes) in /vservers/kirklandmark/htdocs/new/wp-includes/class-simplepie.php on line 14233

    I’m using WP 3.1 and tried updating the wp-includes/default-contants, changing the WP_MEMORY_LIMIT from ’32M’ to something higher. Could there be something else that’s not allowing the Plugin to activate?

  • Daniele Raimondi

    Hi, I’ve updated the Italian Translation. You can find it here:
    http://www.w3b.it/download/User-Role-Editor-it_IT.zip

    Bye, Daniele.

  • Check your PHP memory_limit value. May be problem goes from there. Increase it if your hosting allows that. If not, let me know. We can exclude some extra code (ShinePHP RSS news section) from URE plugin. May be such “light” version will work on your site…

  • Thank you very much for help. If your have your own site or blog and wish to show its link with URE plugin, send me it, please.

  • Pingback: Wordpress Answers » Answers Archive » Re: User who can only moderate comments()

  • New version of Role Manager plugin released, more info @ http://www.nichewp.com/role-manager-plugin-for-wordpress.html

  • I don’t see this plugin at WordPress plugins repository search results. Did you upload it there?

  • keitai

    Tx Vladimir for writing this plugin, i hope it’s the plugin i need.

    In my case i want the editor role to be able to change the menu, so appearance>> menu’s would be accessable for an editor role. Is this possible with your plugin?? I might be overlooking something obvious

    Regards

  • Adding ‘edit_theme_options’ capability to the ‘Editor’ role could resolve your problem. But, please, be aware, that making this you give ‘administrator’ power to the users with ‘Editor’ role. Why? Because of they can easily modify PHP code in your theme and make all they only wish with your blog. Do you trust them enough for that?

  • Excellent my friend. Your plug in solved a major problem and is going to allow me to create a fully automated, dual mode film festival platform. Thank you for your efforts.

  • Thanks for such good feedback :).

  • Ryan

    Hi, I am trying this plugin and really liking it. Have an issue. The first time I created a role it was fine but now when I am creating another one its saying name should be in latin. What is does that mean?

  • Role name should contain letters of latin (consider English) alphabet and digits only, e.g. ‘cool_editor’, ‘strong_authour3’. It could not contain letters of national alphabet, as ‘сильный_автор’ or spaces and any special characters.

  • Hi Amanda,

    Could you please show screenshot of your new created role or list capabilities included to it here? I will try to reproduce and resolve this issue.

    Regards,
    Vladimir.

  • AJRM

    Hi I am testing the plugin with a view to use and donating but I have found a problem using with WordPress 3.1 , if i create a role that just enables all post roles, it somehow has lost th excerpt box on the standard WordPress posting form and edit existing post form is there a fix to this please? It seems great but as most blogging requires extensive use of excerpts unless this bug is resolvable will be difficult to stick with it. Thanks Amanda

  • Joshua Cary

    Love the plugin, however, I can’t seem to get the ability of “moderate comments” to work for any role. It’s checked for Editor, but doesn’t allow for mod comments. I’m using single site WP version 3.0.5.

    Thanks.

  • Comments menu are shown and edit-comments.php is accessible only for those users who have an ‘edit_posts’ capability. Use ‘wp-admin/menu.php’ file for your reference.

    Thanks,
    Vladimir.

  • AJRM

    Thanks for your response will send asap, had to dis-install but will show you on a test installation, I was using Headway Themes framework, so want to test it without that installed to check for a plugin conflict etc so I am giving you correct bug report. Thans again Amanda

  • Marikamitsos

    Hi Vladimir and thank you for the plugin.
    I want to upgrade my friends blog to wp3.1 from 2.9.2 where I have “Role Manager” installed.
    If I were to use your plugin would it pick up the changes and different roles I created there?
    Is it compatible and if so are there any steps that I should take?
    Thank you in advance

  • Hello Marikamitsos,

    “User Role Editor” stores its changes in the same place as WordPress does. So if “Role Manager” makes the same, these 2 plugins should be compatible.
    Just install “User Role Editor” and check if you see the changes you made with “Role Manager”. While you don’t press the ‘Update’ button you don’t change anything with “URE” plugin.

  • Dave

    Very good plugin – Suggestion: I do not want publishers posts to go live, and the only way that I can see for this to happen is to disable the entire comment system, then the posts go into draft. Can you please add draft options? ie: Draft_Publish – would go into draft until admin approval. Draft_Edit/Delet – author can edit their draft until published, then I have options set that they can not edit/delete once published.

    Thank-You

  • Thanks. URE works with existing capabilities only. I plan to realize functionality to add new capabilities in the future. But special logic should be realized in WP or other plugins code separately to check if user has that new capabilities or not.
    I just could recommend you to research comments systems plugins. May be you will find one with permissions system you need.

  • Anonymous

    Hi. Great plugin you made 🙂
    Quick question though – how long do the changes take? One of my author’s is trying something for me, and he can’t see the change. Any idea why?

  • The change should work immediately. Could you tell me what did your author do? And how URE plugin was used to help you?

  • Doug Cuffman

    This plugin simply rocks! I run a Buddypress-powered community and was able to easily allow everyone to be able to post blog posts! I was also able to set the default user group (so when someone joins the community) they can make blog posts as well! Really, really nice plugin with granular-level permissions controls!

    Thank you for your hard work on this! 🙂

  • Thank you very much for your appreciation :).

  • Jack

    Thank you very much for this plugin! I just have a question. I would like to run wp multiple sites, and allow users to change the background only.
    From the plugin, I found that users can change themes, and themes options, but not background. Can you please show me how to do this? Thank you.

  • Thank you, Jack.
    Its a pity, but you can’t realize your task with the help of URE plugin. WordPress checks the same ‘edit_theme_options’ capability before add ‘Background’ item to the Appearance submenu. You can look at /wp-admin/custom-background.php at line 64. You need some more advanced plugin to achieve your purpose.

  • Signyourbikeout

    Hello,

    Is it possible to query the created user roles using the wp_query object or another method with this plugin? I’d like to create lists of authors in different categories using multiple loops.

    Thanks!

  • Hello,

    I think this query could give you a hint:
    SELECT user_id FROM `wp_usermeta` where meta_key='wp_capabilities' and meta_value like '%author%';
    It gives you the list of user_id who has needed role, just change ‘author’ to your custom role name.
    Regards,
    Vladimir.

  • Mike

    I’m wondering if there is a way to create a role that can add, view and edit only specified users instead of just all lower users in general.

  • Signyourbikeout

    Thanks for the reply, I will look into implementing this.

    Is it something that is possible to hook into the main wp_list_authors function? For example: wp_list_authors(‘ure_userrole=%author%&orderby=post_count’); ?

  • Unfortunately, URE couldn’t help you with this task. It is more special task then URE is developed for.

  • Anonymous

    Hi Vladimir,

    I see options to allow/prevent users to: “Activate Plugin”, “Install Plugin”, “Delete Plugin”, “Update Plugin”, “Edit Plugin”…why is there no option for “Deactivate Plugin”.

    I want a user to be able to add and activate new plugins..but I would rather they didn’t have the option to Deactivate the URE plugin for obvious reasons.

    Any ideas?

    Thanks again,

    Tariq

  • Hello Gray,
    Thanks for your message. Why do you think that the reason of error you report about is User Role Editor plugin? URE plugin just changes roles capabilities in its standard storage (WP DB table). All other work in this situation makes WordPress and nav-menu plugin itself. So the problem is more related to the nav-menu plugin in this case.

  • Hello Gray,
    Thanks for your message. Why do you think that the reason of error you report about is User Role Editor plugin? URE plugin just changes roles capabilities in its standard storage (WP DB table). All other work in this situation makes WordPress and nav-menu plugin itself. So the problem is more related to the nav-menu plugin in this case.

  • Thank you for letting me know.

  • Hello Tariq,

    This question is for WordPress developers :). URE works with existing capabilities only for this moment. User who has ‘activate_plugin’ capability, can deactivate them too as it is realized in WP now. Two in one.
    Double think please. If you give user ability to add new plugin. He can get administrator role easily – via plugin code user has full access to your blog database including user roles and site file system. You should trust such user enough. It is easier to give him Administrator role at once :).

    Regards,
    Vladimir.

  • Pingback: WordPressで階層のある会員サイトを作るプラグイン2つ | ロードスター・ラボ(Roadster Labs)()

  • bvde

    Hi Vladimir, since update to 3.03 there is this report.

    Parse error: syntax error, unexpected ‘&’, expecting T_VARIABLE or ‘$’ in /…/wp-content/plugins/user-role-editor/ure-lib.php on line 543

    Is there something i can do about it?

    bvde, Holland

  • line 543
    foreach ($myArray as &$myValue){
    is not working under PHP4. Is it possible for you to switch on PHP5? Providers offers PHP4 and PHP5 simultaneously often. It is just a configuration parameter value question. Switching to PHP5 is a recommended step, if you doesn’t use some software which works under PHP4 only. Read this articlesPHP 4 and MySQL 4 End of Life AnnouncementVersion 3.2 Project Schedulefor your reference. It seems that people who didn’t not switch to PHP5 could not update to WordPress 3.2 in July 2011.

    In case you can not switch to PHP5 change function ure_ArrayUnique in ure-lib.php to this one:


    function ure_ArrayUnique($myArray) {
    if (!is_array($myArray)) {
    return $myArray;
    }

    foreach ($myArray as $key=>$value) {
    $myArray[$key] = serialize($value);
    }

    $myArray = array_unique($myArray);

    foreach ($myArray as $key=>$value) {
    $myArray[$key] = unserialize($value);
    }

    return $myArray;

    }
    // end of ure_ArrayUnique()

    It is compatible with PHP4.

  • Alainwoll

    I test this plugin that I found very successful, thank you. I use Nexgen Gallery and I find the roles that
    I want. However there is an important point that is not treated certainly by inventors Nextgen is that of limiting access images published and edited for the sole owner of the gallery.Today you can not manage the gallery for by someone other but the inconvenient is that images can be seen and used. It’s really weird. Can you do something? Thank you for your reply. Excuse me my english, i’m french…

  • Hello,
    No problem with your English. It is quite good for me – I’m Russian :).

    While Nexgen Gallery developer not add special capability or role to achieve your purpose, URE plugin can not help you. As you could see it just help to manage list of capabilities included to the roles. All other work (allow access, deny access) is made by WordPress and other plugins themselves.

  • Begisek

    Hi Vladimir! I admire URE a lot. Is there any easy way for a specific plugin (I have written) to appear in a list of rights/checkobxes? Allow or disallow to access plugin menu would be sufficient.

  • Mark

    I am having a similar error when trying to install your User Role Editor Version 3.0.4. I have WordPress 3.1.1. But not sure how to check if I have PHP4 or 5.

    Plugin could not be activated because it triggered a fatal error.

    Parse error: parse error, unexpected T_STRING, expecting T_OLD_FUNCTION or T_FUNCTION or T_VAR or ‘}’ in /site/wp-content/plugins/user-role-editor/ure-lib.php on line 562

    Thanks for any help you can give me.

    Mark

  • Hello Begisek,

    Look at the WP_Roles class at wp-includes/capabilities.php and it has API to manage roles and capabilities. Method add_cap() will help you.

    /**
    * Add capability to role.
    *
    * @since 2.0.0
    * @access public
    *
    * @param string $role Role name.
    * @param string $cap Capability name.
    * @param bool $grant Optional, default is true. Whether role is capable of performing capability.
    */
    function add_cap( $role, $cap, $grant = true ) {

    If your plugin adds some capability to the Administrator role, it will be shown in the capabilities list by URE plugin. Of course, it is your plugin’s responsibility to check if user has or not that capability and make correspondent decision.
    WP_User->has_cap() method could help here.

    Regards,
    Vladimir.

  • It seems that code is still not fully compatible with PHP4.
    Open ure-lib.php, go to line 562 and try to change
    protected $column;
    there to
    var $column = 0;
    and check if it helps.

    To check your PHP version put file e.g. pi.php with this content:

    <?php
    phpinfo();
    ?>

    to your site and call it from the browser, e.g. http://yoursite/pi.php
    You will see all needed information about your PHP installation there.

  • No, URE plugin couldn’t help you with this task, as WordPress doesn’t have such built-in functionality.

  • Great plugin!

    What would I need to check off to allow Authors to edit the Description of Tags? Can’t figure out which one it would be, and I don’t want to open things up too much.

  • bvde

    Thanks for your advise. I changed to PHP5.3 works now.

  • dantas

    Hi,

    Your plugin is a brilliant idea and looks really cool… but unfortunately I must be doing something wrong here that is making it NOT work. We have WordPress 3.0.5 with Multi blog/sites and I just network installed the verison 3.0.4 of User Role Editor Plugin. I created a new role and no matter what capability I select in the list the user will only see the Dashboard, My Sites and Profile… I can mark all the roles and it will be the same. I also tried to modify a existing role such as Editor to be able to edit plugins… but unfortunately it won’t change anything for the user….

    This plugin will be very useful when I figure out what I am doing wrong… Thanks for making this!

    dantas

  • Thanks.
    Hello Dantas,

    It seems that a user still has ‘Subscriber’ role assigned.
    1st, check if user has the same role assigned as the role you edit.
    2nd, in multi-site environment URE plugin works with one current site by default. So you need to check changes for the user of the same site under which you changed the role staff.

    Regards,
    Vladimir.

  • Thanks.
    ‘manage_categories’ capability allows users to edit tags and categories including its description.
    There is no built-in function in WordPress to allow users to edit the tag description only. I think it could be realized with plugin.

  • andrzej.kuca

    Hello,
    I have problem with users level. I add role subscriber to level 1, but when I check on MySQL users on my site have levels 0. How can I fix this?

  • Pingback: 5 Robust WordPress Roles and Access Control Plugins | Queness | JC()

  • According to this article http://codex.wordpress.org/User_Levels
    were replaced by Roles and Capabilities in WordPress 2.0, and were finaly deprecated in WordPress 3.0. Capabilities has advantage against user levels. From WP 3.0 there is no need to check them to add to role new functionality.

  • Anonymous

    In the role “Editor” the TinyMCE Editor doesn’t allow all the advanced functions. I’m running WP 3.1.1 What to do?

  • Hello,

    Thanks!
    It could to seems strange but in order to delete media user should have ‘delete_posts’ capability (look at wp-admin/includes/media.php line 1291).
    To see ‘Appearance-Menus’ menu items user should have ‘edit_theme_options’ (consult wp-admin/menu.php line 152).

  • Please give me 1 or 2 examples. Screenshots are better. I counted the same 15 buttons at Visual TinyMCE editor as for user with Administrator role, as for one with ‘Editor’ privileges and don’t see the difference to this moment.

  • Anonymous

    Hello. Is there a way to restrict authors to the level of subscribers, but still have them receive email notifications of new comments?

  • Vladimir Garagulya

     Hello.
    I didn’t find post author user role checking in the WP comment notification code (wp-includes/pluggable.php – function wp_notify_postauthor() ). So I suppose that post author will continue get email notification even you change his role from the Author to Subcriber. Did you try that?

  • Anonymous

    Initially, it didn’t work. But then we gave authors user level access 1, 2, and 3, but unchecked almost all the boxes. This SEEMS to have worked, but it might take some time to see. Thanks for getting back to me, though. If the plugin keeps working well, we’ll be donating soon!

  • That’s strange. Thanks for sharing. Generally WP developers declared that user levels are deprecated in WordPress 3.0 and are still there just for the backward compatibility (with old themes and plugins). We should use roles and capabilities instead of user levels. Your experience shows that desired thing is not always a real one :). In any case we know where WordPress permission system go.

  • Lliam

    I used this plugin to make a user role (named “User”) which can add posts and add users. I’d like to be able to make it so that “Users” can only add “Users” and can’t add “Editors”, “Authors”, “Contributors”, etc. Is there a way to do this?Thanks!
    Lliam

  • Anonymous

     I would really like to use this plugin to show just my ‘WP-Property’ plugin in the admin area to a certain user type. Basically everything else hidden, I just want people to be able to add property, not play around with posts/pages etc. Can this be done? 

  • According to WP-Property code, property is a custom post type, that is to add new, edit/delete existing property the same WordPress code is used as for posts. It is impossible to work with properties without ‘edit_posts’ capability. Thus some additional code via functions.php or other plugin is needed to prohibit such user (with new role e.g. Property-Editor) work with posts/pages, hide menu items and allow to work with properties only.

  • If you have some PHP knowledge then read this article
    Disallowing Users of a Custom Role from Deleting or Adding Administrators
    It could show you the right direction.

  • Lliam

    Okay, thanks for the help! 🙂
    Lliam 

  • Pingback: 5 WordPress Roles and Access Control Plugins | 39Articles()

  • Lliam

    Is there a way to delete user roles?
    Thanks!
    Lliam

  • Use ‘Delete Role’ box for that. If you don’t see role in the drop down list then it is still in use. Find user with that role and assign him other role 1st.

  • Lliam

    I can see any delete role box 😐 Where is it?
    Lliam

  • Here’s what  I’m trying to do: I would like to have the Editor Role be able to change the theme. However in my Multisite environment, I have change_themes checked as well as User Level 7. Then the Appearance menu doesn’t show up. I went back, checked level 8 for Editor, now the Settings menu comes up, and I don’t want them to have access the their site settings. 

    It seems to me like the Level 8 and change_themes options conflict with each other. Should I uncheck all of the levels and just go with the capabilities?

  • Try to add a new role. You will see ‘delete role’ box then. You can delete any self-created role when it is assigned nobody.

  • I think you can. According to the WordPress codex: “User Levels were introduced in WordPress 1.5, they were replaced by Roles and Capabilities in WordPress 2.0, and were finaly deprecated in WordPress 3.0.” – http://codex.wordpress.org/User_Levels
    If it’s not difficult, let us know the result of your test.

  • Lliam

    Found it! Thanks! 
    Is there a way to delete the roles that came with wp such as author or editor?Thanks!Lliam

  • Omid

    first thank for your great plugin,
    but now, how to restrict
    users in a new group to view only own post in wp panel?

  • Rick

    Thanks for your reply. Is there no way to give only a restricted access to the ‘menu’ items inside the appearance menus? I’d like to keep the rest hidden.

  • Read this post How to block WordPress admin menu item and following comments. It could show you a way how to realize that.

  • Thanks for the User Role Editor plugin
    It is almost everything I need for a client I am setting up as ‘Editor’
    However it does not allow me to restrict the following two plugins:
    ‘Simple History’ plugin (http://eskapism.se/code-playground/simple-history/) N.B can a better Audit trail plugin be recommended that would work with your plugin???
    ‘Contact Form 7’ plugin (http://contactform7.com/)
    I don’t want the client to be able to remove any of the Simple History Audit trail or to alter any part of the Contact form.
    Can your plugin help with these matters.

    Best regards and thank you again for a very good plugin.

    quintain

  • OKaaay, following my last long comment, I have played around much more with the settings and have removed both the Simple History & Contact 7 details from Editor role. All I have to do now is try and retrace my steps to see how I done it !!!
    quintain

  • Good! Please share with us your experience.

  • Mikkie

    Hello Guantain…I’m dieing to know how you did it…I’m stuck there too.
    Thanks in advantage

  • Pingback: How To Customise Your WordPress Dashboard()

  • Rmra

    Is it possible to give authors the permission to edit the widgets via this plugin?

  • Yes, it is possible with the help of User Role Editor plugin. Add the ‘edit_theme_options’ capability to the Author role and see what your author user will get additionally.

  • Rick

    That worked like a charm! Thanks

  • Hello,

    Yes, It’s strange. What version of WordPress do you use? I appreciate if you describe your actions to repeat this. I’m ready to reproduce situation on my test site, found and fix the problem.
    Read this post “How to change WordPress user role capabilities” to know where in the database WordPress stores user roles.

  • Guest

    It would be great if you could explain what the levels are or take them out completely as I’m not even sure what purpose they serve. Other than that this is great.

  • Thank you.
    This article may help you http://codex.wordpress.org/User_Levels
    While levels are included in the standard WordPress roles URE plugin will show them. Some confusing is possible if I will hide levels for role which have level_10 included. Some themes or plugins could still use that levels system, but you will not see the real picture, if I just hide levels capabilities.

  • jaypryme

    This is a great plugin, but my question is was it ever revealed how to disable certain plugins? 

  • Thanks. Yes, but not directly.
    You can add new capability, e.g. ‘permit_plugin_X’, add that capability to users, which you wish to permit using of plugin X. Then use code below to check if user has that capability or not:

    if (!$current_user->has_cap('permit_plugin_X')) {
    echo 'You have not permission to work with this plugin!';
    return;
    }

    You can insert that code into plugin main .php file at very begin. It is not the best solution as you will lost your changes after next plugin update.
    You can use technique from this post How to block WordPress admin menu item and add code needed to your theme functions.php file to block plugin_X menu items.

  • Andrzej

    I would change some settings on my website and i see this error:

    Fatal error: Maximum execution time of 40 seconds exceeded in /var/www/html/en.hakin9.org/wp-includes/user.php on line 1205Please help me resolve this problem.

  • Code line is from WordPress core code, so it says nothing for this moment.
    Describe what did you do to get that error, please. What version of WordPress do you use?

  • Storm

    Hi,

    This looks really useful. I’m looking for a plugin to edit contributor permissions. I want contributors to:
    1. Be able to add own graphics – I see your plugin can do that
    2. Not be able to see or read other draft/pending posts – can your plugin do this?
    3. Not be able to read comments awaiting moderation – can your plugin do this?
    4 Is it compatible with WP Hide Dashboard, or can your plugin hide the dashboard? 

  • Hello,

    1. Include ‘upload_files’ capability to the ‘Contrubutor’ role and user contributors will be able to upload and insert into post their own images and media.
    2. Contributor sees his own posts only – it is default WordPress behaviour. You need not change anything here.
    3. No you could not manage just changing capabilities list in the role. You need some additional code (plugin) to hide unwanted comments. As I can see, contributor may see all comments now, in any status.
    4. User Role Editor is compatible with any plugin. If it is not – you found a bug – report me about it please. Why I’m so sure? URE is an interface to manage WordPress roles and capabilities storage, nothing more. So if other plugin uses the same standard WordPress capabilities storage – that plugin is compatible with URE and vise versa.

  • David M-M

    Hi Vladimir,

    I want to keep user roles like ‘editor’ from editing the Dashboard, but when I leave the ‘Edit dashboard’ unchecked and save it, an ‘editor’ can still change it using the ‘Screen Options’ button.  Is this behavior correct?  Please advise.  Thanks!

    David

  • Hi David,

    Thanks for the good question.
    Yes, that behavior is correct. Please read this post to get more information about “edit_dashboard” capability. WordPress doesn’t limit user from hiding widgets available to him. You need some special hacks possibly to achieve that.

    Regards,
    Vladimir.

  • Hi, and thanks for the useful plugin.
    I was wondering if there is a way to allow Editors to add and edit users but only on lower levels? I’d like to give Editors the ability to add and edit Subscibers but not other Editors.

  • Could you please describe in details what do you wish to achieve?

  • Hi,
    It is possible, but need some additional coding. If you are comfortable with that you can check how I block other users from editing Administrator user and assigning Administrator role to other users at the user-role-editor.php. Look at the filters
    add_filter(‘editable_roles’, ‘ure_excludeAdminRole’);
    add_filter(‘user_has_cap’, ‘ure_not_edit_admin’, 10, 3);
    and functions which are used there. You can add similar code for ‘Editor’ role into you own plugin or active theme functions.php file.

  • Hi,

    There is no any restriction to Editor for deletion of own uploaded files. Do you see “Delete Permanently” under Media Library Items uploaded by the editor user?
    If your editor can not delete its own uploaded file I suppose there is some problem with file permisssions. May be it was re-uploaded with FTP and changed owner, etc. Compare files owner and permissions for file which you can not delete and file which you can delete.

  • Bgunsberger

    Hi Vladimir,

    Thanks for the response. If I upload a file as an editor through the normal WP upload gui, I don’t get the ‘Delete Permanently’ option for it, even though I do for other user’s files (even ones uploaded by ‘admin’ users). Admin users do get the ‘Delete Permanently’ link for all files, including ones uploaded by editors.

    I checked and the ownership and permissions are exactly the same.  

    Thanks,

    Ben

  • It seems I isolated your problem. At least I can repeat exactly the same situation. If I exclude the ‘delete_posts’ capability from the ‘Editor’ role he doesn’t see “Delete Permanently” link under his own uploaded image, but see it for others. Compare you Editor role capabilities with standard WordPress Editor role. Especially check if it has ‘delete_post’ capability included.

  • Bgunsberger

    That’s it! Thanks so much.

  • Bgunsberger

    That’s it! Thanks so much.

  • Pingback: 5款wordpress用户权限管理插件推荐 | Leafiy™/一切好玩的/新鲜的/Hear your voice-Clear your sight()

  • DeNieD

    Sorry, but “has_cap” is not deprecated?
    I’m using “quote collection” plugin and I would restrict it to “qt_permission”, created by URE.
    How can I do?
    The plugin quote collection define $admin_userlevel = 7 and then

    function admin_menu()
    {
        global $admin_userlevel;
        add_dashboard_page(‘QT’, ‘QT’, $admin_userlevel, ‘QT’, ‘quotes_management’);
    }

    So, I can set a number but not a “capability”. Can you help me? tnx

  • Msmays03

    Hello. I have the role editor and one of my plugins has a tab of its own on the dashboard. But it doesn’t show when i check any of the plugin options. I would like the “editor” to be able to change options on the ‘calendar’ plugin, but it doesn’t show. Which boxes should be checked?

  • Hello,
    please give me more detailed information on your problem:
    – exact name of plugin or link on wordpress.org to it;
    – what do you wish to see, when you are checking options? Options from what plugin, ‘calendar’ or ‘User Role Editor’?
    – what user role you use when you don’t see something from ‘calendar’?
    – other details you have.

  • No, it’s not deprecated. You can use wrapper function current_user_can(‘qt_permission’) instead, if you wish.
    Using user levels is deprecated really.
    This is debug output from ‘quotes collection’ plugin version 1.4.4:

    Notice: has_cap was called with an argument that is deprecated since version 2.0! Usage of user levels by plugins and themes is deprecated.
    Use roles and capabilities instead. in quotescollection_admin_menu() wp-content/plugins/quotes-collection/quotes-collection.php:333

    Row # 333 is that you mentioned above:
    add_menu_page('Quotes Collection', 'Quotes Collection', $quotescollection_admin_userlevel, 'quotes-collection', 'quotescollection_quotes_management');
    Thus if you replace $quotescollection_admin_userlevel there to the ‘qt_permission’ it will be a step that WordPress is wait from this plugin developer and you can make it :).

  • Hi there. First of all: Thank you for this great plugin, working perfectly on a friend’s blog. However, when installing and activating it on my blog (WordPress 3.1.3, Dark 3Chemical DE theme), no menu entry appears, i.e. I cannot access the plugin settings themselves. Any idea what I can do to make it appear on my dashboard / settings / wherever the settings menu should appear? Big thank you in advance!

  • Hi,
    if your WordPress is configured as multi-site you should log in as a super-admin user. Only if you have super-admin privileges you can see URE plugin settings menu under the ‘Users’ submenu of any site of your network.

  • Am not running WordPress as a multi-site. Tried it with the different admin users – including the original admin when installing WordPress, but the menu is unfortunately nowhere to be found.

  • Are there any error messages during plugin activation? Is it active?
    If it is active, what’s about ‘Settings’ menu item under URE plugin row at the plugins list after click ‘Plugins’ menu?

    Try to deactivate all plugins except User Role Editor and reactivate it. If you will see its menu then activate rest plugins back one by one to isolate the conflict in anyone exists.

  • Plugin is active, no error messages during installation or activiation – tried the installation both via the wordpress plugin install mode and via manual ftp upload. No ‘settings’ menu iteam under URE at the plugins list – only option to deactivate.

    Tried deactiviating all plugins, User Role Editor menu still didn’t appear.

  • I could play with it on your site tomorrow. I will need to have admin access to the WordPress dashboard to trace the problem. FTP access could be critical if something goes wrong while I change the code of the fly. If this suitable for you send needed to login data to my email from plugin readme.txt file or via this site contact form. 

  • Anonymous

    Hi and thanks for a great plugin! I was wondering if there is any way to configure this plugin to allow Editors to modify custom menus? 

  • Mpicon

    Hi, I’m having the same issues as Walter Kraus in the comments below.  I’ve successfully installed your plugin on a site hosted by GoDaddy, but over at HostForWeb I’m seeing the same problem as Mr. Kraus.  Did you have any luck with finding the problem?

  • Hi,
    No, that problem is not isolated. Mr. Kraus didn’t contact me more. I can not reproduce such situation at my sites and thus, can not find the reason. If you have site with such problem where you could allow me admin access I’m ready to investigate this issue.

  • Hi,
    ‘edit_theme_options’ capability is needed to the user in order he can modify theme menus.

  • Thanks for suggestion. Yes, it is possible. I will add such option to one of the next updates.

  • Class Blogs

    Awesome, plugin and thank you for creating it. Is it possible to have User Role Editor add your new role(s) when a user registers for a blog instead of having to update it manually every time a new blog is created? Thanks.

  • Hilary Albutt

    I normally use  this plugin  but upon updating to 3.2  it only shows  a  blank  admin settings page. 

  • Please, tell me, do you have a large quant of registered users at your blog?

  • Hello Vlad…  I suspect this has been asked before. I checked the search box but cannot find any good information.
    Problem.  I have a plugin (Events Manager) that I need to allow say a custom role have access to.  They need to see the listing of customers that have paid for the event. There is a log link in the plugin but of course you need ADMIN level prevledges to get access.  I of course want to restrict access to other plugins.  Is there a way to do this in Role Manager with some code edits or in to edit the plugin itself to be able to allow access to a custom role ??

    Any help would be appreciated…  John,

  • Hello John,

    Please give me more details about, what do you wish to achieve. Do you use Pro version of “Event Manager” plugin? I downloaded and install its free version. I see that it has built-in functionality to assign/remove its own capabilities to existings WordPress roles. It shows full list of roles, including custom created roles too.
    Help me to find ‘log link’ in “Event Manager” plugin. I will check what you need to show it for a custom created role.

  • Class Blogs

    Wow, that is awesome! Thanks.

  • Hi, cool plugin! But I can’t figure out how to give an Editor permission to add, remove, and edit the Widget area. Can you please advise? Running very latest versions of WP and your plugin.

  • Hello, thanks.
    Try to add the ‘edit_theme_options’ to his user if you wish to give him this capability personally, or to the ‘Editor’ role, if you wish to give this capability to all your editors at once.

  • But wouldn’t that give him the ability to edit the theme files? I’d like him
    to only have the Widgets area available to him…

  • Yeah, that gave him permission to edit Themes, Widgets and Menus under the Appearance section. What I’d like is to only allow permission to edit Widgets under the Appearance section. Any ideas?

  • That gives him ability to edit theme options only. In order edit theme files user or his role should have ‘edit_themes’ capability.

  • If I add the ‘edit_theme_options’  to his user or role as you suggested, it gives him permission to edit Themes, Widgets and Menus under the Appearance section. 

    What I’d like is to allow his user or role to have permission to edit *only* Widgets under the Appearance section. Any ideas?

  • Its a pity but all three menu items uses the same capability – ‘edit_theme_options’ to secure itself.
    In order to hide and block ‘Themes’ and ‘Menus’ menu items from your editor it’s possible to use technique similar to described in this post
    http://www.shinephp.com/how-to-block-wordpress-admin-menu-item/
    Tell me if you need further help.

  • Please try this 3.2 beta version 
    http://www.shinephp.com/user-role-editor-wordpress-plugin-3-2-beta/
    I’m interested if you see Settings page with it.

  • You can download 3.2beta version and give it a try
    http://www.shinephp.com/user-role-editor-wordpress-plugin-3-2-beta/
    Please do not forget to make fresh backup of your WordPress database before start testing.

  • I got some complaints on the PHP script execution timeout after trying to open Settings page of User Role Editor plugin. Could you try 3.2beta version from link below?
    http://www.shinephp.com/user-role-editor-wordpress-plugin-3-2-beta/
    Is something changed with it?

  • Pingback: Acknowledgements » Cook Like a Guy()

  • Sorin

    Hi. This is a great plugin indeed. 

    Is there a way to allow a user to only edit certain menus and certain sidebars?

    Thanks.

  • Hi, thanks.

    No, User Role Editor help to manage role’s or user’s capabilities stuff. It doesn’t manage those capabilities usage. That’s made by WordPress itself, themes and plugins. Permissions to edit only certain menus and sidebars could be built in into theme code. Something like:

    if (!current_user_can('super_theme_edit_menu_1')) {
    echo 'You have no permission to edit this menu';
    return;
    }

  • Eric

    I’m trying to figure out the same thing.  The “edit_theme_options” worked to give the user widget access. 

    I tried followig the steps here from the link below but that appears to block a whole menu.  Wondering on how to block just “themes” and “menus” submenus from appearance.

    http://www.shinephp.com/how-to-block-wordpress-admin-menu-item/

    Thanks for any help!

  • In order to hide and block ‘Themes’ and ‘Menus’ submenu items of the ‘Appearance’ menu you should unset
    $submenu[‘themes.php’][5] and $submenu[‘themes.php’][10] array elements and also block access to ‘themes.php’ and ‘nav-menus.php’ files.

  • Eric

    That worked.  Thanks so much!

  • Sean Grimes

    I like the plugin, but I don’t like how wordpress sets it so that contributors can view other peoples drafts, pending post, etc. I only want contributor to be able to login and view/edit their own post or comments. Is this possible with your plugin.

  • You can limit visible posts list with user created and published posts only for users with roles ‘contributor’ and ‘author’ inserting this code into your theme ‘functions.php’ file

    function mine_published_only($views) {

    unset($views['all']);
    unset($views['draft']);
    unset($views['pending']);

    return $views;
    }

    if (current_user_can('contributor') || current_user_can('author')) {
    add_filter('views_edit-post', 'mine_published_only');
    }

  • Class Blogs

    @shinephp:disqus Thank you for adding the multisite information where every blog gets the role(s) from the main blog. It works great, and I am very greatly for you taking the time to add that feature.

  • I have a user set as a contributor.  He can’t moderator site comments any thoughts as why?

  • Yes, you submitted this question already, but to the shinephp forum at
    http://shinephp.com/community/topic/editor-role-cant-edit
    Read my post and give me little more details. It is for your choice where you will send your answer, to forum or to this discussion board.

  • Key capability which WordPress checks to decide if user can moderate comments or not is – can user edit this post or not. Published post could be edit by its author, editor and administrator. Thus those three roles  can moderate comments, author – for his own posts only.

  • Samuel

    Hi Vladimir!

    I like very much your plugin, it seems so “clean” and just do it his job pretty well 😉

    I think it only lacks two little improvements:

    – Option create a new role duplicating an existing one. This will make much more friendly to create new roles having similar capabilities to existing ones.

    – Override role capabilities in user profile. For example, at present you can’t remove “create posts” capabilities to a specified user that have the “author” role. This is possible using standard WP user/role/capabilities (older plugin “Role manager” does).

    Thank you very much for your time! 😉

  • Hi Samuel!

    – Yes, option to populate new created role with capabilities from existing one is on of the first suggestions I will realize in one of the next updates.

    – I don’t want create mess with role assigned to the user with such overriding feature. That’s why I disabled checkboxes with user capabilities inherited from the role. Actually if you select ‘No Role for this site’ you can assign to the user any capability in the current version already. I will add an option to save capabilities checked from the previous role when you select ‘No Role for this site’ and we will can “override” role staff this way.

    Thank you for the good words and useful suggestions.

  • It seems you make your tries at the multi-site WordPress. Only user with super-admin rights can add new users to the network in the multi-site environment. Even site administrator can add existing user to his site only.

  • Kaelindesign

    Would there be a way to set user roles on a per plugin basis? For example, let’s say I have a news letter
    Plugin that has a menu under settings. I need to access the menu, but my editors (clients) don’t. The rest of the settings menu is fine, just this one menu needs to disappear for editors. Any ideas?

  • Generally, this decision is made by plugin author in the code line which added menu item for the plugin. 
    The call of add_submenu_page() function should be somethere. This function takes user capability as parameter to check if user can use this plugin or not.
    If you send here the download link for plugin you use, I can look in the code and give you more exact instruction.

  • Louise

    After installing this plugin, logged in as a user with a custom user role, trying to click on edit posts / edit pages goes to either a blank time out page on safari, or firefox attempts to download edit.php…. any ideas why?

  • Louise

    NB: to the previous comment I made. The problem is definitely related to this plugin. I changed said user from a custom role to an editor and, even as editor, errors occurred when trying to open the admin page “posts” / “pages” (i.e. edit.php). When I deactivated the plugin, this user was able to access “posts” / “pages” (i.e. edit.php) again.

  • Thanks for your message, Loise.
    It’s very strange situation. I’m sure that ‘User Role Editor’ doesn’t control any WordPress hooks (filter or action) except two (new blog creation in multi-site network, and Users list). In other words, it works only when you click on its link under ‘Users’ submenu. Thus, it could not prevent posts/pages list opening.
    If you have test site where this situation could be repeated and you can send me login credentials (use this site contact form) I can try to find the reason of a problem in place.

  • terry

    this is awesome! now i can have multiple freelancers working on posts on my site and not worry too much about them going postal and deleting everything!! O.o

    Not that that would happen because I pay them on time and very nicely.. but I just had this one girl mess with me (she stopped working for me a while ago but we are friends still). she logged into her account and changed some pictures around and sent me an email saying good luck finding it loll

    well I found them and all she did was update the pictures free of charge, but either way she did expose a flaw in the system in which a person who works for me could screw me over by deleting everything or adding hidden links to their own sites

    my site is my bread and butter $$$ wise and I need to protect it like its my baby or something lol

  • Thanks for sharing it with us :).

  • Louise

    Thank you for the reply, I will continue to look for the problem.

    The only other cause I can think of is that directly before installing this plugin I tried to use another plugin called Capability Manager, which I had used on another website before with no problems at all…
    however…since then I think the developer of CM has stopped developing it and either the new version of wordpress or new version of the plugin has done something?
    I guess the problem might not have appeared at this stage because the plugin itself seemed to be broken so I removed it pretty quickly but maybe it was from that? Again, admin role is untouched, only other custom user levels had problems… :S
    Sorry I don’t have a link for you to look around.

  • Thanks for the information. Please let me know about result of your investigations.

  • Tom

    Vlad – nice job on this plugin.

    Question: any idea what could be causing a setting to revert back to its default state **after** it’s been saved, tested and confirmed to be working? We’re only using the plugin for one custom setting on one particular user level: unfiltered_html.  By default this setting is disabled for the user role. We can enable it, save it, test it, and everything works fine…. But later on it reverts back to the disabled state. (By “later on” I mean sometimes minutes, sometimes hours.) It showed as being disabled 17 of the 25 times I’ve checked on it over the last few days. 

    Have you heard of anything like this before? It’s a brand new rental property site (WooThemes’ “Listings” theme) and only 2-3 other plugins are installed, so I’m stumped. Users can’t submit property listings when the setting is disabled – so I need to figure this out. Thanks in advance for any advice/help.

  • Hi Tom, thanks.

    No, there is not any signal from other users about such behavior. If role data modified it should be left in that state while you don’t touch it.

    I have a guestions:
    1st, Is your WordPress installation configured as multi-site network? For multi-site installations User Role Editor has option to apply role change from any site to all sites of a network. Is it not your case?

    2nd, are there any other users except you with administrator privileges?

    Btw, are your site users – persons who you trust? Do you moderate all posts before publish them? I saw somewhere at wordpress.org information that if you switches ‘unfiltered_html’ on, it is just time question when your site will be compromised via submitting some dangerous javascript, which could theft cookies, etc.

  • Tom

    No, it’s not a multi-site network. Yes, there are two other admins (developers) but they haven’t touched it. And aside from admins there is only one site user so far. (We just launched the site the other day.) We’re using a directory-style theme that comes preinstalled with a custom post type called “Listings.” To create a listing, a site user simply fills out a form, uploads a photo and submits it. (Site owner can choose whether users must register first, whether listings must be approved first, etc). Upon registration a user is assigned a custom user type called “Listings Contributor”, which is part of the theme. (This is where we’re using the plugin.) A Listings Contributor is very similar to WP’s “Contributor” user level.So it’s basically a directory/classifieds hybrid type theme (like Craigslist) that is being used for things like car listings, events, vacation rentals, product reviews, and other user-generated content types of sites. For example, this one is about “beer destinations” http://theroamingpint.com/blog/ and this one is a directory of auto repair shops http://ocautocoupons.com/Here’s the main theme page that shows more information (in the list of features) about “Upload a Listing page template”: http://www.woothemes.com/2010/12/listings/Thanks for the info about the unfiltered_html dangers – I had no idea. I’ll pass it on to the developers.

  • I offer to ask your developers to check theme source code, where and how it creates custom user role “Listings Contributor”. It probably recreates/restores it for some conditions, thus you loses your changes.
    Some plugins doesn’t save their custom capabilities to the WordPress database, but added it per every URL request to the existing roles, so called virtual capabilities. That is if you deactivate such plugin you will not see its capabilities in the roles. May be your theme works this way too.

  • hi,

    plug in is supper, but . . .

    we would like to have option so Subscriber can edit pages and post with exact ID,
    like he have access only to post-ID= 3, 566, 860 and page-ID= 1, 6, 10, 9999999 and so on

    is it possible to do this with this plug in?

    if not can anyone can guide me to right direction i would be delighted

    thanks
    Edgar

  • Jim Harmer

    I created a new role for a comment moderator, and then I clicked the box for “Moderate comments” and gave the user that role.  Still, the user doesn’t see anywhere in the dashboard where he can moderate comments.  Why is this?

  • Hi,

    my apologies for the late reply.
    No, it’s not possible with a help of User Role Editor plugin to limit pages accessible to edit. With URE help you can extend selected role by assigning it new capabilities, e.g. you can permit role to edit posts or pages. But you can not manage what pages will be accessible for editing.

    Try “WP-CMS Post Control” or similar to limit editor access to selected posts or pages. Be aware that subscriber is a user who can only read. So it is better to create and use new custom role for your own purposes.

  • There is some mess in WordPress with this capability. While capability ‘moderate_comments’ exists and its name is clear for everyone, but WordPress uses it for some other purpose. The main capability WordPress checks when takes decision allow moderate comments or not is can this user edit this post or not. Thus only post author, editor or site administrator could moderate comments with WordPress admin dashboard.

  • Anonymous

    Everybody on my site except the admin (me!) is getting this error when trying to access
    /wp-admin
    “You are not allowed to access this part of the site”Please help! I can’t tweak my site because of this.

  • This message is shown when user has no capabilities in his capabilities list or role.
    Check what role is assigned to the user who get such message. Then check if this role has capabilities at least as standard WordPress Subscriber role.

  • Myblog

    Hi – I don’t mind my editor seeing the other plugins – they really only need to see one of them.

    But I do NOT want them to see this plug in.

    Is there a way to edit your plugin – so that it hides your plugin – or only shows the one I want?

    This would be an awesome solution for my problem.

    There is data they need to capture on this form editor plugin & it doesn’t show on the theme I’m using.

    Some themes the plugin does show to editors – not this one & I’m not a code person.

    Thanks a bunch!

  • Myblog

    Oh shoot – this plugin doesn’t give the EDITOR access to even get the form data which is in Settings of the plugin – how can I make this happen???

    TY!!!!!!

  • Hi.

    User Role Editor (URE) plugin is available to the Administrator only by default. Standard WordPress Editor could not see URE plugin. So, what do you wish to change in URE plugin?
    About what form editor plugin do you write?
    Could you send more detailed message?

  • Again, about what plugin form data do you write? Could you send the link to that plugin here and explain what do you wish to achieve?

  • Pingback: 5 Best Wordpress Plugins | News of Delhi()

  • I’m using s2member
    plugin and have shut down the admin area for my Level 1 members
    (non-admins).  s2member has an extra layer of protection from any
    non-admin member entering into any of the pages in /wp-admin/ so they don’t see the default profile panel.

    so s2member redirects to their own version of the profile page but they don’t have a feature to upload a photo.
    Will your plugin work with s2member plugin and specifically the ability for members to upload the profile author photo?

  • By default neither WordPress, nor S2Member doesn’t have function to add image/photo to the user profile. The only way to show photo for register user in discussions is to show his/her gravatar (option is placed under “Settings->Discussion”.
    So I suppose that you have some other plugin installed which allows to upload the author photo to his profile. I need more information from you about your site installation to reproduce your environment and check if URE plugin can help you.
    Generally, if any plugin uses standard WordPress capabilities system to allow/prohibit some functionality, you definitely can manage that with URE by adding/excluding those capabilities to the selected roles or users.

  • belloli

    You want to make the multsite version, which is administered only by the super-admin?And thank you, I use on other blogs.

  • belloli

    Sorry,  I had not seen your code. In
    user-role-editor.php have the function
    “duplicate_roles_for_new_blog()”.
    I installed the plugin after the creation of some subdomains. My bad!
     

  • No problem. I’m glad that URE plugin helps you :).

  • Please describe what do you wish to achieve adding this new capability?
    Generally you need to check it before execute some functional code and decide if user is allowed to execute such code or not.
    If you just put code above to the end of function.php you limit nothing.

  • Anonymous

    I don’t really understand the adding of roles either. 
    I installed a plugin for author signatures but only the admins can access it but I need the contributors and authors to as well. Plugin is called WPsignature but I have no idea how to add the capability to the roles.

  • Amirah

    Helo Vladimir:

    I’m pretty sure this is a dumb question but which of the roles do we click to give our contributors rights to upload photos. None of them actually say “upload_image”? Please help or direct me to where I’m sure you’ve already stated this plainly. 

  • WordPress maniac

    Hi Vlad,
    1st, thx for this cool plugin!
    2nd,
    The capability “edit_comment” added on version 3.1 of WordPress is not showing up on the plugin 🙁
    Q1: Where do you (the plugin) get the initial list of capabilities from?
    I know the list is stored in the “options” table as the value of the option_name = ‘user_roles’, but I can’t tell if you grab this list from somewhere else within WordPress or if you have this list hardcoded in the plugin.

    Q2: Would it be possible to update the plugin to include the above mentioned capability?
    Q3: If I add this capability using the plugin, would it in any way collide with WordPress’ definition of it?

    Q4: I installed WordPress 3.2.1 from scratch, then added your plugin after doing just the least amount of customization possible; Is the absence of “edit_comment” due to your plugin or WP 3.2.1’s setup?

    thanks again for this great contribution.

  • WordPress maniac

    Hi Amirah,
    I think you need to use “upload_files”, since according to the codex (http://codex.wordpress.org/Roles_and_Capabilities) this allows the user access to Media > Add New. So This should work for any type of media, not just pics.”upload_files” is in the 3rd column of the plugin’s capabilities list.ciao

  • manuki

    hi vladimir
    ur plugin seems to be VERY useful, but ive been trying to give access to one of my editors.. to ‘add or edit sidebars’ the sidebars tab in the theme im using is inside the appearance tab, i added the capability, but it doesnt work, how do i make it work? my editor, doesnt need to have access to widgets, menus, themes nor themes options, but i really need him to be able to add a sidebar, is it possible?

  • Please send an exact link to the plugin you use. Search by WPSignature keyword at wordpress.org returns links for 2 different plugins.

  • No, you can’t achieve this with URE plugin help only . There is no such capability in WordPress to limit comments view with approved comments only. So additional programming is needed to resolve this task. Some hints could be found in these posts:
    http://www.shinephp.com/limit-comments-moderation/
    http://www.shinephp.com/hide-draft-and-pending-posts-from-other-authors/
    Let me know if you need further assistance.

  • If ‘Appearence’ section is not shown for Editor user at all I think it misses some of this capabilities: ‘switch_themes’ or ‘edit_theme_options’.
    Use wp-amin/menu.php for your reference:

    if ( current_user_can( 'switch_themes') ) {
    $menu[60] = array( __('Appearance'), 'switch_themes', 'themes.php', '', 'menu-top menu-icon-appearance', 'menu-appearance', 'div' );
    $submenu['themes.php'][5] = array(__('Themes'), 'switch_themes', 'themes.php');
    if ( current_theme_supports( 'menus' ) || current_theme_supports( 'widgets' ) )
    $submenu['themes.php'][10] = array(__('Menus'), 'edit_theme_options', 'nav-menus.php');
    } else {
    $menu[60] = array( __('Appearance'), 'edit_theme_options', 'themes.php', '', 'menu-top menu-icon-appearance', 'menu-appearance', 'div' );
    $submenu['themes.php'][5] = array(__('Themes'), 'edit_theme_options', 'themes.php');
    if ( current_theme_supports( 'menus' ) || current_theme_supports( 'widgets' ) )
    $submenu['themes.php'][10] = array(__('Menus'), 'edit_theme_options', 'nav-menus.php' );
    }

  • Did you mean ‘Media Library’ instead of ‘media gallery’?
    Thus you wish to hide ‘Media’ menu item from the right side admin menu bar and ‘Media Library’ tab from the ‘Add Image’ dialog in the post editor.
    Please confirm.

  • Thanks for the good comment.
    As ‘User Levels’ were deprecated from version 3.0 , I plan to make other thing – fully hide them be default, with option to show them back if user needs to see or use for some reasons those deprecated options.

  • That’s right. Thanks for your help.

  • Hi,

    A0, A4 – WordPress has some set of so-called meta-capabilities which were not included directly into any role yet, and not stored in the database with user roles together. These are so-called mapped capabilities. They were mentioned directly in the WP codex documentation but really mapped to some other real capabilities. ‘edit_comment’ capability is mapped to ‘edit_posts’ capability and others custom post types if your blog has them, e.g. edit_some_custom_post_types’, etc. capabilities. Check wp-includes/capabilties.php
    function map_meta_cap() for your reference.

    A1 – Yes, all capabilities which URE plugin shows you, it takes either from WP $wp_roles object or directly from its _options table.
    A2, A3, A4: You should not add ‘edit_comment’ capability yourself as it should not be assigned to the role or user. Use primitive capabilities to which it is mapped, e.g. ‘edit_posts’ capability, instead.

  • Hi Manuki,

    WordPress itself checks ‘switch_themes’ or ‘edit_theme_options’ capabilities just to show or hide ‘Appearance’ submenu from user. So is user need to use some item under Appearance submenu this user should have one of those capabilities. The rest part depends from theme you use.

    URE plugin doesn’t add itself any new functionality to manage/check user permissions inside theme or plugin code. It just allows you give/exclude those permissions to selected role or user. Thus, is you add new capability you should realize or use already existing functionality to check if that capability is assigned to current user.

  • WordPress maniac

    спасибо!Your explanation is very clear and I think I get it now.All the best!

  • Pingback: 9 Nützliche Plugins für WordPress als Community-Site » WoWa-Webdesign Friedrichshafen, Bodensee()

  • Linda

    Hi!

    This is exactly what I’ve been looking for and so of course I tested it out and changed some capabilities for Authors but now I can’t login through /wp-admin anymore, I get this: “You don’t have the privileges to access this page”. I figured I can just delete the plugin in filezilla but since I’m still quite the newbie I don’t want to mess anything up.ThanksLinda

  • Hi,

    Generally User Role Editor plugin doesn’t activate any filter or action so deletion of its files may not help you to restore login to your site admin panel.
    With URE you can not change the Administrator role. So the reason could be in some other place. Please remember, did you activate and test some other plugin at the same time? If yes, try to delete that plugin folder in wp-content/plugins/ folder first.
    May be you suddenly changed role of your administrator user in his profile…
    In case you roles system was damaged for any reason URE plugin made backup copy when you update roles first time and it’s possible to restore roles from there, or just take default set of WordPress roles. Such operation needs access to MySQL database and couple of SQL commands execution.
    Read this post for the details
    http://http://www.shinephp.com/how-to-change-wordpress-user-role-capabilities/

    P.S. If you need further help to restore you blog admin login and it’s possible for you to give me access to your MySQL database I can help you to make that on site.

  • Jose

    Hi, how can I set what group of users can see a specific post or page? This would allow me to publish special offers for every specific group of users.
    Note: I actually need the ability to set more than one group per page or post in case the page is a general offer that can be seen by more than one group.
    Is this possible with your plugin?
    I haven’t figured out how.
    Thanks in advance.

    Jose

  • Sergey Kravtsov

    Want to share my hack:

    Add this to line 50:

    if (!ure_is_admin($user_id)) { // If user has editing users capacity, but isnot admin
        return;
    }

  • Hi,
    You can not make it with User Role Editor help. It helps to manage just the roles and capabilities. The rest part – how to use them to manage access to the WordPress functionality or blog content should be realized with external code (plugins, themes, etc.).
    Take a look on S2Member plugin
    http://wordpress.org/extend/plugins/s2member/
    may be it will help you.

  • Thanks for sharing.
    But please, think, – applying this code at very begin (line 50) you block User Role Editor plugin functionality which prevents such user (who is not admin but can edit users) from editing users with admin privileges and from assigning ‘Administrator’ role himself.
    That’s why if you have not trusted users with ‘edit_users’ capability in your users list, you should always have URE plugin activated and not hacked :).
    Let me know the reason why you added that code. Did you find a way to use URE plugin for users without admin privileges? For this moment I’m sure that I blocked it already.

  • CfxJosh

    Unfortunatly,  it was unclear what role I was editing, while logged in as admin I clicked on the “editor” role (I thought to edit that role),  added the capabilities that I needed for the editor role, and then hit save.   now when I login as an admin I have the access of an editor, and that does not include the ability to edit user roles!   HOW can I un F this ?
    Please advise ASAP!

  • Interesting. If you can repeat that, please tell me then, how you corrupted administrator role. It should never be happened. If it’s possible somehow, I should fix the bug.
    How to restore administrator role:
    1st, you can try to use ‘Restore’ feature. It should restore roles to the state when you just installed URE plugin.2nd, if ‘restore’ button doesn’t help, you can edit administrator role directly with your favorite MySQL tool:
    Read this post for the details http://www.shinephp.com/how-to-change-wordpress-user-role-capabilities/

  • Buddee00

    Can the plugin set so that the editor only see his/her own post and not the others?

  • If you limit Editor with his/her own posts only you will get exactly the Author role. Why not to use it instead?

  • Is it possible to create a role where the user could edit any page on the site, but NOT publish them (NOT update the live page)? They could edit the page but could only submit it, then an admin would receive an email and would need to publish the update. I’ve tried to get this to work but if I let them edit published pages they are allowed to click “update”, which updates the live page. Appreciate any help…

  • If you need to allow to edit just not published posts of other users and do not publish them it seems that ‘edit_others_posts’ without ‘edit_published_posts’ could be enough.

    If you need to allow to user edit published post but assign ‘pending’ status to it after it was changed – some additional coding is needed.

  • Edith Ruprecht

    Great stuff, really. Very neat plugin. Now I have an Account for people who can read every post but cannot change anything. That’s just great for proofreading.

  • Thank you.

  • I love your plugin and it works perfectly, thank you. However, one of my plugins (contact form 7) places its settings link in the main menu, and therefore even though I have only ‘edit pages’ enabled for one of my custom user types, they are still able to edit contact form 7’s options since it’s not nestled under the ‘settings’ menu. Any help you can offer would be greatly appreciated!

  • additionally, is there a way to allow a specific user or role to edit sidebar widgets? perhaps down to a per-widget level?

  • Contact form 7 plugin checks ‘edit_posts’ capability to allow/prohibit access to its submenu and ‘publish_pages’ capability to really allow to change something in contact form templates.
    To raise permission level you can change constants values below to something as ‘edit_users’ in order only blog administrators can edit contact form 7’s options. 
    Quote from ./contact-form-7/settings.php:
    if ( ! defined( 'WPCF7_ADMIN_READ_CAPABILITY' ) )
    define( 'WPCF7_ADMIN_READ_CAPABILITY', 'edit_posts' );

    if ( ! defined( 'WPCF7_ADMIN_READ_WRITE_CAPABILITY' ) )
    define( 'WPCF7_ADMIN_READ_WRITE_CAPABILITY', 'publish_pages' );

    If you modify something, you will need to make such update again after every Contact Form 7 plugin update installation.

  • By default WordPress has the only capability to allow/prohibit edit sidebar widgets all at once – ‘edit_theme_options’. More advanced model (as per-widget base) is a subject of special plugin development.
    Please, be aware that allowing edit widgets to not trusted users is very dangerous, if you have theme editor not turned off or some plugin which allows to insert into widgets arbitrary PHP code. Arbitrary JavaScript code in the simple text widget could be very dangerous too.

  • thank you very much for your reply. it seems like it might be easier to ask the CF7 devs to move their settings to the settings menu. But, I’ll try your idea too.

  • very well, I’ll keep ‘edit theme options’ turned off for untrusted users. editing specific widgets can be done by admins.

  • solved! my wp-config.php file now looks like this:

    /** Database Charset to use in creating database tables. */
    define(‘DB_CHARSET’, ‘utf8’);

    /** The Database Collate type. Don’t change this if in doubt. */
    define(‘DB_COLLATE’, ”);

    /** Allow only admins to see contact form 7 settings in admin panel */
    define( ‘WPCF7_ADMIN_READ_CAPABILITY’, ‘manage_options’ );
    define( ‘WPCF7_ADMIN_READ_WRITE_CAPABILITY’, ‘manage_options’ );

    /**#@+
    ………………………. (etc)

    and CF7 settings are no longer accessible to anyone lower than admin.

  • Thanks for sharing. I didn’t think of that way.
    As “Contact Form 7” defines its constants conditionally (if they not defined yet), this way you have no conflicts with  plugin updates comparing with decision if you change plugin’s file directly. Well done.

  • You can not do it with a help of URE plugin directly. That could be possible with some external PHP code in your theme functions.php file or other plugin only.

  • Crazy lee

    Hi all,

    Is it possible to enable only moderation for author without enabling edit..

  • Hi,

    In order to moderate posts (be editor without edit feature), you should have access to the ‘Posts’ and ‘All Posts’ menu items. Look at this post http://www.shinephp.com/wordpress-admin-menu-permissions/
    It’s not possible without ‘edit_posts’ capability. While that’s possible to moderate posts without editing them with help of some specially written plugin, I think – it’s impossible to achieve just shuffling WordPress capabilities.

  • Paso80

    Hi Vladimir!
    I’m using your plug in,
    how can I create automatically a page for each roles, with the list of all the users that are members of that roles?
    now I’m using that system in the author.php:
    $excluded = “1,2,3,4,5,6,7,8,31,32,36”;  // To exclude IDs 1,33,4 nuovi autori da escludere
                        $sql = ‘SELECT DISTINCT post_author FROM ‘.$wpdb->posts. ” WHERE post_author NOT IN ($excluded) ORDER BY post_author ASC”;
                        $authors = $wpdb->get_results($sql);
                        if($authors):
                           foreach($authors as $author):
    it works but I have to add the IDs manually…. how can I exclude directly a role ?
    thank you

  • Hi. I’ve been using this plugin for a long time now and really find it very valuable.

    Just recently a client brought to my attention that they can no longer Edit Pages. They have standard Editor role, with almost every ‘edit’ related capability checked.

    I confirmed this by logging in with another browser as Editor role.

    I tried disabling and re-enabling the plugin (activated network wide). And tried re-saving Editor role to apply to all sites.

    Any ideas?

    Thanks,
    Jeff

  • Hi. I’ve been using this plugin for a long time now and really find it very valuable.

    Just recently a client brought to my attention that they can no longer
    Edit Pages. They have standard Editor role, with almost every ‘edit’
    related capability checked.

    Any ideas?

    Thanks,

    Jeff

  • Hi,

    Please check, if ‘edit_published_pages’ capabilty is included into your role. It could be the 1st reason, why user can not edit page, which is published already.

  • The Pterodactyl

    Is there a way to make “edit_theme_options” a bit more granular to only allow my user to edit the widgets section without having access to the rest of the options under the Appearance tab?

  • Hi!
    Information about role assigned to the user is stored at ‘wp_user_meta’ table. Query like belowSELECT user_id FROM wp_usermeta` where meta_key=’wp_capabilities’ and meta_value like ‘%editor%’;
    will return you ID-s of all users with role named ‘editor’. 
    You can use it in your query, just change $excluded to query mentioned above. Something like this:
     $sql = ‘SELECT DISTINCT post_author FROM ‘.$wpdb->posts. ” WHERE post_author NOT IN (SELECT user_id FROM “.$wpdb->usermeta.” where meta_key='”.$wpdb->prefix.”_capabilities’ and meta_value like ‘%editor%’) ORDER BY post_author ASC”
    I didn’t try to execute this code, so excuse for the typo, if I put some here :).

  • I think that it is possible with custom made plugin only.

    WordPress widgets administration panel code is wp-admin/widgets.php file, which at line #15 checks if current user has the same ‘edit_theme_options’ capability as for the rest items of ‘Appearance’ menu:

    if ( ! current_user_can('edit_theme_options') ) wp_die( __( 'Cheatin’ uh?' ));

  • Greg Howell

    I have the same problem as Jeff Kemp. An editor cannot edit published pages. The
    Note I also have the Exec-PHP plugin installed. If I check ‘Edit others php’ then he has the abiulity to update pages, but it creates security warnings.

    ‘Security Hole The following list shows which users have either or both of the “edit_others_posts” or “edit_others_pages” capability and are allowed to change others PHP code by having the “edit_others_php” capability but do not have the “exec_php” capability for themself. This is a security hole, because the listed users can write and execute PHP code in articles of other users although they are not supposed to execute PHP code at all. admin2’

  • The Editor role has the following edit capabilities checked:
    edit_dashboard
    edit_datasets
    edit_files
    edit_formfields
    edit_other_datasets
    edit_others_pages
    edit_others_php
    edit_others_posts
    edit_pages
    edit_plugins
    edit_post_subscriptions
    edit_posts
    edit_private_pages
    edit_private_posts
    edit_projects
    edit_projects_settings
    edit_published_pages
    edit_published_posts
    edit_theme_options
    edit_themes
    edit_users

  • As per Greg Howell, I am using Exec-PHP plugin. I disabled it to see if it is causing the issue and YES, if Exec-PHP plugin is disabled Editor role can now edit pages. I can live without that plugin on this particular site. If it turns out I need Exec-PHP on another site I’ll try setting the ‘Edit others php’.

    Thanks,
    Jeff

  • See my reply a little down the page. Disabling Exec-PHP resolved my issue. Thanks, Jeff

  • Thanks you both, Greg and Jeff, for the information. It could be useful for others, who uses ‘Exec-PHP’ plugin and meets the same trouble.

  • Thanks, for sharing that, Jeff. Just be aware about possible security issue in that case. Your editor should be the person whom you trust.

  • Greg Howell

    Vladimir, do you see this as
    1) A problem with the ‘User role editor’
    2) A problem with ‘Exec-PHP’
    or
    3) A problem I have to live with

    Greg

  • Hi Greg,

    I think, it could be equal something between 2 and 3, e.g. about 2.8 :).

    “User Role Editor” doesn’t apply any rools, limitations or extensions to WordPress permissions system. It is just user interface to change roles and capabilities. The rest part is made by WordPress itself. That’s why I don’t think that it is an URE plugin problem.

    Possible security problem when someone can edit and exec PHP code inside other author post is well documented in ‘Exec-PHP’ and this feature is prohibited by default, although plugin introduces special capabilities to remove such limit if needed. Thus, it is not ‘Exec-PHP’ plugin problem too. 

    So, if your ‘editor’ is the person whom you trust, just add him ‘edit_others_php’ and you have no problem. 
    If your editor is not trusted person – this is the real problem, as you never know what content will appear on your site and when.

    From other side, that’s possible to change or extend ‘Exec-PHP’ possibilities, like to have option for admin, as ‘allow PHP execution’ on every post. So while such option is not turned on, PHP will never be executed, even someone add it to the post text. With such option these posts could be edited according standard WordPress ‘edit_others_posts’ without additional limitations like ‘edit_others_php’, etc.
    May be you have more thoughts or suggestions on this subject…

    Btw, did you see any activity from ‘Exec-PHP’ plugin author recently? Or he stopped this plugin support?

    Regards,
    Vladimir.

  • It seems we have to allow users to edit themes just to give access to manage the menus?

    Also, is there any explanation for what permissions each ‘Level x’ gives users?

    Lastly, did I see correctly somewhere that we are able to hide the WP standard Administrators?

  • 1) ‘edit_theme_options’ to be more exact;
    2) ‘level_0’-‘level_10’: Check this link http://codex.wordpress.org/User_Levels ( User Levels were introduced in WordPress 1.5, they were replaced by Roles and Capabilities in WordPress 2.0, and were finaly deprecated in WordPress 3.0.) and I will allow to hide them in next version of URE plugin;
    3) URE plugin should hide all users with ‘Administrator’ role from users with other roles who can see users list. I will check if this feature still works correctly with latest WordPress 3.3 RC1. 

  • Thanks for reply.
    1) So there is no way to grant permission to the Appearance > menu section without also allowing them to edit theme options?

    2) OK, so currently ticking any of these levels has no adverse effect?

    3) I’m running latest WP 3.2.1 and can see all users including Administrators, although can’t edit the Administrator. just wished it would hide it as well.

  • You are welcome :).
    1) Yes, as ‘Appearance’ menu item itself requires ‘edit_theme_options’ capability.
    2) Yes. I’m sure they are still there just for compatibility with old plugins/themes.
    3) Yes, I confirm this issue. It will be fixed, possibly this week – all users with ‘Administrator’ role will be excluded from the users list if user with ‘list_users’ capability has not ‘Administrator’ role. I almost finish (make tests now) the updated version of User Role Editor plugin. New features/fixes are: 
    – create new role on the base of old one (copy role);
    – hide/show deprecated capabilities (levels for this time);
    – fix to hide users with ‘Administrator’ role.

  • Hi Erwin,

    My first guess is that Gravity Forms adds its capabilities on the fly without saving them at WordPress database. URE shows and edits capabilities only from WordPress storage in database. Any way I will investigate the issue and think about the fix you wrote above.
    Thank you.

  • Erwin – Good Websites

    thanks. would be appreciated in the WP community as Gravity Forms is becoming quite popular.

  • guestreding

    it is possible to get a role that say – a page was is published will change from Autor but the change will only published after approval from administrator.

  • Some additional code in theme functions.php or plugin is needed to realize that. But I see some problem with logic here. Correct me, is I’m wrong?
    Author role difference from Contributor role is that Author could publish posts himself.We can change published post status to pending if it is changed, but who will prevent Author from making it published again? If we prohibit Author to publish his posts he will become Contributor then. Why do not to assign him Contributor role from very begin in this case?

    Code example to change published post status to pending review in case of post content change:

    function published_to_pending($post_id) { 
    global $post;   
    if (current_user_can('author') && $post->post_status=='publish') {   
    remove_action('save_post', 'published_to_pending');   
    // update the post, which calls save_post again   
    wp_update_post(array('ID' => $post_id, 'post_status' => 'pending'));   
    // re-hook this function    add_action('save_post', 'published_to_pending'); 
    }  
    }

    add_action('save_post', 'published_to_pending');

  • Hi Erwin,
    What version of User Role Editor did you test? Please check the final 3.3. one.
    I compared my code with Members plugin – we use the same WordPress object to retrieve user capabilities, just different properties of it (I use arrays instead of object as Members author do). So result should be the same.

  • Thanks for new version, it now hides the Administrator users

    Last thing is that a non Administrator can still see the ‘User Role Editor’ option in the menu, which then gives them error message:
    “Only Administrator is allowed to use User Role Editor”
    Hence still not ‘obscure’ that another role is available higher than theirs.

    I use this plugin for client sites that I manage, and create a role for them called ‘Admin’ with all permissions except deleting or adding new plugins for their own safety 🙂

  • I use ‘edit_users’ capability now to include/exclude URE to the admin menu. 
    Do you think that it will be better to add some custom capability especially for URE, ‘ure_edit_roles’ for example, and use it for that, including it to administrator role by default of course?
    Did you lock theme and plugins source code editor for your clients also?

  • michael.wiekenberg

    Hello Vladimir,

    i am working on a MU-site and chose User Role Editor as future component for adding custom roles.
    Till yesterday it worked fine. Its a very well plugin without overkill. Fine work.

    Now i’fe upgraded to Version 3.3 due to the new Release and the ability  to create custom role by copying from existing role. Nice feature.

    After trying this User Role Editor is invatidating the wp_option “wp_user_roles”. So i get an error: 
    “Fatal error: Cannot use string offset as an array in ” … “wp-includescapabilities.php on line
    112” 
    This leads to invalidating whole page and admin section. So even deactivbating Plugin is not possible ;( Only way to fix this is to overwrite option entry to old value in db directly. 

    Is this issue known? Is there a fix of Plugin? is it only my fault 😉 ? Or do you know a workaround?

    Thanks so far and greetings
    Michael

  • Hello Michael,

    Thanks for sharing your problem. No, this is a first signal. My week period testing on about 5 WP installations including 2 multi-site didn’t show me any problem.
    If roles were corrupted in the wp_options table, deactivating URE plugin will not help. Just direct update of roles record in the wp_options will help, as you already mentioned.
    Did you restore your site work? Please let me know if you need help with that.
    Could you reproduce your actions which lead to this critical issue? Maybe on the copy installation of your site. I have a strong desire to isolate the problem and fix it.

    Regards,
    Vladimir.

  • michael.wiekenberg

    FIXED:
     
    So after a dinner, i found the solution now:
    Root_cause:The causing problem is the naming of the field copy_from_user_role!ure-role-edit.php line 133:url = url +’&copy_from_user_role=’+ el.value;
    &copy get interpreted by Internet Explorer ED:
    to copyright sign ©
    Fixing steps:1. Open all .php of plugin2. replace copy_from_user_role with _copy_from_user_role3. Save all files
    => Fixed!
    Greets Michael

  • michael.wiekenberg

    FIXED:
     
    So after a dinner, i found the solution now:
    Root_cause:
    The causing problem is the naming of the field copy_from_user_role!
    ure-role-edit.php line 133:
    url = url +& copy_from_user_role=+ el.value;
    & copy get interpreted by Internet Explorer to copyright sign ©

    Fixing steps:
    1. Open all .php of plugin
    2. replace copy_from_user_role with _copy_from_user_role
    3. Save all files

    => Fixed!
    Greets Michael

  • Jason

    Hi,

    Got this message when I tried to create a new role ‘Owner’ that is based on ‘Editor’. I have been developing using instantWP_4.1.

    Fatal error: Cannot use string offset as an array in
    C:WordpressInstantWP_4.1iwpserverhtdocswordpresswp-includescapabilities.php
    on line 112

    Not sure what went wrong, but I suspect it is related to the name of the role…

  • michael.wiekenberg

    Hi Jason,

    did you’ve tried my solution explained below?
    Should be the same cause.

    Greets Michael

  • Oh, that’s weird Internet Explorer. I develop under Ubuntu and test my code with FireFox and Google Chrome. Thus, I missed this issue with reserved HTML entity. I will publish fix today.
    Thank you very much, Michael, for your help!

    Though I still don’t understand how this broken url could lead to wp_user_roles option structure crash. What name did you assign to the new role before get that fatal error?

  • Hi Jason,

    Thanks for the message. Do you get that error under Internet Explorer? If Yes, that it is possibly the same issue as Michael discovered. He found the reason – IE automatically changes ‘&copy’ inside URL parameter ‘&copy_from_user_role’ to the copyright sign :(.
    I will make a fix.

  • michael.wiekenberg

    Hi,

    thanks. I am glad that i could help.

    i think it does so because:
    – he can’t fill the variable $ure_currentRole  correctly
    – can’t fill the variable  “$copy_from_user_role = isset($_GET[‘copy_from_user_role’]) ? $_GET[‘copy_from_user_role’] : false;”

    url is e.g: …/wp-admin/users.php?page=user-role-editor.php&action=addnewrole&user_role=b3©_from_user_role=author

    So now its ralls late so i’ll search for some sleep 😉

  • Thanks again.
    $copy_from_user_role just should get ‘false’ and new role get capabilities as ‘subscriber’ by default.
    Yes, reason is in wrong character inside $user_role_name definitely. It’s not caught by  this filter for some reason.

    if (!preg_match('/^[A-Za-z_][A-Za-z0-9_]*/', $user_role)) {
          return 'Error! '.__('Error: Role name must contain latin characters and digits only!', 'ure');;
        }

    I will play with this wrong URL and try to fix the issue. Wrong call from client should not crash WordPress anyway.

  • michael.wiekenberg

    Yes youre right. I would expact a little more from WP here too. But it trusts the DB. In most cases this is fine. 

    By the way. I like your renaming action in the fix. It is a better solution than mine :]

    And thanks for mentioning me in the changelog. I am very much honered now.

  • guestreding

    Hi Vladimir,

    thanks for your replay.

    We have already published pages (not posts), in which time intervals are to be changed. This change should only be made after the release of a second Person be released.

  • When are you sleeping? 🙂

    I tried invalid URL (with copyright sign inside) request under Windows XP with Internet Explorer and got error message:
    “WordPress database error: [Incorrect string value: ‘xA9_from…’ for column ‘option_value’ at row 1]”
    but it was not executed and roles in database left valid. Possibly locale settings you wrote yesterday have sense.

    I enhanced server side user input checking with preg_match(). Wrong input was passed this check earlier as  preg_match() returns true in case any part of string satisfies to regexp. In this case it was string part before the copyright sign. Now checking code is:
    // sanitize user input for security    $valid_name = preg_match('/^[A-Za-z_][A-Za-z0-9_]*/', $user_role, $match);    if (!$valid_name || ($valid_name && ($match[0]!=$user_role))) { // some non-alphanumeric charactes found!      return __('Error: Role name must contain latin characters and digits only!', 'ure');    }

    I will publish update at weekend in case some other bug will appear and to not bother users too much with every day updates.

  • Hi,

    I understand that there are different situations. May be it will have sense to drop ‘publish_pages’ capability from role for this person but leave ‘edit_published_pages” capability at the same time, etc…

  • guestreding

    Hi back :-),

    I’ve tried, but the page is published directly without approval.

  • Code is applied to post or page which is already published.
    Code checks if current user has the ‘Author’ role before change page status to ‘pending’.
    Are these conditions valid for test you made?

  • guestreding

    hmm, that don´t work. I´ve make follow Way´s

    1.) As Autor, some change in a published page – but the page 
         is published without approval.

    2. As Autor, some changes in a published page, and save this page as pendig rewiev – put the page will not work (page can´t found). After approval from the administrator work this page.

  • Rob Hellemons

    Hallo, 

    I have trying out your plugin, and i would like to use it in my  website.i have got a question about adding a capability. 
    i want to add one for settings.
    But when i did it is still possible to enter and change settings.
    Is there something more that i have to configure?

    Thank you in advance, 

    Greetings R.Hellem

  • User information is stored in 2 DB tables: user wp_users, wp_user_meta. Export this 2 tables and import to other WP site. If you have some users registered already on other site (and you have at least admin with ID=1, you should change wp_user.ID and wp_user_meta.user_id respectively to not overwrite old user with new one.
    If you use some custom created user roles you should have them on the second site too, be cause of wp_user_meta stores user role name for every user.

  • If you wish to control some role access to the ‘Settings’ submenu, why do not  use capability WordPress has for that already – ‘manage_options’? Read this post for more information:
    http://www.shinephp.com/wordpress-admin-menu-permissions/
    When you need to check if user has some capability or not you should add the piece code for that as in “Add New Capability” section of “User Role Editor” post above.

  • Erwin – Good Websites

    yup. was using 3.2.1 upgraded to 3.3.1 and got a few capabilities of Gravity Forms in my overview:

    gravityforms_mailchimp
    gravityforms_mailchimp_uninstall
    gravityforms_paypal
    gravityforms_paypal_uninstall
    funny only the add-ons

  • I looked into Gravity Forms source code. It’s not the URE fault that you don’t see GF capabilities there. GF plugin is specially integrated with Members plugin:

    //Members plugin integration. Adding Gravity Forms roles to the checkbox list            if ( function_exists( 'members_get_capabilities' ) ){                add_filter('members_get_capabilities', array("RGForms", "members_get_capabilities"));                //Removing default GF capability when integrating with Members                if(current_user_can("gform_full_access"))                    $current_user->remove_cap("gform_full_access");                //If and administrator does not have any Gravity Form permission, add all of them. (will happen the first time Gravity Forms gets installed)                self::initialize_permissions();

    Further in initialize_permissions() function FG plugin added the own set of capabilities in the only condition if Members plugin is installed and GF plugin uses just one full access capability “gform_full_access” in other cases:

    //Setup permissions if Members plugin is installed, or give current user full GF permission if not.    public static function initialize_permissions(){        global $current_user;        $is_gravity_forms_installation = get_option("rg_form_version") != GFCommon::$version;        $is_members_installation = get_option("rg_members_installed");        $is_admin_with_no_permissions = current_user_can("administrator") && !GFCommon::current_user_can_any(GFCommon::all_caps());        //if this is a new gf install or members install and the administrator doesn't have any Gravity Forms permission, add all of them.        if( ($is_gravity_forms_installation || $is_members_installation) && $is_admin_with_no_permissions){            $role = get_role("administrator");            foreach(GFCommon::all_caps() as $cap){                $role->add_cap($cap);            }            update_option("rg_members_installed", true);        }    }
     

    If you still wish to use User Role Editor plugin instead of Members plugin you can use this workaround. Turn on all Gravity Forms capabilities for Administrator role in Members plugin, they will be stored in WordPress database after that. And you will see them in User Role Editor as any other capabilty.
    That’s all.

  • Look at short video I recorded to show how it works for me:
    http://youtu.be/ytEldoENpdM

    May be it will be more correct just send email to admin in this case as moving published page to pending will break the link to it.

  • Info

    Hello, you can create pages divided roles of authors, all author’s role 1, page 2 authors dek role? thank you very much

  • Mathan

    Hello Friends,

    Yesterday i installed user role editor plugin. i dnt found any option for delete role, but in  thins http://wordpress.org/extend/plugins/user-role-editor/screenshots/ they say we can able to delete roles..

    And also i ll attach my image please check this….

  • Hi Mathan,

    I don’t show form box for role deletion if there are no role which can be safely deleted. I consider that the role is available for deletion if nobody use it, that is there is no user with such role assigned.
    Second (or may be first) limitation I don’t allow to delete any WordPress standard role, e.g. Subscriber, Contributor, etc.
    Just try to add your own new role and you will see box for role deletion as on plugin’s screen-shot.

  • Hello,
    WordPress offers to filter users by roles already – via Users menu.
    Can you give me more details what do you wish to achieve?

  • Andrew Lundquist

    Hello! Looks like a great plugin and I have tried it out, but am getting an error. Here are the details:
    – Multisite
    – Activated only on main site wp_1_
    – Created new role called SiteBuilder (no spaces or special chars)
    – Added roles, selected Apply to All Sites
    – Clicked Update
    – Received error:

    Warning: asort() expects parameter 1 to be array, boolean given in /home/clvrtv/public_html/wp-content/plugins/user-role-editor/ure-lib.php on line 141 

    Is this a problem? When I refresh the settings and reload my custom Role, it looks like the settings are saved. But I want to be completely confident that everything is correct and that it will not cause problems later. Thank you!

  • I hope you don’t mind the following question, but what is the difference between this and the ‘Members’ plugin by Justin?

  • Hello Andrew!
    This command is called to sort roles array returned by WordPress API. For unknown reason WordPress returned nothing for one blog of your network. In case roles list is empty roles update procedure is stopped. So I don’t think you have real problem after this error message.
    I repeated your steps on my test multi-site WP installation, but without any errors.
    If your network is not so large can you please to check if some site in it has not roles at all?

  • Nothing. Both did the same job honestly. From other side there are differences:
    – User interface;
    – Multi-site features: a) save the role changes to all sites of the networks; b) automatic replication of all roles of main site to the new added site.
    – etc., just try to find :).

    If you interested in the reason, I wrote it, while some similar functionality plugins already existed, I don’t investigated that. Just seat and wrote code which worked directly with WordPress database and not used a line of WordPress roles and capabilities API. I discovered that WordPress has that much-much later :).

  • I didn’t think that menu items list depends from user capabilities at all. When visitor open your home page he/she had not be registered user, just visitor. 
    May be you installed some other plugin at the same time?

  • Hi. I have a test user assigned as Editor, and they are unable to
    change Author on posts to an Author who is Administrator (other Editors
    are listed, but not Admins).

    Editor has the following capabilities:
    add_users
    create_users
    edit_others_posts
    edit_others_pages
    edit_pages
    edit_posts
    edit_private_pages
    edit_private_posts
    edit_users
    list_users
    publish_pages
    publish_posts

    Do I need to also add one of these?
    edit_usergroups
    promote_users

    I actually tried adding them and it made no difference. What do I need to do to allow Editoros to assign Admins as Authors?

    Thanks,
    Jeff

  • Andrew Lundquist

    THANK YOU sir! That was exactly it. Semi-large multisite network so I had to write some code to crawl every site *_options to find where *_user_roles didn’t exist (or in my case where there was a mismatch in site IDs from migrations, restores, etc.). I had 3 sites out of sync. Fixed those entries in their *_options tables and voila! Problem resolved. Thanks again!

  • Andrew Lundquist

    Actually, sorry to bother, but just discovered a new issue. After getting the Roles and Permissions to successfully propagate out using the “Apply to All Sites” checkbox without any errors I noticed that some sites did not have the new Roles. After some brute force comparing, it looks like there is a hard line between site IDs. All sites in the first group of  roughly 200 sites seem to have the new roles. All site IDs above that do not seem to have the roles. Is there a loop limit somewhere that the newer sites are getting left out of “Apply to All Sites.” ? Thanks.

  • the sneaky bastards (hehe…). Thanks for looking into it… would love to keep using URE but doesn’t make sense to install both just for getting those roles into URE. Might need to switch for this one to Members.

  • Hi – just a quick note to say I’ll stay loyal to URE using your work around for Gravity Forms. The Members plugin allows for deleting the admin in certain settings…

  • Hello! This is Carl Hancock from the Gravity Forms team.  If you have any suggestions for how we can improve Gravity Forms to better support other role management plugins for WordPress we’d definitely be open to this.  

    When this functionality was initially implemented over 2 years ago we went with the Members plugin as it was the simplest most streamlined solution at the time.  But we are certainly interested in offering more broad support for other role management solutions.

    Feel free to contact me directly at carl at rocketgenius dot com and we can discuss this further.

    Thanks!

  • You are welcome! 🙂
    Thanks for the information.

  • Hello Carl,

    I sent message to your e-mail.
    Generally, the most universal way is to add plugin related
    capabilities directly to ‘administrator’ role during plugin
    installation, like some other plugins, e.g. ‘Download Monitor’ does.

    For example:


    global $wp_roles;

            if ( ! isset( $wp_roles ) )

                $wp_roles = new WP_Roles();  

        if (is_object($wp_roles)):

            $wp_roles->add_cap( 'administrator', 'user_can_config_downloads' );

    ...

    Regards,
    Vladimir.

  • Hi Jeff,

    For security reasons, in order to prevent any changes to admin user role and capabilities, I exclude all users with ‘administrator’ role from any WordPress user list queries.

    // exclude users with 'Administrator' role from users list
        add_action('pre_user_query', 'ure_exclude_superadmins');

    That’s why your editor doesn’t see admin in the users list to setup him as an author.

    Regards,
    Vladimir.

  • Thanks.

  • Paso70

    Perfect, I’m sorry but I’m not good with php and database …

    my names and roles are sautore bautore replace:%editor% with %bautore% and %sautore% ?

    Thanks and sorry for my ignorance…

  • If you wish to select both roles ‘sautore’ and ‘bautore’ simultaneously, then use this expression

    (meta_value like '%sautore%' or meta_value like '%bautore%')

  • Paso70

    thank you very much

  • Paso70

    sorry but does not work

    my script

     $sql = ‘SELECT DISTINCT post_author FROM ‘.$wpdb->posts. ” WHERE post_author NOT IN (SELECT user_id FROM “.$wpdb->usermeta.” where meta_key='”.$wpdb->prefix.”_capabilities’ and  meta_value like ‘%amministratore%’ or meta_value like ‘%editore%’ or meta_value like ‘%sottoscrittore%’ or meta_value like ‘%hotel%’ or meta_value like ‘%appartamenti%’ or meta_value like ‘%shopping%’ or meta_value like ‘%spiagge%’ or meta_value like ‘%gusto%’ or meta_value like ‘%residencealberghieri%’ or meta_value like ‘%campeggi%’) ORDER BY post_author ASC”;

    $authors = $wpdb->get_results($sql);
    if($authors):
      foreach($authors as $author):

  • it’s critical to insert round brackets as I wrote earlier, e.g.
    where meta_key='".$wpdb->prefix."_capabilities' and  (meta_value like
    '%amministratore%' or meta_value like '%editore%' or meta_value like
    '%sottoscrittore%' or meta_value like '%hotel%' or meta_value like
    '%appartamenti%' or meta_value like '%shopping%' or meta_value like
    '%spiagge%' or meta_value like '%gusto%' or meta_value like
    '%residencealberghieri%' or meta_value like '%campeggi%'))

    Why do you not use “Reply” button to put our conversation in one flow?

  • Paso70

    ok sorry,
    but does not work makes me see all the authors of all roles
    $sql = ‘SELECT DISTINCT post_author FROM ‘.$wpdb->posts. ” WHERE post_author NOT IN (SELECT user_id FROM “.$wpdb->usermeta.”  where meta_key='”.$wpdb->prefix.”_capabilities’ and  (meta_value like  ‘%amministratore%’ or meta_value like ‘%editore%’ or meta_value like  ‘%sottoscrittore%’ or meta_value like ‘%hotel%’ or meta_value like  ‘%appartamenti%’ or meta_value like ‘%shopping%’ or meta_value like  ‘%spiagge%’ or meta_value like ‘%gusto%’ or meta_value like  ‘%residencealberghieri%’ or meta_value like ‘%campeggi%’)) ORDER BY post_author ASC”; $authors = $wpdb->get_results($sql); if($authors):   foreach($authors as $author):

  • Check, what second query 

    SELECT user_id FROM ".$wpdb->usermeta."  where meta_key='".$wpdb->prefix."_capabilities' and  (meta_value like  '%amministratore%' or meta_value like '%editore%' or meta_value like  '%sottoscrittore%' or meta_value like '%hotel%' or meta_value like  '%appartamenti%' or meta_value like '%shopping%' or meta_value like  '%spiagge%' or meta_value like '%gusto%' or meta_value like  '%residencealberghieri%' or meta_value like '%campeggi%')

    returns. If you get empty result then possible issue is translation.
    I suspect that WordPress roles internal names are not translated and ‘administrator’ is ‘administrator’, ‘editor’ is ‘editor’, etc…
    If you still have problem feel free to send me (vladimir at shinephp dot com) data exported from your usermeta table. I will check what is your problem.

  • There was an extra ‘_’ at SQL command above.
    $wpdb->prefix contains ‘_’ symbol already. So we should use
    meta_key='”.$wpdb->prefix.”capabilities’
    there instead.

  • Arnaud_ledevehat

    Great Plug-in !!WOW!
    Quick questions
    1) how can I hide in the theme, menus and background (and keep only header, widget).
    the checkbox “edit theme options” is all or nothing and show/hide all the apperance choices.
    2) how can i hide “comments”
    3) how can i hide “tools”
    4) how can i hide “options”

    Great Job again & happy New year 2012.Arnaud_

  • Hi Arnaud,
    happy New 2012 year to you too!

    1) URE plugin will not help you with it, as you noted already – there is not capability to block ‘Appearance’ submenu items separately.

    1,2,3,4: Look at
    http://www.shinephp.com/how-to-block-wordpress-admin-menu-item/
    and
    http://www.shinephp.com/wordpress-admin-menu-permissions/
    posts. That info should help you to get right direction whether you just exclude from role some capabilities or write a piece of code to block menu item directly.

  • gunness

    Hello, 

    I’am running a WordPress Multisite installation.

    With your PlugIn, I could give a second user (role:editor) the chance to update the core. But only as a Super-Admin of the Blog Network, I see the WordPress advice to update to the next Version (it is on top of the backend yellow color deposited .

    Is it possible to change this, so that both users (editor AND Super-Admin of the Blog Network) could see the advice AND update the site?

    Thank you for your help!

    gunness

  • Hello Gunnes,

    I think, No. But if you trust this user much enough, as your are ready to give him/her chance to install critical update for your blog (before update you need to make backup copy of database and files), you can delegate him superadmin rights, maybe temporaly. Open this user record for edit at Network Center and turn on checkbox “Grant this user super admin privileges for the Network.”. That’s it.

    Regards,
    Vladimir.

  • gunness

    Hello Vladimir,

    thanks for your answer. I think about delegate superadmin rights…

    Regards,

    gunness

  • Hello Angelia,

    Thanks for the feature request. I will think how to realize it with minimal drawback in relation to possible security issues.

    Cheers,
    Vladimir.

  • Angelia

     Excellent 😉

  • Merchantnation

    hello I have a user role that I want to add a new capability to…the ability is to access, create and edit a plugin.  How do I add this feature via the “new capability”

    I have already created the new capability in name and it shows in the checkbox, but I’m guessing I have to add some code to define what the capability can do???

  • Hello,

    Look on this post 
    http://www.shinephp.com/wordpress-admin-menu-permissions/
    Probably you can resolve your task with standard WordPress capabilities, e.g. activate-, install- and edit_plugins. 

    Please be aware that right to edit plugins gives user ability to execute any PHP code at your site.  If someone can execute PHP code, it doesn’t matter what rights or role he has in your blog, he can get administrator rights in minutes, as via PHP he has direct access to your WordPress MySQL database and can rewrite password and role for any user.

    If case you decide to use new added capability, you have a right guess, additinal piece of code needed. Look on the code example in this post
    http://www.shinephp.com/user-role-editor-wordpress-plugin/
    just after words “How to use new added user capability?”.

  • D3signr

    Hi,

    Great plugin!!! I only have 1 question. For a client I use the plugin “Fancy Gallery”. When I give my client the role of editor, it doesn’t show up. (only shows when i give him the super-admin (wpmu) role.How can I make this appear in the dashboard menu?

    Thx!

  • Hi,
    thanks. I will try to help. Please send direct link to the plugin package as you download it from wordpress.org. Search by keywords “fancy gallery” returns a lot of different plugins, and I don’t know what plugin do you use.

  • D3signr

    Hi,

    I bought one from CodeCanyon http://codecanyon.net/item/fancy-gallery-wordpress-plugin/400535.

    If you need any files, tell me and i’ll send them to you. Would be so nice to have this working!

    Many thanks for helping!

  • Generally user capability, who can use plugin, is coded in the main file with the same name as the plugin. You may send 1st that only file to me (vladimir [at-sign] shinephp.com) or the whole package at once. I will check, what does it require.

  • OK. I’ve got your message. “Radycal Fancy Gallery” plugin requires that user have “manage_options” capability in order to use this plugin without limits. So just add “manage_options” capability to the user or special role, which you create for your user on the base of the “Editor” role. Yes, it will be extended role, and such user will be capable to change settings of your blog and other plugins.

  • There is no conflict here. WordPress works with comments moderation this way: in order to moderate comments for post or page user should be capable to edit this post or page. Thus he should have edit_posts or even edit_other_posts capability.
    If you wish more detailed information, read this posthttp://www.shinephp.com/limit-comments-moderation/

  • Hello Alex.
    I do not see edit_other_posts in the capabilities lists above. I suppose this is the reason of your problem, as built-in WP Editor role gives user ability to edit images at the Media gallery.

  • Alex

    Hi Vladimair, Thanks for your reply. I have added “edit_other_posts” but unfortunately this has not solved the problem. I still cannot edit images in the library or add menu items.

  • Alex

    Update, on further testing you edit images that have been uploaded by that user although not uploads by a higher lever user. You cannot add menu items for pages created by any user.

  • Alex

    OK all sorted now. It seems you need to add ‘add, edit, delete posts/others posts’ as images are classed as posts. I now can edit posts and add menu items. Thanks for pointing me in the right direction. Love the plugin!

  • OK. Thanks. I’m glad that I could help you.

  • Check ‘edit_published_post’ too.

  • Notpoppy

    Thanks again for your help!

    OK I’ve done that and this is a step forward in that the Moderator can now edit comments, unapprove them, move them to spam or trash and so on.

    However – as might be expected – they can also make edits to articles, which I don’t want them to be able to do. Can I remove this ability by switching off other permissions?

    At the moment the following are enabled for the ‘Moderator’ I’ve created:

    browse_deleted
    change_password
    close_topics
    delete_posts
    delete_topics
    edit_closed
    edit_deleted
    edit_favourites
    edit_others_posts
    edit_others_tags
    edit_others_topics
    edit_posts
    edit_profile
    edit_published_posts
    edit_tags
    edit_topics
    ignore_edit_lock
    manage_tags
    moderate
    moderate_comments
    move_topics
    participate
    read
    stick_topics
    throttle
    view_by_ip
    write_posts
    write_topics

    On reflection it seems there might be quite a few of those permissions I need to disable but it would be useful to first know how to achieve this combination of allowing the ‘Moderator’ to moderate comments but not make alterations to articles.

  • This is current behavior of WordPress security system: user can moderate comments for the post, if he/she can edit this post. It could be changed with some tricks via special plugin probably (I saw somewhere the idea using comments actions add to the user edit_post capability on the fly before and remove it after building comments page, but I didn’t check if it’s really possible), but nothing could be done with this just excluding standard user capabilities.

  • Melissa

    When clicking “MEDIA” it gives my Editors & Author access to deleting thousands of photos permanently.  Is there a way to prevent this role from having access to deleting media?

    Thank you so much for creating this plug-in.  It’s incredible! 

  • Leewper

    great plugin, is it possible to create a role name with two letter?

  • Thanks. Yes, it’s possible to create a role name with two letters, one letter and one digit, etc.

  • Thanks for the good words about URE plugin.

    Author can edit/delete only media uploaded himself, please check.
    Editor can make whatever he want with any content. So this rights should be given only trusted persons.
    In order to delete something from media libraty, in addition to ‘upload_files’ capability user should have ‘delete_posts’ capability. Try to exclude post deletion related capabilities from the editor role. It could help.

  • Notpoppy

    That’s a pity. I hope they change that in a future version. Anyway, thanks very much for your help I really appreciate it.

  • P Cather

    Thanks for this help.  It worked in that my Editor can now see the section and can see slideshow that I want her to be editing.  She can upload a new slide but when she tries to update the new slide she gets an error message that just says “Cheatin’ uh!”

    Got any ideas?  Thanks

  • Look on the link, after click on which you see “Cheting uh”. Open that file in editor. Find ‘cheatin uh’ string and see, what capability is checked in code before this output. Or send that link here.

  • P Cather

    Here’s what I found.  Please let me know if you need more.

    function rvy_options( $sitewide = false, $customize_defaults = false ) {

    if ( ! current_user_can( ‘manage_options’ ) || ( $sitewide && ! is_super_admin() ) )
        wp_die(__awp(‘Cheatin’ uh?’));

    if ( $sitewide )
        $customize_defaults = false;    // this is intended only for storing custom default values for site-specific options

    $ui = new RvyOptionUI( $sitewide, $customize_defaults );
       
    rvy_refresh_default_options();

    $ui->all_options = array();

    $ui->tab_captions = array( ‘features’ => __( ‘Features’, ‘revisionary’ ), ‘optscope’ => __( ‘Option Scope’, ‘revisionary’ ) );

    $ui->section_captions = array(
        ‘features’ => array(
            ‘role_definition’ => __(‘Role Definition’, ‘revisionary’),
            ‘revisions’        => __(‘Revisions’, ‘revisionary’),
            ‘notification’    => __(‘Email Notification’, ‘revisionary’)
        )
    );

  • From this code fragment I see that they check ‘manage_options’ capability. Do you have it in your editor role?

  • P Cather

    No it doesn’t and I don’t want the Editor to have that capability.  I started thinking that this options file is from a totally different plugin from the slideshow one. I went into the slideshow php and saw that the form was calling for an action called options.php. It was showhow getting confused with the  options.php from a different plugin in a different folder.

    I renamed this to options2.php.  So far this seems to have fixed it.  Wouldn’t have found it without looking at the code you suggested. Thanks.

  • Bert

    All users also only with read access can list users, what’s wrong.

  • User with read access (‘read’ capability included only as role “Subscriber”) can see his own profile only.
    Do you created new role or changed existing one? Check what other capabilities are included to such role, that your “read only” users can see users list.
    Please give more details.

  • Bert

    Has not created a new role but has “Subscriber” and “read” but get up “all users” as it is possible to list and “profile”
    Översatt med google

  • Jamie

    Hello Vladimir,

    Thank you for our plugin, it’s great!

    I have one question. I also use the “Custom Post Widget” plugin see (http://wordpress.org/extend/plugins/custom-post-widget/).

    Now i want that some of my users from my website can use it. How can i make this plugin work in the User Role Editor? I having trouble making a new capability, i don’t know what to do to make this plugin work. I think i have to activate the menu item “Content blocks”, but dont know how…

    I hope you can help me.

    Kind regards,
    Jamie

  • According to your screenshot I see that user has much more permissions, than standard Subscriber user. Subscriber has the only “Profile” menu item.

    Please check if this user has the Subcriber role assigned to him or some other one, look at his profile. Check what capabilities are really included into role this user has. Screenshots will be useful.
    If you installed user Role Editor and edit user capabilities directly, check what capabilities were added to this users beyond the role. Find him at the users list and click “Capabilities” link.
    If you still have questions please show screenshots from user profile, role assigned to him, capabilities of this user. I will try to help.

  • Hello Jamie,

    Thanks. If you place widget to the widget area yourself and select content block post there youself, then it’s enough to give user “Editor” role. “Custom post widget” author didn’t add new capability for his custom post type and uses standart post edit capabilities for it.
    If you wish that user can select content block post inside widget, he need to have ‘edit_theme_options’ capability in addition to access the “Appearance->Widgets” menu.

    Regards,
    Vladimir.

  • Ron

    Brilliant – very nearly perfect for what I need. We are a school and I have created roles for the teachers to be able to create posts, but those posts must be moderated first.

    I am trying to do the same for the children, but my problem is we have installed a calendar plugin. The calendar plugin shows up as an entry on the dashboard which seems to be available to everyone who logs in. Is there a way I can use your plugin to hide other plug in’s to specific user groups?

  • Thanks.
    Look at calendar plugin source code. Usually in main file plugin defines its menu calling this function add_menu_page(). Search for this name or for string ‘Calendar’ in case plugin uses some alternative function to register its menu. This function hase 3rd parameter – user capability, which allows user to see this menu. Exclude it from your role or edit plugin code to use some other (may be your own) capability, on your choice.

  • Ron

    Thanks Vladimir

    I am very new to this type of work. I can follow what you are saying, but in practice I am stuck. The plugin does not seem to use add_menu_page()

    The only thing I can find similar is below. I have tried adding capabilites of “cgm_calendar” and “cgm_calendar_ap” and “cgm_event_calendar” but they don’t work

    Any more suggestions? I suppose I should ask the calendar plugin developer

    //Initialize the admin panelif (!function_exists(“cgm_calendar_ap”)) { function cgm_calendar_ap() {  global $cgm_calendar;  if (!isset($cgm_calendar)) {   return;  }  add_options_page(‘CGM Calendar’, ‘CGM Calendar’, 9, basename(__FILE__), array(&$cgm_calendar, ‘print_settings_page’));    add_object_page(__(“Calendar”, ‘cgm_event_calendar’), __(“Calendar”, ‘cgm_event_calendar’), “edit_posts”, plugin_basename(__FILE__), array(&$cgm_calendar, ‘display_entries’), plugins_url(‘images/icon.gif’, __FILE__));  add_submenu_page(__FILE__, __(“Edit Events”, ‘cgm_event_calendar’), __(“Edit”, ‘cgm_event_calendar’), “edit_posts”, plugin_basename(__FILE__), array(&$cgm_calendar, ‘display_entries’));  add_submenu_page(__FILE__, __(“Manage Event”, ‘cgm_event_calendar’), __(“Add Event”, ‘cgm_event_calendar’), “edit_posts”, ‘cgm_calendar_edit’, array(&$cgm_calendar, ‘edit_entry’));  add_submenu_page(__FILE__, __(“Categories”, ‘cgm_event_calendar’), __(“Categories”, ‘cgm_event_calendar’), “edit_posts”, ‘cgm_calendar_categories’, array(&$cgm_calendar, ‘display_categories’));  add_submenu_page(__FILE__, __(“Manage Category”, ‘cgm_event_calendar’), __(“Add Category”, ‘cgm_event_calendar’), “edit_posts”, ‘cgm_calendar_category’, array(&$cgm_calendar, ‘edit_category’));   }}
    if (!function_exists(“cgm_event_calendar”)) { function cgm_event_calendar() {  global $cgm_calendar;  echo $cgm_calendar->set_up_calendar(); }}
    if (!function_exists(“cgm_list_upcoming_events”)) { function cgm_list_upcoming_events($atts) {  global $cgm_calendar;  echo $cgm_calendar->list_upcoming_events($atts); }}

  • You found write code fragment.
    As I can see, ‘Calendar’ menu item and its submenu items are linked to the ‘edit_posts’ user capability.

  • Ron

    Oh dear – that means that I cannot separate it out. I need them to be able add / edit posts, but not the calendar. Thanks for your help anyway

  • You may create capability ‘use_calendar’ and change ‘edit_posts’ in the code above to ‘use_calendar’. Give ‘use_calendar’ to roles need calendar except ‘Pupil’… Just do not forget yourself, that calendar needs ‘edit_posts’ capability anyway.

  • Ron

    What a star you are. That worked perfectly. My only small problem now is that the pupils who now can add posts, but no edit the calendar seem to have the ability to moderate comments. You have done a blog on this which I read and it seems that there is nothing we can do about that – so we just have to hope the pupils are sensible

    Many, many thanks for your help

  • Could it be, that the version is wrong? It’s published as 3.4, but the newest version seems to be 3.3.4

  • Jessica

    Can I use this plugin to allow an admin to access editing of one page only? (I would like to have 5 pages, each with one user who can edit only that page and be able to edit all pages myself as admin).

    Thank you!

  • May be.
    But generally, I change 3rd number in case of bug fix and if translation was added.
    I consider the latest release as the functional extension, that’s why i changed the 2nd number in the version.

  • Try this:
    – create new role with capabilities: edit_page, edit_published_pages, read, upload files.
    – assign it to your users.
    – set users as authors for every page (user 1 as author for page 1, etc.).
    This way user can edit the only page, where he is the author.

    He can create new pages also. But as he can not publish them, public will not see them, and you as admin can talk with such user about wrong behavior.

  • Jessica

    Haha! I like your last sentence!

    Thank you so much! This seems to be working perfectly for me! I really appreciate what you’ve done here. I’ll be sending a donation soon!

  • Ups! I understood what did you mean ;). That was a typo in the “Change Log” information. I updated it to “3.4”. 
    Thanks.

  • Ah ok, i was just confused about the different version-specifications. 😉
    Thanks for this great plugin!

  • Bert

    The person has only read access. I have created him to be able to troubleshoot.I have uninstalled all add-ons except WP-Members ™ (http://butlerblog.com/wp-members/). See picture how it looks now.

  • Bert

    Downloaded a backup of both the website and database, and it seems to work. I am very grateful for all the time you spent to solve this but we’ll probably never know what was wrong.
     Thanks for a great addition.

     Bert

  • Logan F

    I’m trying to add a limited “Editor” Role, but I think I’ve found a bug. I copied the “Editor” roles into a new role named “EditorTest”. Then I remove “delete_others_pages ” and “delete_pages” and save. The account I applied it to now loses his ability to edit any pages other than his own and still has the ability to delete other users pages. After re-adding the above capabilities, there is no change in the user’s ability to edit other pages. Did I miss something? Thanks!

  • Thanks for the information. Good Luck!

  • Please attach (or send the link to) screenshots of new role you created and user profile with role, assigned to him, visible.

  • blue

    Hello, URE is correctly installed and activate but it doesn’t appears in the setting menu, what can I do ?

  • Hello,
    Look into “Users” menu.

  • blue

    Thank you for your answer, there’s no more option in the “users” menu as you can see on the screenshot attached

  • Is it multi-site installation? If Yes, check if plugin activated for this site of your network.

  • blue

    No it is a single-site installation, WordPress version is WordPress 3.1.2,PHP version is 4.4.1, MySQL version is 4.1.15 and theme activated is Suffusion 3.7.8, Web server is Microsoft IIS 6.0… It means to be ok to use URE ?

    As you can see in the screenshots attached, URE is activated for the single site but doesn’t appear neither in settings menu nor in users menu…

    I re-installed URE many times automaticaly and manually, result is always the same : no entry in menus…

  • blue

    Hello,

    after downgrading URE 3.4 to URE 2.1.10, it works fine ! Any idea ?

  • Thanks for detailed information.
    URE 3.4 comparing to 2.1.10 requires PHP 5, checks environment at start and stops in case of check failure. I didn’t tested it with PHP4 really, but assumed that it shows the message about incompatibility problem. It seems that you don’t see such message :(.
    You need to consider the update of your PHP and MySQL versions:
    http://wordpress.org/about/requirements/
    Otherwise you can not install the latest version of WordPress.

  • blue

    I confirm there was no incompatibility message, I will update PHP, MySql and WordPress and then try again URE 3.4.

    Thank you very much for helping

  • Sean Norton

    Hi, is there a way for me to allow a user to edit a published page without allowing them to publish the changes until the edits have been reviewed?

  • Find that user in the user list and look for the “Capabilities” link under his name. You can add new capabilities directly to this user their.

  • Look this short video, it should help:
    http://youtu.be/ytEldoENpdM

  • Sean Norton

    Thanks, Vladimir. Which file should I add this function to?

  • Put that code into your theme functions.php file.

  • No problem :), you are welcome.

  • Sean Norton

    That doesn’t seem to have worked. I edited the theme functions.php by adding

    function published_to_pending($post_id) {
    global $post;
    if(current_user_can('author') && $post->post_status=='publish'){
    remove_action('save_post','published_to_pending');
    //update the post, which calls save post again
    wp_update_post(array('ID'=> $post_id, 'post_status' =>'pending'));
    //re-hook this function   add_action('save_post','published_to_pending');
    }
    }
    
    add_action('save_post','published_to_pending');

    and cleared my cache, etc… the only thing that it appears to have done is remove the ‘Published on’ information. I made an edit to the page with a test account that does not have publish_page capability and was still able to make changes to the page and publish.

  • Please check last line inside function, is add_action() placed on the commented line? It should be placed on the new line without comment // sign.

  • Sean Norton

    Strange… there must be something prohibiting this from working. I’ve added the above code to my functions.php file for the theme and the only change that takes place in the page editor is that the “Published On” Information has been removed. My user has the following capabilities:

    delete_posts, edit_others_pages, edit_others_posts, edit_pages, edit_posts, edit_published_pages, read, upload_files
    
  • Please confirm or reject my guess:
    Code above work for the users with ‘author’ role only. Do you remember
    if (current_user_can('author') ... ?
    Has user, which you try, the ‘author’ role or may be someone with other name?

  • Sean Norton

    Ah, you’re right: I had created a custom user role based on Author but named something else. That fixed the “Submit for Review” issue and is now working as you demonstrated.

    However, even though the page is now in a “Pending” state, the changes are still getting published to the live page.

    Your assistance and patience are much appreciated, Vladimir.

  • You are welcome. About changes showing to the live page. As it could be useful for other WordPress users, I published this post with workaround for this issue:
    http://www.shinephp.com/wordpress-shows-unpublished-pages/

  • Anonymous

    Hello Vladimir. Again thank you for this plugin and for for adding the multi-site feature. Now that I am using WordPress 3.3, when trying to apply to all sites, it does finish all the way through. Have you come across this yet? If so, is there a fix? Thanks.

  • Hello,

    No, it is a first note about trouble with multi-site support for WP 3.3. Can you give me more details about what is going wrong?

    Regards,
    Vladimir.

  • Anonymous

    I created a screencast to better show what is happening. After it finishes, it comes back with a white area instead of showing the form again. Also, I should note that there are over 1100 blogs on this site: http://www.screencast-o-matic.com/watch/clnn2n4Vo

  • The last info about 1100 blogs in one network is critical. It seems that you just met PHP script execution timeout, that’s why you got empty page, and role change is applied to not all sites of course. There is not update for this problem for this moment.
    Thanks for the information about using URE plugin in so large environment.
    I will think, how to overcome this problem and publish update as it will be ready.

  • Hello,

    I love this plugin and been using it for sometime now, I hope you continue to work on it!

  • Hello,
    I confirm your hope. I will continue this work, and I’m open for suggestions how to enhance User Role Editor.

  • Francois

    Hello everyone,

    Great Job with  this plugin.

    Does anyone know a simple solution to manage the visibility of a plugin settings tab which has no custom capability coded ? I would like to keep using “User role editor” and not to switch to another plugin though.
    To be more precise, i need to show a plugin options tab while denying “manage-options” capability to a custom role. Which is the capability that seems to be driving the tab visibility …

    Any idea ? Thanks

  • Jeff

    Wow.  Combined with the BuddyPress Restrict Group Creation plugin (http://wordpress.org/extend/plugins/buddypress-restrict-group-creation/), this was exactly what I needed to allow only a specific s2Member level to have the ability to create BuddyPress Groups on a WordPress 3.3.1 and BuddyPress 1.5.3.1 installation.  Thanks!

  • Hello,
    Generally it’s impossible without modification of plugin code. In most cases main plugin file (it probably has the same name as plugin) contains function call, which creates its settings page or submenu, e.g.:
    add_options_page('Thank You Counter Button Settings', 'Thanks CB', 'edit_users', $base_name, 'thanks_options');    
    or
    add_submenu_page('users.php', __('User Role Editor'), __('User Role Editor'), 'edit_users', basename(__FILE__), 'ure_optionsPage');
    or
    add_menu_page('Some Plugin', 'Some Plugin', 'edit_users', 'some_plugin', 'options');

    In all examples above ‘edit_users’ is key capability, which manages user access to plugin menu. If plugin has separate submenu, you can change that capability to your custom created one editing plugin source code and you task is resolved. If plugin just added its menu item or submenu to the WordPress Settings or other submenu, your role should have capability which defines access to that submenu also. Thus, if you remove ‘manage_options’ capability from your role, the whole ‘Settings’ submenu will disappear from that user.

  • Hello Rod,

    I’m sure all users at multi-site environment have the similar situation. It’s not a bug it’s a feature. I make it to stay together with WordPress, which allows to edit user and change his role just for superadmin only.
    Thanks for showing me place where I should enhance URE interface, – hide ‘Settings’ link on the Plugins page if user is not superadmin.

    It will be better, possibly, to add special capability for URE itself, and let superadmin manage himself, whom he allows to use User Role Editor.
    What do you think?

  • Rod Potter

    Thanks for replying so quickly. That sounds like a great feature to me. You would want to hide the “Apply to All Sites” checkbox from regular site admins, I guess. As it is now, non-superadmins should not be able to activate the plugin since they can’t use it.

    Would it be easier to just allow regular admins to activate and use safe URE functions for their own site? Or are there other security implications?

  • Thanks. That’s really shoud be fixed.

    Regular admin or single site admin can select other role for user of his site. Why do not allow him to create new or edit existing roles of his site only?
    I don’t see the reason why I should prohibit it.
    I think, I will add this feature. But it will not be active by default. Site admin should activate it himself (if needed) placing special constant into wp-config.php
    What do you think? Is it suitable for you?

  • Francois

     Thanks Vladimir ! Very clear answer. I will try this, since the plugin has his separate sub-menu in Wp admin.

  • Rod Potter

    Hi Vladimir — your idea to make this feature settable in wp-config is perfect. It would definitely work on our site and I’m sure it would be useful for a lot of multi-site installs.

  • Hi there,

    I need to add the capability to add/edit/remove tags to a specific role, however I can’t work out how to. I created new capabilities (edit_tags. manage_tags and edit_other_tags) and added these to the role, however the tag area doesnt appear for those users with the role.

    Is there something Im missing?

    Thanks, Adam

  • never mind, solved it… the capability needed is “manage_categories “

  • Vladimir, I enjoy your plugin. Thank you so much for it. I’m having trouble limiting post categories to specific users. For example, I’d like a user role to ONLY post to a certain category (not able to post to other categories). Is this possible with User Role Editor?

  • Hello Chris,

    I made special post to help you and possibly other readers to limit post categories for specific role.
    Please look at
    http://www.shinephp.com/block-posting-to-selected-categories/

  •  Please try version 3.5 with additional configuration parameter (look inot FAQ or changelog) and let me know, how it works for you.

  • Please try version 3.5 with alternative method for multi-site network update. Look into FAQ or ChangeLog for version 3.5 to know how to configure it. It would be great to know, if it will help you or not.

  • meanbiz

    Hello Vladimir,
    I found URE after long way to search a right plugin for my site. I believe it would meet all my needs and am grateful for you.

    What I need for my site is to let a new role(I named it as ‘writer’) to publish posts ONLY while all other capabilities are hidden to it. However, there is a ‘portfolio’ menu in my theme and as I turned on ‘edit_posts’ capability at the setting, ‘portfolios’ menu appears on dash board as well as ‘writing posts’ menu. And as I turn off ‘edit_posts’ capability, even if ‘publish_posts’ capability is still remained on, both of ‘portfolios’ and ‘writing posts’ menu at dash board get disappeared.
    I was wondering how if I could separate posts and portfolio and let only posts appeares at dash board for a specified role.

    Thank you in advance.

    Best regards,
    Eugene

  • Rod Potter

    Thanks Vladimir — your latest version works perfectly.

  • Excellent!
    Thanks for the information. Your feedback is valuable for me.

  • Jim Burke

    Hi,

    Let me congratulate you on developing an excellent and very usable plugin. Very useful functionality.
    However, there is one area where I would like to see it extended, that of multiple roles per user.
    I have a requirement where I want to put a specific user into more than one role.
    Is this functionality in the pipeline ?

    Many thanks,
    jim Burke

  • Webnik

    Hi Vladimir, Firstly thanks for an excellent plugin.  This is the first time I’ve ever had a problem using it.  I’m trying to update all 1500 sites on a multisite network with a change to my author role capabilities and I get the following error (real domain name removed):

    Fatal error: Allowed memory size of 268435456 bytes exhausted (tried to allocate 40 bytes) in /var/sites/p/mydomain.co.uk/public_html/wp-includes/meta.php on line 567

    It’s not timing out but running out of memory, so will your secondary method of putting an extra line of code into wp-config actually help?  Or will that method give me the same problem?  I’ve tried various methods to increase my memory limit to 512mb temporarily but I get the same error back every time.

    How do you suggest I proceed?  As it stands my users can’t delete files from their media library and I am unable to apply the correct permissions to all sites.

    Thanks, Nik

  • Xander

    Hi Vladimir,
    Very nice plugin!

    I would like to let my “users” see, edit and manage POSTS.
    But this has to work within the dashboard/backend of WordPress. 

    I am using the Jobroller theme from Appthemes.
    If I set the “Manage Options” to “Yes” (read: turned on) they will see the Options menu which can be only accessed as you are an Administrator.

    I only wish to see that the Options menu, the extra and the pluginstab can not been seen by this particular user.

    See my attachment for what the capabilities are of this user.

    I hope you’ll understand what I am saying.

    Thanks in advance.
    Greetings,
    Xander

  • Hello Eugene,

    In this case you can change capability your theme uses for menu ‘portfolios’.
    Is your theme free? If you send me the its download link, I can help you to find what capability it uses.

    Regards,
    Vladimir.

  • Hi Jim,

    No, I did not think about such feature for this moment. While you can achieve similar effect with couple of other ways, it may have sense to realize as additional functionality in one of future versions. Thank you for the idea.

    Regards,
    Vladimir.

  • Hi Nik,

    Thanks for the information. It’s interesting to know, that URE is used on such huge WordPress network. 
    I suppose that secondary method could help you. I didn’t trace WordPress code thoroughly, but out of memory error (you mentioned) is occurred during WP internal data caching. As recently implemented (especially for large networks) direct database update method don’t uses WP API as wide as 1st method does, it should not need so large memory amount. Please, let me know the result, if you make your try with secondary method configured. 

    Regards,
    Vladimir.

  • Hi Xander,

    ‘manage_options’ capability is used especially to work with themes options and there is no need to turn it on in order to add/edit/delete/publish posts. Try to leave post related capabilities for that user. You can start from the author role for that, excluding pages related capabilities from it.

    Regards,
    Vladimir.

  • Webnik

    Thanks so much for the quick reply.  URE is the best way I’ve found of tweaking permissions for a simple Multisite network without getting into the world of Buddypress etc, which is more complicated than I need.

    For what it’s worth I’ve now upped my memory to 512mb but it still ran out of memory.  I’ll set the network up on another domain and give it a shot before trying it on the real thing, but at least I know the secondary method might work for me now.  I’ll let you know either way.

  • Webnik

    Hi Vladimir,

    I added define(‘URE_MULTISITE_DIRECT_UPDATE’, 1); on the last line of my wp-config.php file (on a backup copy on a different domain!) of my large multisite and nothing has happened. Could you provide some more detail on exactly how to use this method please?

    Here’s what I did:
    1. Picked a site at random
    2. Set the specific permissions for the Author role on that site
    3. ‘Apply to all’ did not work so I added the line to bottom of wp-config.php
    4. Refreshed the network home page and picked another site at random – the Author role had not been changed.

    Please help – this is a big problem and I think URE is my only hope!

    Thanks,
    Nik

  • Webnik

    Sorry, I think I was being a little bit stupid.  I’ve now realised you need to then go back in and click ‘Apply to all’ ….. and the good news is it seems to have worked perfectly!!  And extremely quickly!  I’m going to try it on my live site tomorrow.  I’m so grateful for you developing this plugin – if you’d like some help writing additional documentation/user guides I will happily do so because I owe you big time!

    Nik

  • Hi Nik,

    Thanks a lot for the information about your positive testing results of “User Role Editor” on so large WordPress network. It’s a really big contribution, as my test environment has not so huge sites quant in the network and so large database. 
    If you have ideas, what content should be added to this URE’s page to make it better, I’m open for that. If you publish review about URE somewhere else , I appreciate it.

    Regards,
    Vladimir.

  • Jim

    Vladimir, 

    I installed this on my Multisite network, didnt network install it but activated in my root site.  I edited the editor user and hit UPDATE… each time I come back to editor, there are no changes saved….

    What am I doing wrong?

  • Webnik

    Hi Vladimir, I’ve just run the Apply to All on my live multisite and it seems to have worked flawlessly.  Superb work.

    I think some instructions on how to use URE for multisite would be really helpful – a lot of users will expect a ‘network settings’ screen and not realise they need to go into an individual site’s Users menu in order to make network-wide changes.  For the secondary method, a couple of sentences explaining that after adding the line to wp-config.php they need to go back into the site they set up the role on and click Apply to All again would make it clearer how to implement that method.

    Thanks again,
    Nik

  • Hi Jim,

    I could not repeat such situation on my test multi-site WP network. If it’s possible, please send me step by step description what are you doing.

  • Hi Nik,

    Good news again! Thanks.
    Agree. I will revise instructions according to your suggestions.

  • Jacamo

    I Installed the plugin and it works great, thanks to all you guys. I do have one niggle that I hope you can help with. I want to create user roles that have spaces in their names. How can I do this.

    Thanks

  • Thanks to you for good words and using this plugin.
    You can use ‘word1_word2’ scheme only with “User Role Editor”. Plugin has built-in name validation rool, so as you mentioned spaces are not allowed inside role names. May be it is artificial requirement as WordPress itself has no such limitation. But as a programmer myself, I decided to setup it for role names as it’s done for identifiers in programming languages.

  • Thanks, Xavier.

  • laxadmin

    Hello! we are a youth sports org and we want to give access to coaches just to edir thier team page and nothing else can we get that granular for user rights with this plug in.

  •  Hi!
    No, this plugin could help you manage your blog user roles. But it doesn’t manage access to your blog posts or pages. Some additional coding is needed for that. Or try other plugins, which could restrict access to the content on the roles basis, e.g. “Role Scoper”.

  • Missloo

    Hi Vladimir ! Thank you very much for your excellent and very useful plugin. With its help we’ve created a new custom user role. This new user is able to add/delete new users. It appears that the user role editor menu is shown in the users menu even if this new user doesn’t get the right to access to it.
    How can we make it user role editor disappear from there ?
    Thanks

  • Hi!
    Currently URE has not own capability to check if show/hide its menu item. It uses ‘edit_users’ capability for single site configuration and ‘manage_network_users” for multiple sites network configuration. If you configured URE_ENABLE_SIMPLE_ADMIN_FOR_MULTISITE parameter in your blog wp-config.php file, then it uses ‘add_user’ capability.
    You can add your own capability and insert it into URE code: user_role_editor.php file, function ure_settings_menu(), line # 228.

  • I am having the same issue.

  • I need to repeat problem in order to fix it. Can you please to describe in details what do you do?

  • I just installed the plugin, made some changes to the contributor role, saved. it said successful but when going back to view the role, none of the changes had saved.

  • What WordPress version is running on your site?
    Is your WordPress configured as multi-site network or just single blog?

  • Os

    Hello
    I want users can post but not modify after they have posted.
    What is the setting for it?

    I tried  ‘edit_posts’ on and ‘edit_published_posts’ off.
    By this setting, the user can post but I can’t see it except the title.
    There is no contents in custom fields.

    Please advise.

  • Hello, read about my little test:
    I created a new role as copy of the ‘Author’ role, removed ‘delete_published_posts’, ‘edit_published_posts’, added ‘publish_posts’ capability, assigned it to user. This way user can add new post, edit it, while it’s not published, publish it. Since post is published user can not modify it as you wish, so he can see its content just from front-end. It’s valid behavior, WordPress blocked post editor for published posts according to this user role.
    Other users who have ‘edit_published_posts’ capability still see all post attributes including custom fields values.

  • Os

    Thank you for your reply.

    How about with the Custom Post Type?

    I followed the way you showed me, I didn’t work.
    I can’t see its content even from front-end.

  • Check if your custom post type has its own custom capability defined. Generally, if custom capability is not defined, then default ‘post’, e.g. ‘edit_posts’, ‘publish_posts’ is used. But in case it is defined something like ‘edit_notes’, ‘publish_notes’, you should check those custom capabilities instead of default.

  • Os

    I use Custom Post Type UI plugin.
    It seems to have no setting to define capabilities.

    Is there anything should I do?

    Thank you for taking your time for me. 

  •  Show screen-shot of your self-made role. I will try to reproduce your situation at my test site.

  • NONBOX

    I’m getting the error “Only Administrator is allowed to use User Role Editor” when I try and access the settings. I am Super Administrator, and used to be able to access the settings. How can I get in and make changes now?

  • ‘Superadministrator’ is a term for multi-site WordPress installation. As you got ‘Only Administrator’ not ‘Only SuperAdministrator’ in error message from URE, I got conclusion that your blog is configured as single site.
    For single site WordPress URE checks if current user has ‘administrator’ role. If he has not, he get the error message you mentioned above.

  • None of the changes I make to any role are taking anymore. After I hit Update, it says it’s made the changes, but if I go to another role, then come back, all the old settings are still there. What could be going wrong? I am the administrator of the site. http://www.humortimes.com

  • I did a database repair & optimization, and that seemed to fix previously edited roles. But when I tried to change another role, and came back to it, the plugin did not show any changes again. I had to repair & optimize again for the changes to show in the plugin. This is pretty frustrating.

  • Updates are in DB, but you don’t see them in WP back-end via URE page, right?

    Just the guess: Do you use any caching plugin, which could cache your database requests from admin back-end too?

  • I use WT3 Cache, but I don’t have any problem like that on the backend for any other plugins. Also, I’m pretty sure I had made some of these changes months ago (and had just assumed they had taken, but didn’t check), and when I recently checked, they had not been changed. No cache would hold that info that long, obviously.

    I will test again, to make sure, and flush the cache after I make changes, to see if they then show.

  • Make backup copy of your WordPress database in order to be capable restore in case of accident. Then try to press ‘Reset’ button at URE page. It should restore your WP roles into state before you started experiments with URE.

  • Joanna Cook

     One of my clients had deleted the admin account in the roles plugin. Is there a way to restore this?

  • Telmi

    Добрый день.
    У меня на сайте кроме стандартных статей и страниц есть еще и пользовательский тип записей. Как настроить роль так, чтобы она могла редактировать ТОЛЬКО этот тип данных?

  • День добрый.
    В настройках пользовательского типа записей должна быть возможность указать специальное разрешение для этого типа вместо ‘edit_posts’ по-умолчанию. Тогда останется включить в новую роль вместо edit_posts, к примеру, edit_your_custom_posts и т.д.

  • Telmi

    Я заказывала плагин и он реализован через пользовательский тип данных, а вы не знаете как и где указать специальное разрешение для этого типа?

  • Лучше всего уточнить у автора плагина. Если это по каким-то причинам невозможно, то где-то в исходном коде плагина должна вызываться функция register_post_type()
    Этой функции в качестве параметра передаётся массив аргументов, среди которых есть параметр c именем ‘capability_type’. Если не используется специальное разрешение, то значение параметра скорее всего ‘post’. Если вместо ‘post’ указать ‘video’, то в роль нужно будет добавить разрешения ‘edit_videos’ и т.п., в полной аналогии с ‘edit_posts’, ‘delete_posts’, ‘publish_posts’ и т.д.

  • Telmi

    Вот код

     $args = array (
                      ‘public’ => true,
                      ‘labels’ => array(‘name’ => ‘Вопросы’, ‘singular_name’ => ‘Вопрос’, ‘add_new’ => ‘Добавить вопрос’),
                      ‘show_in_menu’ => true,
                      ‘menu_icon’ => plugins_url(‘wp-wpdm-qa/images/icon.png’),
                      ‘query_var’ => true,
                      ‘rewrite’ => true,
                      ‘capability_type’ => ‘vo’
                      );

       register_post_type(‘question’, $args);

    Вот настройки плагина http://s1.ipicture.ru/uploads/20120507/mU4PeSv3.png

    но при этом недоступно редактирование и даже просмотр этого типа записей, выскакивает “Играешься, что ли?”. Доступно только вот что http://s1.ipicture.ru/uploads/20120507/mlwDXIP2.png

  • Такой комментарий я нашел в исходном коде WordPress:
    * The capability_type argument can optionally be registered as an array, with
     * the first value being singular and the second plural, e.g. array(‘story, ‘stories’)
     * Otherwise, an ‘s’ will be added to the value for the plural form.

    function get_post_type_capabilities( $args ) {
      if ( ! is_array( $args->capability_type ) ) $args->capability_type = array( $args->capability_type, $args->capability_type . 's' );
    ...

    Исходя из выше описанного, все разрешения (возможности)  для ваших “вопросов” должны иметь букву ‘s’ на конце. То есть не ‘edit_vo’, ‘edit_others_vo’, а ‘edit_vos’, ‘edit_others_vos’ и т.д. Попробуйте добавить вручную такие разрешения в вашу роль и проверить, получит ли после этого пользователь с такой ролью видеть и редактировать вопросы. Похоже разработчик плагина, не указав множественное число для разрешения ‘vo’,  и не добавив букву ‘s’ в конец автоматически используемого разрешения, допустил ошибку при программном добавлении разрешений для пользовательского типа записей – вопрос.

  • Telmi

    эту строку писал не разработчик, а я сама добавила (‘capability_type’ вообще не было).
    ‘capability_type’ => ‘vo’

    если я ее оставлю в таком виде и пропишу разрешения с ‘s’ на конце, то :

    настройки плагина выглядят так http://s2.ipicture.ru/uploads/20120508/WT4eoyi8.png

    а для пользователя почему-то недоступно редактирование записей этого типа http://s2.ipicture.ru/uploads/20120508/oaRKSojy.png

  • Возможно не все изменения в составе роли отразились на данном пользователе. На всякий случай попробуйте поменять ему роль в профиле, сохранить изменения, а потом опять вернуть роль “VoprosOtvet”.
    В роль VoprosOtvet входят и разрешения из стандартной роли “Редактор”. Значит цель разделить эти функции вы не ставите? Зачем тогда вводить специальные разрешения для записей типа “Вопрос”? Почему не использовать стандартную роль и разрешения по-умолчанию? Или это не сработало?

  • Info

    Hi
    I Love this plugin. I have a theme that has a section called Portfolio, Hoe do I use Add New Capacity to give an Editor the acces to publish, edit and delete Portfolios?
    Thanks

  • Telmi

    В роль “VoprosOtvet” входили разрешения из стандартной роли “Редактор”,
    т.к. параллельно ролью “VoprosOtvet” пользовался человек для работы с
    Вопросами-Ответами и без разрешений из роли редактора Вопросы нельзя
    редактировать (как я уже писала выше – не работают ‘edit_vos’,
    ‘edit_others_vos’)

    Эти роли мне НУЖНО разделить, мне нужна роль, которая сможет только редактировать Вопросы-Ответы. Даже без возможности их создавать и удалять можно.

    Теперь я создала тестовую роль для него, а в роли “VoprosOtvet” оставила вот что http://s1.ipicture.ru/uploads/20120515/Q7BYVG55.png

    Но если прописана строка                   ‘capability_type’ => ‘vo’

    то не только роль “VoprosOtvet” , но  даже пользователь – администратор
    не может создавать, редактировать этот тип записей (хотя для него я даже
    не вижу возможность отредактировать роль)

  • Hi, I’m looking to allow Editor roles access to what they normally have in WordPress accessibility.   However I’d like for them to have access to Menus (under Appearance) and Widgets (also under Appearance) and that’s it.  I’ve installed your plugin but don’t see those as options anywhere.  Can you advise on how I should go about doing this?  Thank you so much!

  • Hi,
    somewhere in  theme’s code function register_post_type() should be called.
    Among parameters of this function you will find ‘capability_type’. If it is not used or equal ‘post’, then custom post type ‘portfolio’ uses standard ‘post’ capability type. That is ‘edit_posts’, etc. Editor role should be capable to manage this post type already in that case.Check if theme author placed something like ‘portfolio’ there. Then you should add ‘edit_portfolios’, ‘delete_portfolios’, ‘publish_portfolios’, etc. to your Editor role.

    WordPress source code fragment for your reference:
    * The capability_type argument can optionally be registered as an array, with 
    * the first value being singular and the second plural, e.g. array('story, 'stories') 
    * Otherwise, an 's' will be added to the value for the plural form.
    function get_post_type_capabilities( $args ) {
      if ( ! is_array( $args->capability_type ) ) $args->capability_type = array( $args->capability_type, $args->capability_type . 's' );
    ...

  • Hi,
    edit_theme_options capability could help you. Read this post 
    http://www.shinephp.com/wordpress-admin-menu-permissions/

  • Скорее всего новые разрешения не активированы в роли “Администратор”.
    Если никто кроме вас не имеет доступа к User Role Editor, то можно вернуть роль “Администратор” в список доступных для изменения ролей. Для этого добавьте эту строчку  define(‘URE_SHOW_ADMIN_ROLE’, 1);
    в файл wp-config.php

    Попробуйте включить в роль “ВопросОтвет” все те же разрешения, что и в роли  “Редактор”, затем уберите те, что включают в себя ‘post’. Посмотрите, что получится. Сейчас роль у вас несколько урезана, например, в неё не входит ‘read’.

    Если успеха не добьётесь, можете выслать плагин мне на email. Свяжитесь со мной через форму @lynnvandyke:disqus Contact” этого сайта, я отвечу на вашу почту.

  • Telmi

    После добавления define(‘URE_SHOW_ADMIN_ROLE’, 1); –  посмотрела, у администратора все галочки есть.

    Создала новую роль из роли Редактора http://s2.ipicture.ru/uploads/20120518/DVSUgEs6.png  но все равно пользователь с этой ролью и Админ не может создать запись типа Вопрос_Ответ

    через форму   “Lynn VanDyke Contact” не могу вам даже написать – открывается окошко где нет поля для ввода текста, там только чьи-то комментарии.

    Если возможно – напишите мне на почту telmi(*)tut.by

  • Unfortunately, this plugin seems to be blocking users from using the Nextgen Public Uploader’s upload facility. In that plugin, you can set the minimum role to be able to use it. But in User Role Editor, there doesn’t seem to be a check box for it. 

  • It seems, that Nextgen Public Uploader allows to select existing role for some function. There is no need to show something special for that in User Role Editor. User Role Editor should be used to manage Roles, it doesn’t manage how other plugins use those roles.

  • Если мы используем для пользовательского типа записей разрешение, отличное от ‘post’ по-умолчанию, необходимо кроме названия разрешения добавлять параметр для автоматического отображения метаразрешений этого типа в базовые или придётся добавлять эти метаразрешения в роль напрямую

    $args = array (                  ‘public’ => true,                  ‘labels’ => array(‘name’ => ‘Вопросы’, ‘singular_name’ => ‘Вопрос’, ‘add_new’ => ‘Добавить вопрос’),                  ‘show_in_menu’ => true,                  ‘menu_icon’ => plugins_url(‘wp-wpdm-qa/images/icon.png’),                  ‘query_var’ => true,                  ‘rewrite’ => true,                  ‘capability_type’ => ‘vo’,
    ‘map_meta_cap’ => true                  );
    Речь идет об используемых WordPress неявно так называемых метаразрешения типа ‘edit_post’, которое автоматически отображается в ‘edit_posts’ и т.п.

  • Sabrina

    Hi,

    i have add a user role called Bedrijf but now i want to delete it but it doesn’t show up in the delete user role section.

  • Hi,

    If even one user exists with this role assigned, you can not delete such role. Go through users list, reassign those users another role and return to URE in order to delete unneeded role then. You will find it in the roles list for deletion, I’m sure.

  • Sabrina

    Hi,

    when the register form is being filled in by a user and they select Bedrijf or Student.  the role section in wp-admin / users / all users is emty (geen) how can i fix that?

  • Leewper

    Hi,

    How I can add a role name with two words? such as “Super Moderator”

    Thanks

  •  It is not possible with URE. You can use underscrore, e.g. ‘Super_Moderator’, if it’s applicapable.

  • Is role selected still shown in user profile?

  • Sabrina

    Yes in the user profile it says the correct user but in the WP-admin /users/all users it is empty. Very strange 🙁

  • I can just say that you have some problem with role name translation. WordPress builds it this way to show in the users table:
    $role_name = isset( $wp_roles->role_names[$role] ) ? translate_user_role( $wp_roles->role_names[$role] ) : __( 'None' );
    Thus, you should see ‘None’ if role is not defined. But you see empty column, so translation returns empty value for some reason.

  • Sabrina

    I mean with empty that is says ‘none’ instead of Bedrijf or Student.

    Sorry for the confusion 

  • Please show screenshot of user profile with ‘None’ role column in the users list.

  • Mailk

    Does not work. “User Role Editor” page is empty.

  • Please read this 
    http://shinephp.com/community/topic/cannot-see-settings
    May be it will help.

  • Tia Jones

    Great plugin. The only  problem I have is that my editors/contributors can not see the excerpt box, any suggestions? 

  • Kamal Singh

    hello thre. Thanks for a wonderful plugin

    I am facing a problem

    I am using a plugin called as Admin Menu Editor and your User Role Plugin

    Both the plugin conflicts with each other. Please tell me how to solve it

    Its giving me an error 
    below the the detail error

    Warning: Cannot modify header information – headers already sent by (output started at …/wp-admin/includes/menu.php:193) in …/wp-includes/functions.php on line 861

    Warning: Cannot modify header information – headers already sent by (output started at …/wp-admin/includes/menu.php:193) in …/wp-includes/functions.php on line 862

    Please help me with this 
    Thanks in Advance!

  • Hello,
    How did you define, that URE conflicts with ‘Admin Menu Editor’. I setup ‘Admin Menu Editor’ with URE together, played a little editing admin menu and did not see any problem. May be it is result of some incorrect changes made by you in the admin menu with this editor plugin help?

  • Go to the post editor screen and check ‘Screen Options’ at the top of the page. It seems that ‘Excert’ checkbox is turned off there for some reason.

  • I would like to add a capability to deny a member the ability to login? How would I do that with your plugin? What would the role be?

  • Try this variant: Create new role, e.g. “NoLogin”, and turn off all capabilities in this role. Assign this new empty role to user, whom you wish to deny login. When such user try to login he will get message that he has not enough permissions to visit page after he input his username and password.

  • Sasch

    Great Plugin, but since I upgraded to WP 3.4 the admin screens are empty. Checked this with a clean installation too -> same here… I´m using WP Multisite. Any clue what to do?

    Thanks

  • I could not reproduce this and see URE under WP multisite.Try to open browser window to full screen, or if you have screen resolution less than 800px, scroll page down, main URE form could be wrapped there at small browser window.

  • Sasch

    Ouch! You´re right. Resolution was to small. I didn´t see it…
    Thanx anyway

  • Mark Goodson

    I have tried different plugins and have not been able to accomplish what I need — and I am sure it is because of my lack of understanding of WP user roles… but if someone could help me — I would be more than willing to help you in some way SEO related.

    I have a business directory — I want any person who registers to be able to edit any business listing (post) – upload images, etc. but I do not want them to be able to delete or access any functionality in the dashboard other than what a subscriber has. I provide an edit function on the outside — but word press stops it if the email of the person does not match the listing — and since I am pre-loading these —

    Then once a listing is secured with a payment — that listing then can only be accessed by the owner who paid.

    I also need to be able to detect this condition in the code — so I know whether to display the edit button on the listing or not — update – upgrade etc.

    Can someone please help me.

  • Hi Mark,

    Concerning to first part of your question:
    You can create new role for directory subscribers with User Role Editor. Next you can exclude from the user interface at WordPress dashboard menu items, which you wish to hide from them. This post could give you the main direction:
    http://www.shinephp.com/how-to-block-wordpress-admin-menu-item/

    Adminimize plugin could help you with that as it offers user interface to manage visible menu items and can change settings for selected WordPress roles.
    You still need to block those menu items manually, as Adminimize just hides them, but not prohibits access to them. That is user still can go to the hidden page by inserting needed link to the browser URL address field.
    Consult with this post to know which page is responsible for which menu item of WP admin dashboard.
    http://www.shinephp.com/wordpress-admin-menu-permissions/

    Regards,
    Vladimir.

  • robert

    Updated to User Role Editor 3.7 and getting Fatal Error:

    Fatal error: Call to a member function get_role() on a non-object in …/wp-content/plugins/user-role-editor/user-role-editor.php on line 185

    Site is: http://www.fairviewgardens.org/
    Plugin was running fine for past 12 months until v3.7

    Version 3.7 prevents Easy Heads Up Bar from loading.

    Please advise what to do.
    Have deactivated and reactivated v3.7, still get fatal error.

    Thank you, robert

  • Thanks for the signal. That block of code is unneeded at all. My fault. I left it after some experiments with new functionality.

    if (!$role->has_cap(URE_KEY_CAPABILITY)) {

    }
    You see that the action inside is commented. Just remove it yourself or download updated user-role-editor.php from this link
    http://www.shinephp.com/wp-content/downloads/wordpress/plugins/user-role-editor-3-7-fast-fix.zip
    and replace this file inside user-role-editor plugin folder.
    Your feedback about testing results is very appreciated.

  • robert

    Thanks for quick reply.
    I just upgraded from v3.7 to v3.7.1 and issue is resolved.
    Great plugin, appreciate it.
    Robert

  • Thanks.

  • Дарья

    Владимир, большое спасибо за помощь! А как сделать блок “Настройки” в самом WordPress недоступным для пользователя?

  • Дайте такому пользователю роль, в которой нет разрешения “manage_options”.

  • Hi,
    I’m sure that User Role Editor doesn’t make any direct impact on the login redirection on your site. It could be some other staff, you installed.
    Generally,user redirection after login is possible.
    There is “Peter’s Login Redirect” plugin at
    http://wordpress.org/extend/plugins/peters-login-redirect/
    or you may realize that directly using a piece of PHP code, e.g. one from this post:
    http://www.joshstauffer.com/wordpress-redirect-users-after-log-in/

  • Tim

    Hi Vladimir – your plugin is exactly what I need for my site. However when I try to change the permissions of a user and click ‘Update’, nothing appears to have changed. If I reload the plugin page, any of the boxes I have checked have unchecked themselves. No changes I make appear to stay. What can I do about this? Thanks! 🙂

  • Hi,
    Could you allow me to look on your problem on site? If ‘Yes’ send me URL and login/password (my name, at symbol, this domain).

  • Tim

    Hi Vladimir – unfortunately I can’t do that due to security reasons as this is a corporate site.

    I am more than happy to provide you with a list of other plugins we are running, or other information you might need?

    Thanks for the response 🙂

  • Hi Tim,

    Try to add
    define(‘WP_DEBUG’, true);
    line into your wp-config.php, and let me know, if you get some error messages at admin dashboard and when you update roles.

  • Hi Mike,

    Yes, you can activate plugin on just the only site and apply changes, you made to the roles, to all site of your network from there. You don’t need to activate URE plugin for all network for that.

    Regards,
    Vladimir.

  • Likestodraw

    Where does the role editor appear in a multisite installation? I can’t seem to find it.

  • Look at the same place as for standalone WP – menu “Users” of site, for which URE is installed. or main site of the network, if URE is installed for it. You should have super-admin privilege to see URE under WP multi-site.

  • Likestodraw

    Completely disregard my last comment. A quick look at the FAQ answered my question. I do have another; however. My question is is there a way to allow users to view the dashboard and change what pages they can see and visit on the navigation while in the dashboard? Thanks in advance for answering.

  • Even subscriber user will see dashboard, but with the only menu item – his profile. In order to help you, I need more information about, what do you wish to achieve. User should see ‘Pages’ menu item and pages list. What pages do you wish to show, what to hide. Are there some criteria?
    May be you need to use some content restriction plugin for that.

  • How do I give users capability to add new forums in Mingle Forum? Mingle Forum does not appear in the user role editor admin page although I have installed the Mingle Forum plugin.

  • Look at wpf.class.php file function add_admin_pages() at line #179. All Mingle Forum menu items are added with permission ‘administrator’. Thus only administrator be able to manage forum staff.
    If you wish to change that, you may add new capability with User Role Editor, like ‘mingle_admin’ to needed role and change ‘administrator’ at add_admin_pages() to ‘mingle_admin’, etc…

  • Eli

    Thank you for you EASY TO USE PLUGIN!!!
    Could you please tell me how I could block someone from creating a login. We have their email.

  • The most easy way to register some user with email you have yourself before it will be done by someone. Then someone could not register user account with that email.
    2nd, wait while such account will be registered, then set that user role to None. Thus, that user will view nothing in its profile.
    Though, someone can register with other name and email at any time. If you not IP-address of that user it’s possible to block registration page for that IP, etc.

  • Jaseer Kinangattil

    HI, ur plugin is great, But i didn’t understand how to restrict adding new pages for “Editor” Role.
    Expecting your help

  • Hi,As you can see from this post http://shinephp.com/wordpress-admin-menu-permissions/ WordPress has not special capability to restrict ‘Add Page’ right. It uses the same ‘edit_pages’ for that as for page modifying, as for new page creation.
    It’s possible to create new capabilty, e.g. ‘add_pages’ and setup it for ‘Add Page’ menu item using ‘Admin menu editor’ plugin

    http://shinephp.com/admin-menu-editor-wordpress-plugin-review/

    But it will remove “Add New” menu item only, while the link to create new page at the page editor form shown on your screenshot will be still there, as WP still checks ‘edit_pages’ at code, I’m sure.

  • AJ

    Why can’t i add a role with a space in it? e.g. Web Developer, the roles can only be one word or words without spaces, thats dissapointing 🙁

  • Yes, there is not software limit to use spaces at role name. It’s my decision to follow WordPress best practice, when I setup such limitation for roles and capabilities names: no spaces. Just see – none of WordPress roles contain spaces in its name.
    You can use ‘_’ or ‘-‘ instead of spaces.

  • Matthias Meyer

    Hi Vladimir,
    i got an issue with uploading images: An “author” is allowed to make changes to a published page and submit it for review. It works great with capabilities “edit_published_pages” and “edit_published_posts” turned off. He can edit the page and has the only option “Submit Revision”. So far so great.
    The problem comes when the “author” tries to insert an image. The plugin refuses, even though “author” has the capability “upload_files” checked on. Uploading files to the media works perfekt, but not from inside a published page. I searched the web for quite a while now and did not find a clue.
    Maybe you can help.
    Thanks.

  • gianmarizzi

    Hi, I have the latest versions of both WP and your plugin. I really don’t know if something has changed since the last WP upgrade, but now your plugin doesn’t work anymore: the user can only see the front end of my site. What am I supposed to do?

  • Hi Matthias,

    Please attach a screenshot with capabilities list of role assigned to this user. I will try to find what does go wrong.

    Regards,
    Vladimir.

  • Please check:
    – if URE plugin is still active;
    – if user has needed role assigned.
    If all of above is valid but user still doesn’t see his profile attach here screenshots of his profile (you can hide his login and real name) and role with capabilities list for investigations.

  • Matthias Meyer

    Hi Vladimir,

    thank you for the quick reply. Here comes the screenshot of the capabilities. I am using the german version of your plugin, but the capabilities are in english anyway.

    Regards,
    Matthias

  • Guest

    Hi there! Amazing plugin!

    Need to ask though how to remove a few things from the dashboard menu – I have 3 items I need hiding “contact” (contact form 7), “allinone – playlist” and “staff directory”… even though most things have hidden, I don’t know how to hide these.

    Another thing that I found some problems with was that if allowing a user to create more users… they can create of any role… not good for security issues so I had to remove the create user permission. Any help on the 3 items in the dashboard menu (priority) would be very useful!

    Thanks!

  • Hi there!

    Amazing plugin!

    Need to ask though how to remove a few things from the dashboard menu
    – I have 3 items I need hiding “contact” (contact form 7), “allinone –
    playlist” and “staff directory”… even though most things have hidden, I
    don’t know how to hide these.

    Another thing that I found some problems with was that if allowing a
    user to create more users… they can create of any role… not good for
    security issues so I had to remove the create user permission. Any help
    on the 3 items in the dashboard menu (priority) would be very useful!

    Thanks very much!!

  • Hi Matthias,

    Excuse me for delay with reply.
    I can not repeat your issue at my test WordPress 3.4.1 single-site. I created exact copy of your role and uploaded image inside post, then inserted it into post successfully. Look around your WP installation, may be it will help. I mean update to the latest version, check plugins installed, may be some conflict has place, etc.

    Regards,
    Vladimir.

  • Hi Luke,
    Thanks.
    Contact Forms 7 uses ‘edit_posts’ capability to decide if show/hide its menu from current user. More details are available from my comment at this page
    http://chooseplugin.com/plugin-info/contact-form-7

    Please send me exact names or links to WordPress.org plugins repository for other 2 plugins you mentioned.

    Create new user: Yes, you should trust such user enough. In other case you are right – you will have large self-made security problem.

    Regards,
    Vladimir.

  • MatthiasMeyer

    Hi Vladimir,

    okay, I thank you very much. I’m working on the latest version of both WordPress and your plugin but the issue still exists. I guess I’m going to dive deeper into your plugin or to establish a workaround.

    Thanks again,
    Matthias.

  • Thanks for the quick reply. Will read the chooseplugin.com page in a moment. I have decided just to remove the staff directory plugin as sometimes hand coded html is enough… so that leaves the other plugin to name: “LambertGroup – AllInOne – Banner with Playlist” found at http://codecanyon.net/item/banner-rotator-content-slider-wordpress-plugin/1903226

  • Just checked out the contact forms 7 post – so seems there is nothing that can be done… i guess the majority of the backend has been limited for their safety… if they manage to screw up still then that would be something they would have to deal with etc (only so much you can do haha) – if you are not able to find out what the situation is regarding the banner, don’t worry as it might have to be a case of following suit with the contact plugin (although there is probably not that much they could screw up with the banners!) – Appreciate the help!

  • If you wish I help you with capabilities this “Banner with Playlist” plugin uses, send its code to me (my name at this domain).

  • lesol

    How do I give permissions to someone to just manage one page? / post?

  • It’s not possible with current WordPress roles and capabilities model. But some plugins could help you. Look on this one

    http://wordpress.org/extend/plugins/role-scoper

  • pikus

    Hello, i have tried to delete the “read” rights of the contributors, but they are still able to see others’comments and posts.

    1)What do the “read” rights are?

    2)How can I prevent “contributors” to see the comments that are left to somebody else’s posts?

    3)How can I prevent “contributors” see others’posts?

  • Hello,

    1) ‘read’ rigt – is a right which allows ordinal site visitor to become your blog subscriber. Subscriber could see and edit his user profile at wordpress back-end and you as blog owner have his e-mail to send blog news, etc.

    By default all published WordPress posts and comments are visible to all site visitors.

    Do you ask about posts and comments visibility restrictions for your site visitors? Or for contributors at WordPress admin back-end?

  • Cecile

    Hello,

    I am interested by your plugin.

    As it is, authors don’t have access to the media library. thay can upload a photo from their computer, but cannot insert one from the library.
    I installed your plugin : can you tell me what I should check so that authors do have access to the library ?

    thanks for your help

  • Joshua

    Vladimir, the delete user role box isn’t showing up as an option. I have only 1 user and it’s an administrator. Can you tell me why. I’m using User Role Editor v 3.8.

  • Joshua

    Vladimir, the delete user role box isn’t showing up as an option. I have
    only 1 user and it’s an administrator. Can you tell me why. I’m using
    User Role Editor v 3.8.

  • Hi Joshua,

    “Delete Role” is shown only in case, if you have at least one unused role. That is role, which is not assigned to any user.
    Try to create new role and you will see ‘Delete Role’ box at once.

  • By default Author can as upload new image, as insert one from media library. This role should have ‘upload_files’ capability for that. If your ‘Author’ role has such capability, but user with this role can not use Media library, I suppose you have problem with one of your active plugins. Try to deactivate them all for testing and check if author can use Media library then.

  • Davi

    Hi Vladimir

    Indeed a great plugin. Just what i was finding all over. I am trying to create a FORUM behavior from WordPress.

    So,i was wondering this type of plugin. What i want is, i want to use my wordpress blog as FORUM to help out public.

    Working i want:-

    1. Any subscriber can create post. He can edit it before publishing but not after publishing. I checked your test in your conversation with OS in comments. Later this subscriber and any other can put a comment on it. Is thing thing possible with this plugin ???

    2. Subscriber should not create his own Categories/tags. He should be allowed to select from the defined categories only. Is thing thing possible with this plugin ???

    Clearly speaking i want to get the similar high level functionality of vBulletin through wordpress.

    Any suggestions are most welcome

    Thanks in advance.

  • Hi Davi,

    1. If you revoke ‘edit_published_posts’ from the ‘Author’ role and make it default one for your subscribers, then its possible.
    2. While user has ‘edit_posts’ capability he can edit categories/tags. It’s possible to limit access to this part with other plugins, like ‘Admin menu editor’ however.

    Did you try to see on WordPress plugins with ready to use forum functionality, like bbPress, Mingle Forum, etc?

    Regards,
    Vladimir.

  • Davi

    Hi Vladimir,

    Thanks for your reply.

    Actual i have purchased a theme already so i want to use that theme for my FORUM in wordpress environment.

    I want that navigation of my theme should be retained if even i use Forum plugins of wordpress like Mingle press, bbpress…

    WORKING I WANT:-

    Functionality i want is ANYBODY CAN CREATE A POST BY CLICKING ON A BUTTON “SUBMIT POST” on my Homepage of website (Is creating such type of CREATE POST button is possible???)

    When somebody will click on “Submit Post”, He/she will be taken to a CREATE POST page.

    Post will be published as POST Content.

    Hope you understand my concern.

    Thanks
    David

  • cybe001

    Hi,
    I am using “Email newsletter” plugin which has following in the plugin php to display the option for “Admin” user role.

    add_menu_page( __( ‘Email Newsletter’, ’email-newsletter’ ), __( ‘Email Newsletter’, ’email-newsletter’ ), ‘administrator’, ’email-newsletter’, ‘eemail_admin_option’ );
    add_submenu_page(’email-newsletter’, ‘Compose email’, ‘Compose email’, ‘administrator’, ‘add_admin_menu_email_compose’, ‘add_admin_menu_email_compose’);

    Now I want to add this “administrator” capability to my new user role. How can I do that?

    (I tried creating new capability and changing the “administrator” capability in the plugin php to the new capability, that didn’t work)

    Thanks for the help

  • You do that right and at the right place. I have checked such update with this plugin just now. And it works.
    Check if you turned on new added capability for role which your test user has.
    Check if you have not typo in capability_name you really added to the role and inserted into plugin code instead of ‘administrator’.

  • Добрый день. Подскажите, а как дать пользователю возможность удалять загруженные им картинки?

  • cybe001

    It worked, I didn’t know the capability name is case sensitive.

    Now how can I add this capability to admin role?

    Thanks for the help.

  • New capability should be included into Administrator role automatically. It is possible to see Administrator name in User Role Editor also. Check FAQ section at http://shinephp.com/user-role-editor-wordpress-plugin/ post in order to know how to make that.

  • Здравствуйте.
    Для удаления картинок пользователю нужно право удаления статей (постов) – delete_posts

  • а по другому никак? у меня этот пользователь может создавать и удалять только пользовательский тип данных, к статьям он не допущен..

  • Если для пользовательского типа определены пользовательские же права доступа, то возможно обойтись только ими.
    Эта статья может помочь разобраться с правами для пользовательского типа
    http://shinephp.com/capabilities-set-for-custom-post-type/

  • Uncovery

    This is screwing up my blog. Aparently the “participant” role has now a lot of admin rights in different plugins. If I change it, and update, it shows the new settings. If I chose “participant” from the dropdown on top again, I am back with all the boxes in the lower half checked.What can I do? How does it save the settings I want? How can I verify that they are stored?

  • Do you write about ‘participant’ role from bbPress?
    If Yes, bbPress creates its roles on the fly, thus there is no sense to edit them with any role editor plugin. In order to return to initial state try to deactivate bbPress temporaly. Go to User Role Editor. If you still see ‘participant’ role, delete it. Reactivate bbPress.
    Do not forget to make backup of your blog database before make any changes.

  • ackab

    Hello, I would like authors to be able to edit and publish existing pages but not to create new pages (just pages, not posts, they can create new posts). I know that a create_posts capability exists. not sure about create_pages. None of the two are available in the user role editor, wich is otherwise great and useful by the way. Can you offer some advice on how to achieve that users are not able to create new pages with role editor? Thanks!

  • Hello,

    edit_pages is the key capability to create new page as for edit existing page too.

    One way to achieve your goal: You can add custom capability ‘create_pages’ and force new added page be always pending, if user not has it, using technique similar to one, described here
    http://shinephp.com/change-published-to-pending

  • Hello, I update the plugin fail on January 7th, 2013. Could you check it? Thank you! ^_^

  • Thanks for the signal. Can you show error message?

  • Sochivy

    Hi Do you have some tutorial of using this plugin, how to use cap when added already and use it for my plugin.
    Thank,

  • Hi,
    No, I didn’t write separate tutorial. But there is a lot related info available.
    Search post above for this keyword ‘current_user_can(‘ or read this forum topic, for example
    http://shinephp.com/forums/topic/how-to-give-permision-to-access-a-plugin/

    I hope it could help you to start. Let me know if you need further help.

  • Дарья

    Добрый день. Подскажите, как дать возможность удаления загруженных картинок. Права для роли выглядят так: http://s2.ipicture.ru/uploads/20130119/WcdGR88E.png

  • Добрый день.
    Media Library проверяет возможность удаления так
    if ( current_user_can( ‘delete_post’, $post->ID ) ) {
    или так
    if ( !current_user_can($post_type_object->cap->delete_post, $post_id) )

    Таким образом для стандартного типа post – delete_posts. Для вашего custom post type “vos” – должно быть включено разрешение delete_vos. Но так как она включена на скриншоте, а удалять картинки загруженные к вопросам вы всё равно не можете, предполагаю, что для этого типа при его создании не определено пользовательское разрешение, соответствующее delete_post.

    (It seems that delete_vos capability is not inserted properly at your ‘vos’ custom type definition).

  • Richer Yang

    one new core role not in this plugin with Version 3.9
    edit_comment add in WP 3.1

  • Hi Richer,

    Thank you for your help. Let me explain, User Role Editor works with real capabilities. You can find them all at wp-admin/schema.php file. Look at the populate_roles() function.
    ‘edit_comment’ capability is so-called meta or virtual capability, which doesn’t exist really. So you could not assign it to the role or user directly. WordPress maps this meta capability to ‘edit_posts’ capability for standard post type:
    If we look to wp-includes/capabilities.php and find function map_meta_cap() there, we can see:
    case ‘edit_comment’:
    $caps = map_meta_cap( $post_type_object->cap->edit_post, $user_id, $post->ID );
    Pay attention to “cap->edit_post”, it is the same ‘edit_posts’ for standard post type, or other related to post editing for custom post type, if it’s defined.

    Regards,
    Vladimir.

  • Я был не точен в предыдущем комментарии. Нужный набор прав создаётся для пользовательского типа автоматически.
    Картинка с вашей ролью более не доступна. Проверьте наличие в роли всех перечисленных прав: delete_vos, delete_others_vos, delete_published_vos, delete_private_vos.
    Check if your role has all needed ‘delete_’ capabilities.

  • stosun

    hi, I installed this plugin and defined publish_edit capability to subscriber role. After that ı uninstalled plugin, but still it does same capability. How can I restore my role and capabilities back?
    Thanks

  • Hi,
    Install plugin again. Exclude ‘publish_edit’ capability from ‘Subscriber’ role. Then you will be able remove this capabilty. After that you will got your role back, in case you did not make any other changes.
    Version 3.10 allows to reset roles and capabilites back with one click. Beta is available from this link
    http://shinephp.com/user-role-editor-version-3-10/

  • Дарья

    Картинка, вроде, доступна…у меня открывается. Все эти права есть и отмечены галочками… А что еще может быть не так?

  • Проверьте, Администратор, у которого включены все права может удалять вопросы?

  • И убедитесь, что определение пользовательского типа “вопросы” у вас возвращено к этому виду:

    $args = array ( ‘public’ => true,
    ‘labels’ => array(‘name’ => ‘Вопросы’, ‘singular_name’ => ‘Вопрос’, ‘add_new’ => ‘Добавить вопрос’),
    ‘show_in_menu’ => true,
    ‘menu_icon’ => plugins_url(‘wp-wpdm-qa/images/icon.png’),
    ‘query_var’ => true,
    ‘rewrite’ => true,
    ‘capability_type’ => ‘vo’,
    ‘map_meta_cap’ => true );

    register_post_type(‘question’, $args);

  • How do I reset all the settings? I had custom posts (i’m using events manager) and some how they disappeared from the side navigation for all users even admin.

  • Try to deactivate-activate again events manager plugin, may be it will refresh custom post type capabilities then. If you wish to make full cleanup of your blog capabilities, try User Role Editor 3.10 ‘Reset’ button. It is at beta testing now and available from this link
    http://shinephp.com/user-role-editor-version-3-10/

  • Дарья

    Не помогло… определение пользовательского типа “вопросы” выглядит как надо, у Админа стоят все галочки…Что еще может быть не так?

  • Администратор у Вас тоже не может удалять вопросы?

  • Дарья

    Администратор может удалять все: и вопросы и картинки и вообще все

  • Более, чем странно. Если бы что-то было не так с правами, то администратор тоже не мог бы удалять вопросы. Попробуйте присвоить пользователю другую роль, сохранить изменения, а затем вернуть ему опять вашу, для работы с “вопросами”. Это уже что-то из разряда шаманских танцев с бубнами – а вдруг поможет.

  • rasivell

    hi.. i have 300 post in my blog withe 3 writer… ido know i checked red and can edit othe opst to thats 3 writer ! but their cant see all 300 post of blog to edit!!

  • Дарья

    странно, но не помогло….

  • Vladimir Dobrev

    any way to limit to specific post category, so we can have one person editing “software” post and another “hardware” post only..

  • Vladimir Dobrev

    thanks, will try immediately 😉

  • Jane

    Hi, The plugin works well, just one issue I cannot solve though – I have set the user role of ‘ Manager’ so that another person can do all things except change themes and plugins… when logged in as Manager though, there is not a link for pages in the left column and so cannot find or edit existing pages?

  • Hi, It seems you should see posts and pages menus with this capabilities list. May be some plugin hides them? Did you try Manager role with other plugins deactivated?

  • Roger Soriano

    I would to know, which file I need to edit to create a new costume capability.

  • Roger Soriano

    Hello Vladimir
    Congratulations for your great plugin
    I would to know, which file I need to edit to create a new costum capability.
    I want to create a new capability, to let some users see an especific div. Is that posible? (It’s as the capability see_private_pages, but with hidden divs[that have display=none, in css style]). I want to let them see the hidden divs, or just with js create a function, that if the user has this capability: display = inherit.
    something like that. If you could say me which file i have to edit to create a ned capability, it would be great.
    Thanks for your time!

  • Hi Roger,

    There is no need to edit any files to create new custom capability. At the bottom part of User Role Editor page you see few boxes. One of them is named ‘Add New Capability’. Just turn on new added capability in selected roles then. That’s all.
    The rest part is to check if user has that capability and act accordingly. I think that your page footer is right place to add javascript code for that there. Look for the footer.php file at your current theme folder, or other one which contains code for the footer. If you make your hidden ‘div’s with the same class name, you may conditionally add JQuery ‘ready’ event, which will change all those hidden divs visibility.
    To check if user has needed capability in PHP use this condition:
    if (!current_user_can(‘some_capability_you_added’)) {
    // bla-bla-bla
    }

    Regards,
    Vladimir.

  • steph

    Hi there and thank you so much for a very useful plugin!

    We’re using your plugin in a multisite environment.

    We’d like to create a capability something like “delete_administrator_pages”, so that if it is left unchecked, an Editor could not delete pages created by an Administrator, but they could still delete pages created by Other Editors. We want them to be able to view & edit Administrator-created pages, just not be able to delete them.

    Right now, if we uncheck the “delete_others_pages”, they can’t delete anyone else’s pages, but we want them to be able to delete other editor pages, just not pages created by Administrators. I tried adding this new capability through your plugin, but not sure what other code I need to modify.

    Thank you!

  • Thomas Kirven

    Hey, thanks for such a great plugin!

    Can you help me understand how to apply a custom capability to a WooCommerce Product, which, I think, is a custom post type?

    Thank you!

  • Hi,

    It seems that it’s possible to resolve your task.

    When user tries to move page into trash WP executes has_cap() routine to check if user has ‘delete_page’ meta capability which is mapped via map_meta_cap() function to ‘delete_others_pages’, ‘delete_published_pages’ for published page. Finally has_cap() checks if user has all capabilities returned by map_meta_cap(). Thanks to WordPress developers, we have ‘map_meta_cap’ filter at the end of map_meta_cap() function. Thus, if you add ‘delete_administrator_pages’ capability to the capabilities list user must have to delete administrator’s pages, with the help of this filter, your task will be resolved.
    Please let me know if you need further help.

    Regards,
    Vladimir.

  • Hi,

    You are right, WooCommerce Product is a custom post type. WC defined custom capability for it with name ‘product’: edit_product, edit_products, etc… Look into User Role Editor custom capabilities section. You will find a lot of custom capabilities defined by WC plugin itself, and they are not only product related.

    Regards,
    Vladimir.

  • Thomas Kirven

    Thank you 🙂

    Would you also be able to help me with this…?

    How would I hide the username field on a registration form and have it auto-populate with what the registeree types for their e-mail address? Basically, I want the username to be assigned by the e-mail address they enter.

    Thank you!

  • steph

    Thanks for your quick reply! I added the ‘delete_administrator_pages’ capability through your plugin on the admin page. I kept check marks for the Editor next to ‘delete_others_pages’ so they could continue to delete other Editor’s pages, but left the new check box next to ‘delete_administrator_pages’ blank so they couldn’t delete any pages created by the Administrator. However, at this point, they can still delete admin pages. Do I need to also edit some php? Specifically in the capabilities.php file within the ‘delete_page’ case? I’m a bit new to this, so any help is very much appreciated.

    Thanks so much again –

    Steph

  • Dave

    Hi Vladimir. This is a very nice plugin. I want to make a role which is able to edit others posts (edit_others_posts) but i want to see the changes before its public and confirm to them. Do you know what I mean? Is that possible?

  • Hi Dave,
    I think – Yes. Read this post, I hope it will help you
    http://shinephp.com/change-published-to-pending/

  • Dave

    thank you for the fast answer. It doesnt quite work yet. I tried both codes on the site you sent me. i get this line just below the admin bar which doesnt go away. what can i do?

  • It seems that piece of code you inserted is not clean. Try to accurately remove exactly that part you inserted or restore function.php from the backup copy.
    I can send you working code, tested at my playground.

  • Dave

    i removed it already. thanks, that would be great if you could send me your working code to my email, because i tried also the one from your link:

    function published_to_pending($post_id) {
    global $post;

    if (!is_object($post)) {
    return;
    }

    if (current_user_can(‘author’) && $post->post_status==’publish’) {
    // stop recursion call
    remove_action(‘save_post’, ‘published_to_pending’);
    // update the post, which calls save_post again
    wp_update_post(array(‘ID’ => $post_id, ‘post_status’ => ‘pending’));
    // re-hook this function back
    add_action(‘save_post’, ‘published_to_pending’);
    }

    }
    add_action(‘save_post’, ‘published_to_pending’);

  • montecampo Ltd.

    Hello.
    We would like to use this plugin in our service.
    Can we use it on bussiness?

  • Hello,
    Yes, you are free in decision where and how to use this plugin. User Role Editor is licensed under GPL v.2 (http://www.gnu.org/licenses/gpl-2.0.html)

  • waqar

    Hello, I worked on your plugin before 1 year and restricted admin user to view all menus and that time there was some url to restore all menus for admin users. I have forgot it. Can you help me? I want admin to see all menus.

  • Hello,

    Do you mean this post?
    http://shinephp.com/how-to-change-wordpress-user-role-capabilities/

    If you lost full access to your site, you may make direct database edit replacing current roles with some from new setup test WP instance, where administrator will have full access to WP menu.

  • montecampo Ltd.

    thank you for your replay.

  • Raja Shio

    You do not have sufficient permissions to access this page.
    just appear like that

  • niloofar akefian

    when shopmanager role have edited, control panel will be hidden for him.why and what can i do?

  • Please send the link to plugin which defines shopmanager role and screenshot with changed shopmanager role.

  • It is a limitation of current version. I plan to add the separate field for role name (without so hard input control) in the next version of User Role Editor (May, 2013).

  • Simone Pescina

    Hi Vladimir.
    Is there a way to add new global roles in a multisite environment? I think I’m facing some problems working on this functionality…

  • Hi Simone.

    No. WordPress doesn’t manage global roles in a multisite environment. Every site has its own roles set. There is workaround. You may duplicate any role from your main site to the rest part of your network. Turn on ‘Apply to All Sites’ checkbox and click ‘Update’, this way selected role will be copied to the all sites of your network automatically.

  • Simone Pescina

    that works, but in my case isn’t the better solution. I’m using multisite for managing a multilanguage site and I would have user roles translated as well. But I don’t think this could be possible… any ideas?

  • Bart

    Hi, I want to thank you for this great plugin. I donated $10 to your account to express my thanks!
    Greets,
    Bart

  • Hi Bart,

    Thanks a lot for your support.

    Regards,
    Vladimir.

  • Bart

    You’re welcome Vladimir!

  • Nick

    Hi,

    I’d like to “add a capability” to “read_scheduled_posts”, but am not sure how to do this. Is this possible?

    Regards,
    Nick

  • Vivian

    I am running a WPMU network.

    If I turn on URE_ENABLE_SIMPLE_ADMIN_FOR_MULTISITE, will the single-site admin be restricted to creating/changing roles on their own site only, or will the changes from one site affect other sites using the plugin?

  • M

    Hi. Great Plugin.
    Any idea when the Dutch translation is going to be added?

    I would love to see that to make it complete for me.

    M.

  • Hi,

    I do not see the reason to wait. Take any .po file from the lang directory. Translate it with utility from http://www.poedit.net/ and send resulting .po and .mo files to my name and this domain email address. I will add that translation to the nearest update. Thanks.

    Regards,
    Vladimir.

  • Matt

    Is there a setting I can add for the “Author” role that would allow the author to add a youtube embed code without it getting stripped out?

  • If you use single site WordPress installation, then you may allow that user ‘unfiltered_html’ capability. But it should be user whom you trust. As this feature could be vulnerable in the hands of bad guy. For that reason ‘unfiltered_html’ capability is available for the super-admin only under WordPress multi-site.

  • Hi. What is your license for the free version? I hired someone from Freelancer to create a plugin similar to User Role Editor, and he delivered me a pirated version of your plugin, but changed the name, and is trying to charge me $90.

  • As any other plugin included into WordPress plugins repository at wordpress.org User Role Editor is licensed under GPLv2.

  • Bea

    Thanks for the plugin.. Using on a multisite but we get no rule or role functions.
    This is the only thing we see as “Super admin” under settings, there is no other user role option.
    Plugin is network activated.

  • It is the “Settings” page at screenshot. To work with roles use “User Role Editor” menu item under the “Users” menu.

  • Bea

    Thanks – that seems to be the problem, We have no other options apart from settings.
    ie: there is nothing under users and users do not have a capability option..

  • Bea

    as below

  • You should go to the selected site and check “Users” menu there. If you plan to apply your changes to the whole network – make them at the main (1st) blog of the multi-site network.
    Role Editor is available under the “Network Center” at the Pro version only (role-editor.com).

  • Bea

    Thanks again – So to network activate one role across multisites I need PRO version?
    We are trying to assign a role to “Username only” for multisite users to allow them to change profile details..
    This would be across the multisite subsites

  • It is possible to replicate role on all network at free version. At the main blog select role you wish to modify and before click “Update” turn on the “Apply to All Sites” option at the top.

    Pro version allows to replicate to the network all roles from the main blog with one click from the Network Admin. It is useful when you plan have the same role at all sites of the network.

  • Bea

    Excellent .. Thanks so much again.

    Free version – apply to all sites — does this apply to created sites already – ie does it also apply to any newly created sites After the creation

  • jimlongo

    Hi, thanks for this plugin it works great right out of the box.
    Question: how could I add a custom_capability that allowed a certain role to be able to edit menus but no other aspects of Appearance?

  • WordPress uses the same capability ‘edit_theme_options’ for all those menu items. It is not possible with just adding new custom capability. Look on the “Admin Menu Editor” plugin. It allows to change capabilities assigned to the menu items. So you may assign new custom capability to selected menu item.

  • I missed somehow your question…
    Free version has the feature – any new created blog gets all roles from the main blog automatically.

  • Abrar Kaderin

    awesome.. thanks a lot.. just as i wanted.. 😀

  • Harmeet

    hi every one i want to set editor can add pop up plugin pop with fancybox http://wordpress.org/plugins/popup-with-fancybox/ how it’s possible

  • greekdish

    WordPress v3.8…I do not see the Apply to All Sites checkbox at the top.

  • Thank you for linking to this FAQ right in the Network-Admin interface for this plugin! And thanks for a great plugin!

  • Miguel A.

    Got the Administrator in the drop-down menu after modifying wp-config.php, and both edit_users and add_new_users is checked off, yet I still can’t do either. Please help! Thanks!

  • What do you try to achieve?

  • Miguel A.

    Administrator role to be able to add new users (not just existing) and edit roles of users within the child site of a network.

  • create_users capability allows to add new users. Why do you play with capabilities? They all should be included into administrator role.

  • Henk Petter

    Hello Vladimir,
    When i want to add a role or a capability no pop up window appears. Just the button glows up white but nothing happens. I am running a multisite network and have made myself Network Super Admin using User Role Editor. Can you tell me what to do?

  • Hi,
    User Role Editor uses jQuery to show add role dialog. If pop up dialog window does not open some JavaScript error took place probably. Please check JavaScript console at your browser. The probable reason – conflict with some other plugin.

  • M

    Hello Vladimir – WordPress Contributors can edit their own profile which will then show up on their profile page. I’d like them to Not have that capability, so I can add and modify and control it only as admin. How do I do that? Thanks!

  • Hi,

    Do you wish hide “Profile” menu item from them or just block selected profile input fields for editing and leave ability to change password, for example?

  • M

    I’d like to try either option – I could use them both.

  • OK. I will prepare and publish this weekend special post about how to achieve that.

  • Bodhi McGee

    Hello, a pre sales question. Can i create a new user role and then hide specific plugins from all other roles? eg. you dont want to show “Hello Dolly” plugin to users except your custom one, but you want all users to still have access to the rest of the Plugins in admin menu. Possible? Thanks, Bodhi

  • Hello,

    If you need to hide for some role the specific submenu or menu item added by plugin, it is possible with some additional code, like this
    http://role-editor.com/restrict-access-wordpress-widgets-area/
    I may help you customize it for specific plugin under the terms of Pro version support.
    Or you may look on the “Admin Menu Editor” plugin, which you may use in conjunction with User Role Editor.

    Regards,
    Vladimir.

  • Am giving this plugin a try…but it appears that no matter how I try to DELETE a role – it appears in the dropdowns forever. What am I missing? Oh, latest WP and running the Fundify Crowdfunding theme with Stripe payments by EDD….they recommended I give the plugin a try…

  • Daniel Griffin

    Hi, please could you respond to my question on the support forum. (adding new pages) Thanks.

  • Autorall Brazil

    Hi, Vladimir. I’m testing your plugin and it looks awesome, but I have a question. I’m trying unsuccesfully to set a specific role for a user, and that is : Appereance > Menus, i.e: I need that this user (my client, on this case), be able to edit the MENUS of the WP theme.
    That’s all I need. Thank you in advance and congratulations for your work.

  • Hi,
    Thanks. Look at the admin menu blocking module of the User Role Editor Pro version
    http://role-editor.com/block-admin-menu-items
    You may achieve your goal with a few clicks using it.

    In case you do not wish to buy Pro version these post may help:
    http://role-editor.com/allow-access-appearance-menu-items/

  • Autorall Brazil

    You’re the man. Thank you!

  • Just installed the plugin, but it does not work. In settings, when I click I briefly see the full page of settings and then it instantly disappears. What am I doing wrong?

  • I suppose you may have some JavaScript error on your wp-admin, which could prevent jQuery to load properly. Please check JavaScript Console at Google Chrome (F12). Do you see any error messages their?

  • irmen

    I’m using your fine plugin, thank you very much!
    My problem is:
    I made a customfield with the modul “types”. I can see that field(in the backend), if I am an Administrator. But when I am logged in as a member, I can’t see the custom field (in the backend).

    So I tried to find out, which capabilitiy makes the difference.
    And I found, if I give my member the “level10” AND “Manage options”, then I see the field as a member.
    But then I’m able to manage all the options, and that should only be able for the administrator.
    Can you give an advise to me, how to handle this?

    I send the capabillities for the members.
    WP version: 3.2.1.
    User role editor version: Version 3.6.2

    Thank you very much!
    Irmen

  • Patty

    Vladimir,

    Can I create a capability to edit a single specific page? I’m a novice at code. If you can show me how this is possible I will buy your premium support for future questions.
    Thank you.

  • Hi Patty,

    It is not the question of just a new user capability creation. Some additional coding is needed. This feature is realized in the Pro version of User Role editor:
    http://role-editor.com/allow-user-edit-selected-posts/

    Regards,
    Vladimir.

  • bloggista

    Hi Vladimir, looks like a great plugin. HOw about retricting certain Theme or Plugin options? Any thoughts?

  • Hi,
    If you know PHP it is possible with additional code, look on this posts:
    http://role-editor.com/restrict-access-wordpress-widgets-area/
    http://role-editor.com/allow-access-appearance-menu-items/

    With admin menu blocking module of User Role Editor Pro may resolve this task more comfortably:
    http://role-editor.com/block-admin-menu-items/

  • Mark Wall

    Hiya! Is User Role Editor BuddyPress compatible, and if not could it be used on a sub-site of a Network that has BuddyPress on the main site?
    Thanks Vladimir!

  • Hi Mark,
    I did not test URE with BuddyPress myself, but i have no any reports about problems between them from plugin users either.
    Yes, you may activate URE for the subsite only. It will not influence to the main site. WordPress stores roles and user capabilities separately for every site of the network.

  • Umakanth

    I have Installed this Plugin in my WordPress and created Roles which i need for my application.I have one site from there users will register, once he register that user will created in Wrodpress.But Role name is not displaying.Please screen shot

  • If you create WordPress users with custom code you should assign the needed role to the user directly in that code.
    Check what role is set as default for WordPress also.

  • Umakanth Nune

    Yes, Based on Registration Process i am assigning the Role.But i am not correct output

  • Cdrice

    Hello, i’m looking to buy your plugin with lifetime licence, but before that, i’ve a few questions :
    I’d like to create an admin user who can create other users et define roles and modify only specific pages.
    The users he will create would be for a restricted acces of some pages, like “user 1” can see “page 1” , “user 2” can see the whole restricted pages, “user 3” can see “page 1 and page 3″, ..
    So when the user click a link ” retricted area” and log in, he will be able to see the pages definied for him.
    Last thing is an automatic delete or disable access of those users created after 30 days.

    We actually have a joomla website, and it can be done with it, i’d like it to be the same.

    Will i be able to do that, with a few knowledge of developpement ?

    Thx, and sorry for my bad english..

  • I assume this mistake: check if you use role ID (customer) not the role name (Customer) in your code.

  • Hi,
    >> I’d like to create an admin user who can create other users et define roles and modify only specific pages.
    It is possible with Pro version.
    https://www.role-editor.com/allow-user-edit-selected-posts/

    >> The users he will create would be for a restricted acces of some pages, like “user 1” can see “page 1” , “user 2” can see the whole restricted pages, “user 3” can see “page 1 and page 3″, ..
    So when the user click a link ” retricted area” and log in, he will be able to see the pages definied for him.
    It is possible with Pro version. You define what roles can view the post. User with other role will get 404 (not found) error for the restricted posts.
    https://www.role-editor.com/content-view-access-restriction

    >> Last thing is an automatic delete or disable access of those users created after 30 days.
    Pro version does not include such functionality. Look at this plugin http://www.paidmembershipspro.com/
    It is free. I think you may build needed functionality using User Role Editor Pro and Paid Membership Pro in conjunction: restrict special admin user with URE Pro and restrict view access to the posts for users with Paid Membership Pro.

  • Austin

    Hi,
    I was using this plugin to expand the “Editor” capabilities, but soon realized I needed to actually create a new type of user role to meet my needs. When I was using the plugin to change the “editor” capabilities I had no issues, but after creating the new “subadmin” role, myself and the newly added “subadmins” noticed that we keep getting logged out of wordpress rather frequently. Is this a problem you’ve seen before? Is there anything we can do to prevent this?

    Thanks,
    Austin

  • tullius3

    Hello, with the plugin can I create users who can:

    1) only edit specific pages and not have access to any other area of the dashboard
    2) only create posts to specific categories?

    In essence I want to be able to have users who can log in and only post to one specific category. For example, a user1 would log in and they would go to New Post, create their post, be able to upload an image to the post, publish it and it would be publish automatically under category “user1”. The same would be true for user2 and user3, etc.

  • tullius3

    Hello,

    Does your plugin allow the following:

    I am in need of having the ability to create users who:

    1) are only able to edit a specific page and not have any other access to the dashboard (plugins, settings, etc)

    2) users who are only able to create posts in a specific category and not have any other access to the dashboard (plugins, settings, etc)

    Ideally the user would log in and only be able to create a new post and then once they hit publish, it would automatically post in the category they are assigned to.

    Thank you

  • Hello,

    1) Yes, it is possible. User Role Editor Pro (role-editor.com) allows to restrict selected user access for editing for the giving list of pages or posts. Custom post types are not supported currently. Special module allows to block user access to the selected admin menu items. So finally user may have access to the Pages and Profile menu only.
    2) There is no support for automatic posting to the specific category in URE plugin. It is possible to produce custom piece of code which will provide such feature on the per role base. Starting point is this post
    http://shinephp.com/block-posting-to-selected-categories/
    I may help you with this after purchase of User Role Editor Pro subscription.

    Regards,
    Vladimir.

  • Hi Austin,

    I did not see this problem before. WordPress remembers user authentication via cookie. It is not related to the role assigned to the user, until you install some special plugin. If you do not use some special plugin managing user access period for standard roles only, then the problem could be related to the user browser settings. You may try this recipe
    http://premium.wpmudev.org/blog/how-to-extend-the-auto-logout-period-in-wordpress/
    to prolong user authentication period.

    Regards,
    Vladimir.

  • versusbassz

    Добрый день, Владимир.

    На странице редактирования пользователя в самом низу плагин размещает ссылку на редактирование прав этого пользователя (доп.роли, возможности и т.д.). В русском переводе текст этой ссылки – “Редактор”.
    Который раз когда пробегаю мимо неё, ловлю себя на мысли что именно такая фраза несколько двояка для данной ссылки, т.к. мне например всё время кажется, что у этого пользователя есть роль “Редактор” и мне предлагается как-то её отредактировать или что-то подобное. Особенно, думаю, это будет проявлятся для людей, которые только начинают использовать ваш плагин.

    Вообщем, мысль проста – изменить текст в ссылке с “Редактор” на “Редактировать”.

  • Здравствуйте,

    Спасибо. Принято. Опубликую изменённый перевод с ближайшим обновлением.

  • Kati

    Hi,

    First of all, thank you very much for the great / clean plug-in. Currently, I have more than 500 users that I would like to import their user profiles along with their multiple roles.
    Can this be done by the pro version’s Export/Import module?

    Thanks so much in advance.

  • Hi Kati,

    Current version of User Role Editor Pro allows to export/import the roles only, not the users.
    Thanks for the good idea for further development of the Pro version – to add the export/import users with data about there roles feature.

    Regards,
    Vladimir.

  • Kati

    Hi Vladimir,

    Thank you for your reply. I’ll be looking forward for that feature.

    Regards,
    Kati

  • staps99

    I have installed the plugin but I do not get the page with all the options. Am I missing something??

  • It seems – Yes. Look the “User Role Editor” menu item under ‘Users’ menu.

  • Ariane

    Hi, is it is possible with this plug-in to give back-end users rights to a specific category, so they won’t be able to edit in other categories?
    Thanks in advance.

  • Hi,
    There is no option for that in the User Role Editor.
    Try this recipe:
    http://shinephp.com/block-posting-to-selected-categories/

  • BromsBomber

    Is it possible for a user to choose a role via a simple form located on the home page?

  • BromsBomber

    Is is possible to create a popup or a widget allow users to choose/update their user role? I need users who sign in via social login to choose a role if they are a new user.
    Thanks Vladimir.

  • strags

    Is it possible to allow users who generally are restricted to only edit pages they create themselves permission to edit a specific “master” page? I have content on a page which I would like other users to be able to copy and then paste into their own page(s) which they then can edit.

  • Sandi Henning

    Hi I just updated my WordPress to 4.0 “Benny” and installed your plug in – but I can’t find it under the Plugins menu or see any changes under the User menu. It says it’s installed with lastest version when I go to Add a plugin. Is there another place I should be look?

  • Hi,

    Plugin is available to the user with ‘Administrator’ role. It is hidden from any other users.
    If it is not your case, check the PHP error log or set temporarily WordPress WP_DEBUG constant to true in order to check if some PHP error takes place, which prevent URE plugin to show itself.

    Regards,
    Vladimir.

  • If users should just copy content of that master page having ability to edit it someone may corrupt master page.
    Pro version has add-on which allows to restrict the set of pages available to the user with ‘edit_others_pages’ capability.
    https://www.role-editor.com/allow-user-edit-selected-posts/
    If you give user create_pages capability he still may add new pages and have access to edit them.

  • strags

    Thank you very much for the reply. Looks like the Pro version is what I need!

  • Sandi Henning

    I do have an Administrator role – but I still don’t see the plug in. I’m don’t know where a PHP error log is located or how to set WP_DEBUG constant. Still not seeing URE plugin.

  • In order to turn WordPress into the debug mode open wp-config.php file at your site root, find “For developers: WordPress debugging mode.” section and change the “false” value there to the “true” value:
    define('WP_DEBUG', false);.

    In case you can not resolve the issue yourself, consider to give me access to your site for the problem investigation. You may contact me at support [at-sign] role-editor.com

  • Sandi Henning

    I will try that on Monday when I get back to work. If I can’t get it to work I will contact you again. Thank you for answering me so promptly. It looks like a great plugin if I can get it to show up!

  • Michael

    Hello Vladimir,
    Is it possible for users to select or change their own role from a list of user roles using a simple form visible from the front end after they have logged in?

  • Hi Michael,
    I can not offer a decision for this moment.
    As there is such need I will think on including described feature to one of the future versions, possible variants: page with shortcode for redirection after login, additional role selection dropdown list field for the WordPress login form.

  • Endri

    Hello Vladimir,

    I want to add a new role but I am not sure how to. On author role I have ticked only: edit posts, publish posts, read and upload files. This way an author can add a new post, add media and publish but won’t be able to edit or delete not even his own posts. He can’t even delete the images he has added but he can edit those images. How can I do it so that once an article is published the author won’t be able to edit the images on that article?

    Thank you in advance,
    Endri

  • Additionally to the Settings, User Role Editor itself is available under Users menu.

  • eyedub

    thanks and great plugin, please could you tell me, how can I restrict a user role to edit certain pages instead of all?

  • There is no buit-in feature in WordPress for that.
    It is possible with the Pro version add-on:
    https://www.role-editor.com/allow-user-edit-selected-posts/

  • JT Sturgell

    Thanks for the PI. Is it possible to give capability to edit existing pages WITHOUT giving ability to create new pages?

  • Nikolas Karampelas

    Hello there, thanks for this great plugin!
    I want to use this with woo-commerce, ever heard of any conflicts that I need to be aware of?

    I ask because the woo commerce is adding users as clients.

    Thanks in advance 🙂

  • Hi Nikolas,

    There are no known conflicts between User Role Editor and WooCommerce. More, WooCommerce added custom set of user capabilities and defines its own roles, which you may customize with a help of User Role Editor.

  • While this feature is built-in to WordPress core, it is not active by default. User Role Editor Pro allows to use it:
    https://www.role-editor.com/

  • Nikolas Karampelas

    Thanks a lot 🙂

  • squeak2me

    Hello, I would like to know if I can use this plugin to create an admin user that is limited to only accessing reports on purchases made using our shopping cart, and having no other admin access – the primary role of the user is a subscriber, but they work for the company and need to access those sales reports to make sure no emails were missed etc.

    Thank you!

  • Hello,

    Do you use WooCommerce for shopping cart?

  • Lizz

    Hi,
    I want to give volunteers access to their own secure page, so I created a volunteer role, which allows them to view an otherwise hidden page…

    But they also have the ability to change the account password, I just want one generic volunteer log-in, is there a way to block them from changing passwords?

  • Hi there, I’ve left a help ticket on your WordPress page, but hoping I can trigger an answer somewhere.

    I have URE on a multi-site environment but non-Super-Admins cannot view the Media Library in Grid View (list view works fine) which means featured images and insert media cannot be used. I’ve tried

    – Disabling all plugins
    – Disabling all themes
    – a fresh WP install

    But the issue is still there, your help would be appreciated and this is urgent, I’m afraid.
    Thanks in advance!

  • I have this plugin and have created the roles I need, but is there a way for a person to choose the appropriate role when registering? I have three different levels. Customer is the default and then I have a Membership Level 1 and Wholesale Buyer. I was hoping to have a way of knowing what role they were applying for.

  • noman

    i used this plugin but there is a problem in it that it can give error on list user of a group “You do not have sufficient permissions to access this admin page”. can anyone help me to resolve it

  • John Felan

    I have created a website that requires the client to be able to access the Essential Grid plug-in to upload images to various grids and add text to them.

    I worked my way through the URE plugin enabling various permissions until I found that enabling “Manage Options” gave him access. Unfortunately it also gives him access to a whole lot of other backend functionalities that could cause issues down the track.

    Is this my only option or do you have another suggestion?

    Thank you
    John

  • Right, the 2nd step after giving to the role ‘manage_options’ capability is to block for it unnecessary functionality which ‘manage_options’ brings to it. Pro version of User Role Editor include ‘admin menu blocking’ add-on especially for this case.
    This post describes the similar problem resolved with URE Pro:
    https://www.role-editor.com/wp-statistics-access-other-roles/

  • Alex

    Hello, i have activated the plugin in a multisite network, created a new role and gave it all the capabilities(to test it), but unless I grant the specific user I want super admin priviledges I can’t seem to be able to create new sites. (and i can see there is that capabilitiy create_site , but still…)
    I guess i’m doing something wrong ?
    Thanks in advance

  • Hi Alex,

    If you will add to the user without superadmin privileges ‘manage_network’, ‘manage_sites’, ‘create_sites’ capabilities, such user will get access to the sites list at the Network Admin. Such user should type site-domaingwp-adminnetwork URL directly though.

  • Jason Alan Kennedy

    XSS Vulnerabilities have been found in your plugin. File user-role-editor/includes/class-garvs-wp-lib.php, line 233 and file user-role-editor/includes/class-ure-lib.php, line 790. Plz correct by properly escaping by surrounding the lines in question w/ esc_url().

  • Thanks for this note. I published the update, version 4.18.4.
    I did not hurry with publishing this fix as those calls are at the currently unused sections of code.
    I just planned to include the fix to the next version.

  • Glenn Rowe

    I have created a new custom role which now has access to custom capabilities that are used by my plugin. If I add that role as an additional role to a user with “administrator” as his primary role, the user gains permission to the new custom capabilities but looses permissions to other administrator capabilities he had before. Example… The user can not delete users when he has the additional custom role but he can when the additional role is not added.

  • I can not repeat a described issue. Look this short video:
    http://storage.googleapis.com/role-editor/downloads/support/admin-with-other-roles.ogv
    I created custom role “Gravity Forms Admin” with capabilities from the “Gravity Forms” plugin. I assigned to the test user “Administrator” role as a primary one and “Gravity Forms Admin” as additional role. Then I logged in under that “Test admin” user and deleted other user without problem.

    Have you any additional information which may help to repeat your problem?

  • Carl D

    Hello,

    Can you give an example of how to use the shortcode? Thanks!

  • View restriction by roles shortcode is supported by the Pro version only. Detailed description is here:
    https://www.role-editor.com/shortcode-content-view-access-restriction/

  • Mark Tank

    How does a person change their password under the “Subscriber” role?

  • Subscriber has access to his profile at the admin back-end by default, where he may change his password. A theme or plugin may block Subscriber’s access to the admin back-end. It should realize password change feature for front-end in this case.

  • Alan Weibel

    I have three custom roles. Each custom role has it’s own custom permission or ‘Capability’. I’m trying to show/hide menu items in header.php based on their role. I’m using similar code from your suggestion above, but it’s not working. The End User role has the role_enduser permissions and the Partner role has role_partner permissions. Users have to be logged in to see this page. I can confirm that the users have the correct roles and each role has the correct permissions in the admin. Can you help?

    I’m an End User

    I’m a Partner

  • Peter

    Hi Vladimir

    I want to allow a user to ONLY be allowed to manage certain pages or sets of pages within a site. Does your plugin handle this? if yes, do those permissions permeate to all child pages too (e.g. so a user could be responsible for managing a whole section of a site and all its pages under it with one permission setting) Thanks

  • Hi Peter,

    Pro version allows to configure WordPress that way, when user can edit just the subset of posts or pages (including custom post types):
    https://www.role-editor.com/allow-user-edit-selected-posts/

    Automatic child pages inclusion is not supported currently. I plan to realize this feature.

  • Bethesda RBC

    Is there a way to restrict a user to only be allowed to use one certain plug in (i have a user who’s job is to update and send a newsletter from a newsletter plugin for my site)? thanks!

  • mark

    hi, i have about 10 users id like to be able to buy private products on my site, ive changed on of the roles, to allow them to Read private products but when logged in they still cant see them. am i doing something wrong?

  • Green Hope

    Hi! I recently updated the latest plugin (4.20.1) two weeks ago. With version 4.20, our “contributor” role was able to see several links on our page but now, they are unable. When I do a restore of our file to the 4.20 version, the contributor role was able to access the links in question, so I know it is something to do with the latest release.

  • Hi!

    The difference between 4.20 and 4.21 is: “Primary default role” drop-down menu was not shown at “Settings – User Role Editor – Default Roles” tab for WordPress single site installation.

    If you compare these versions source code you will see that is true. This changes could not influence contributor role as it never has access to the User Role Editor Settings page.

    Could you provide more details in order I may repeat your issue yourself? About what links do you write?

  • WP Developer

    Hi,

    This is a really great plugin. Here’s my question. I have set-up user roles/groups and assigned them certain posts and pages. The problem is I was only wanting to have restricted access on the backend. However, I am noticing this is restricting access to anyone who comes to the site on the front-end. Is there a way to make all front-end pages visible to any non-logged in users? Thanks!

  • Bernie Raffe

    The ‘User Role Editor’ option under ‘Users’ ha disappeared and so there is no way of bringing up the User Role Editor plugin (WordPress version is 4.4.1 , User Role Editor version is 4.23.1). Maybe it’s been moved somewhere else, but I can’d find it!

  • It should be still there, under “Users” menu. Is the same menu item available under the “Settings” menu?
    Try to deactivate plugin and activate it back.

  • Bernie Raffe

    Yes, that did it, it’s back now. Thank you

  • David

    Hi Vladimir, thank you for this great plug-in. I am new to it and WordPress admin as I have just taken over site utilising this. We have a word press site using this plug in and I am having trouble giving any users apart form Admin or Editor the ability to create posts… Please screen shot of what I have selected within Admin but which isn’t revealing the add a post under the specific User Role. Any ideas gratefully received. Thank you.

  • ‘edit_posts’ is used by default to allow create new posts and edit existing own posts. Try to deactivate all plugins and re-test. I suppose that some plugin may change this default permissions.

  • Organik Soft

    Hi Vladimir, I need to add custom capability. Do you maybe have some tutorial on that? I know how to add capability but I need to know how to define it. We have plugin on website for re-ordering posts and I would like to add capability for post reordering to Author. Now only Administrator can re-order posts. Thanks In Advance, Marko

  • Anon

    Heads up: on multisite uninstall, craps out with undeclared variable “wpdb” line 32 – needs “global $wpdb” declaration to precede it.

  • Thank you. This issue was reported already. It will be fixed with the next update.

  • Mach

    Hi Vladimir, Your plugin is very nice, I´m using it. My question is: Is there any possibility to change the default sentence for private sites when the user is not loged id?

  • Ryan Johnson

    Hell Vladimir. Love what this plugin does but I need help with one area. I’m sure it’s just something I’m missing: I can create a role that allows the person to create and publish a page but the “Categories” section is grayed out. How can I fix that so the author can select a category?

  • ‘edit_posts’ is enough to select categories at the post editor page. If it is not, look at the plugins. Some may modify the default behaviour.
    This may vary for the custom post types though. For example WooCommerce product requires ‘assign_product_terms’ capability in order to select ‘Product Categories’ at the editor page.

  • Ryan Johnson

    Not posts, PAGES like I said. User designated as “Editor” can do it (right side of the image). The new role of “Manager” (left image) does not allow for it. This is the whole reason we purchased this plugin.

  • Hi Ryan,

    If you will use forum at https://www.role-editor.com or contact me directly as Pro version registered user you will get a response much faster.

    WordPress pages don’t have categories by default. Some customization done at your site. So I can not give you an exact answer. The straight forward way to find needed capability is to start from a copy of the editor role and exclude capabilities one by one until user with this custom role will not lose access to the categories meta box at the page editor.

    You may start from adding ‘edit_posts’ capability though. If that will help, it’s possible to block access to the ‘Posts’ menu via ‘admin menu access’ additional module:
    https://www.role-editor.com/block-admin-menu-items

  • ronaldus

    Is there a support section on this site?
    I have a small problem with the pro-version and the theme settings of sub-sites in my MS install that I’d like to show/discuss…

    Cheers!

  • For Pro version support you may login and register topic at the forum:
    https://www.role-editor.com/forums
    or write directly to support email

  • Adam

    Hello, Is it possible to use this plugin to create a user profile that has access to only processing orders via woocommerce?

    We have the need to allow specific staff members the ability to checkout someone out and that’s it.

    Thank you in advance for your time.

  • pierre

    Hello…
    I have installed it on a multisite and I don’t have access to the “Parameters” link in any site (whereas I am superadmin !!!) : I get a message saying I haven’t enough rights to get to this page

    (“Vous n’avez pas les droits suffisants pour accéder à cette page’)

    Any idea please ? thanks..

  • Hi,

    Does problem go away if you deactivate User Role Editor?

  • DafNa Dark

    Добрый день.

    Подскажите пожалуйсто как быть. Был создан дополнительный тип записей( post_type=test ) .В него пользователи группы = участники могут добавлять свои записи, но вопрос в том что они сразу идут на публикацию а не на утверждение, а если поменять, что бы пользователи отправляли записи в тип post то все работает корректно. это надо создавать дополнительные возможности или как быть?

  • Xatzipanayiotou Charis

    Hi how can i allow to a contributor to edit posts and pages but without publishing the changes before admins apporval?

  • It’s possible with PHP coding only. Try this recipe:
    http://shinephp.com/change-published-to-pending/

  • It’s possible with Pro version only via setting edit restrictions for role or user:
    https://www.role-editor.com/allow-user-edit-selected-posts/

  • Kim Kawlan

    Excellent article . BTW , if someone
    needs a DD 2842 , I used a blank document here https://goo.gl/ikMMkA

  • Garnetta Sullivan

    How can I allow a user to delete media files from the library?

  • 1st, user should have “upload_files” in order to get access to the Media Library.
    Then, if media library item is attached to the post, user should have a permission to edit that post. That is his role should have at least ‘edit_posts’, ‘edit_published_posts’ and even ‘edit_others_posts’ capabilities.

  • Garnetta Sullivan

    The user does have “upload_files” privileges and “edit_posts” and “edit_pages” and the media is not attached to a post or page, but they still cannot delete the media. I won’t give the privilege of editing or removing pages or posts created by another. So this may be the issue. Although, the user cannot even delete the media they uploaded. ????

    Is there any way to give them the ability to remove images the user has uploaded without giving the user the ability to edit/remove other’s pages and posts?

  • Add ‘delete_posts’, ‘delete_published_posts’ in order user can delete own media lib. items, ‘delete_others_posts’ – for items uploaded by others.

  • Hello Vladimir.
    is it possible to rename the WordPress Administrator account (I want to rename it to ‘WordPress Administrator’)?

  • Hi Simon,

    Yes, it’s possible. Use “Rename Role” button. To see “Administrator” role in the roles list at the “User Role Editor” turn ON the 1st option at “Settings->User Role Editor->General” tab.

  • Gopinath

    Hi, is it possible to allow user access to the DESIGN/MENU section? Somehow I don’t see the checkbox for this option. thank you!

  • Hi,

    “Appearance” menu and all its submenu items including “Menu” one are protected by the same user capability ‘edit_theme_options’.

  • Hello. Just downloaded the Plug_In on a Multisite installation with 3 sites. WP version 4.6. After instalation the User Roles are displayed but they can’t be slected. If you click on “editor” to change the role the screen refreshes and stayes showing “contributor”. Tried in Chrome and Safari and loged in and out….
    Any ideas?
    Thanks

  • Hi,

    Check the browser JavaScript console for the error messages.

  • I am wondering what the shop manager capabilities include? Can I make a user who can only see the coupon codes in my shop? I am thinking of using it as a part of an affiliate program & want people to be able to see their sales for their coupon code but Nothing else.

  • Peter

    Is it possible to customise user publishing to specific categories.
    E.g

    Publish to category A and C but not B