PLEASE NOTE: These forums are no longer utilized and are provided as an archive for informational purposes only. All support issues will be handled via email using our support ticket system. For more detailed information on this change, please see this blog post.

gform_full_access role seems to be causing permission issues

  1. media50
    Member

    I've been trying to track down a permissions issue whereby going to an admin page for another plugin (SlidePress) was throwing an "insufficient permissions" error, even though the user's role was "administrator".

    The wp_capabilities entry in the wp_usermeta table for this user contains multiple roles: administrator and gform_full_access. My understanding from doing a little Googling this morning is that support for multiple roles in WordPress existed for a while, but is no longer. I think this is causing my permissions problem.

    To test this, I created a new user, assigned it the "administrator" role and checked the wp_capabilities entry in the wp_usermeta table for the new user. The order of the elements in the wp_capabilities array was "administrator", "gform_full_access". At this point, the user was able to render the secured page. I then updated the user through the WP admin, and for some reason (not really important why) the order was switched. Now the user is unable to render the secured page.

    I believe that the permissions check is being done by the WordPress core, which makes me believe that it's only expecting a single role for the user. If, as it seems, support for multiple roles was removed in 2.9 or 3.0, this seems to be something that should be addressed in Gravity Forms. I've looked at both the latest stable and beta zips, and this role seems to be added automatically to any user with the "administrator" role.

    In the meantime, I've flipped the order of the roles directly in the db for the users having issues and everything seems happy. But as soon as those users are edited through the WP admin, it may break again.

    Can you please let me know how to best handle this? And if I'm completely off-track here, just say so. :)

    Thanks!

    Posted 13 years ago on Thursday January 6, 2011 | Permalink
  2. gform_full_access is a capability, not a role itself. So that isn't going to be the issue.

    The issue is most likely how SlidePress is adding it's admin menu items in WordPress, if it is added in generic fashion rather than being more specific with how they implemented the code to add menus this can cause this error to occur when other plugins that also add custom admin pages also exit.

    If you send us a copy of the SlidePress plugin to carl@rocketgenius.com we can take a look.

    Posted 13 years ago on Thursday January 6, 2011 | Permalink
  3. media50
    Member

    Carl,

    Yes, it appears to be a SlidePress issue. And you are correct in that it's tied to how they are adding menu pages -- well, sort of. They're doing a check of the user's current role by grabbing the first element in the wp_capabilities array. I'll contact them directly to address the problem.

    Thanks for your help, and apologies for wasting your time.

    Posted 13 years ago on Friday January 7, 2011 | Permalink
  4. Sounds like they are doing it wrong then. They need to be using built in WordPress functions to get the user information. You can check if a user is an administrator using this:

    current_user_can("administrator")

    You would use that as part of an if statement to only execute code if the current_user_can("administrator").

    Posted 13 years ago on Friday January 7, 2011 | Permalink