How to allow editor to edit privacy page / settings only?

In my WordPress installation (4.9.8.) the editor role isn't allowed to edit the privacy page.

It would work with following in my functions.php:

$role_object = get_role( 'editor' );
$role_object-add_cap( 'manage_privacy_options', true );
$role_object-add_cap( 'manage_options' ); // this needs to be active in order that before cap works

But now the editor has lot more rights than just editing the privacy page.

Is there another way to grant access to the editor user role with some lines of PHP code?

As a workaround I make usage of this Plugin now: https://wordpress.org/plugins/manage-privacy-options/

Another kind of workaround is just to choose no privacy page in the privacy settings.

Topic privacy privileges user-roles Wordpress

Category Web

1
answered at

The provided answer did the trick. However, this line:

if (array_intersect(['editor', 'administrator'], $user_meta->roles)) {

Was generating this error:

array_intersect(): Expected parameter 2 to be an array, null given in

So I tweaked the code a bit to ensure that both values were valid arrays (full code):

add_action('map_meta_cap', 'custom_manage_privacy_options', 1, 4);
function custom_manage_privacy_options($caps, $cap, $user_id, $args) {
    if ( !is_user_logged_in() ) return $caps;

$target_roles = array('editor', 'administrator');
$user_meta = get_userdata($user_id);
$user_roles = ( array ) $user_meta->roles;

if ( array_intersect($target_roles, $user_roles) ) {
    if ('manage_privacy_options' === $cap) {
        $manage_name = is_multisite() ? 'manage_network' : 'manage_options';
        $caps = array_diff($caps, [ $manage_name ]);
    }
}

return $caps;
}
1
answered at

Editing the privacy policy page is restricted to manage_privacy_options as pointed out in a comment in the WordPress core file wp-includes/capabilities.php:

/*
 * Setting the privacy policy page requires `manage_privacy_options`,
 * so editing it should require that too.
 */
if ( (int) get_option( 'wp_page_for_privacy_policy' ) === $post->ID ) {
  $caps = array_merge( $caps, map_meta_cap( 'manage_privacy_options', $user_id ) );
}

To allow users with the roles editor and administrator who can edit pages (in single and also multisite instances) to edit and delete the privacy policy page one has to overwrite the $caps array:

add_action('map_meta_cap', 'custom_manage_privacy_options', 1, 4);
function custom_manage_privacy_options($caps, $cap, $user_id, $args)
{
  if (!is_user_logged_in()) return $caps;

  if ('manage_privacy_options' === $cap) {
    $manage_name = is_multisite() ? 'manage_network' : 'manage_options';
    $caps = array_diff($caps, [ $manage_name ]);
  }
  return $caps;
}

Update: Allow users with the role editor or administrator to edit and delete the privacy policy page (which is not possible per default in multisite instances):

add_action('map_meta_cap', 'custom_manage_privacy_options', 1, 4);
function custom_manage_privacy_options($caps, $cap, $user_id, $args)
{
  if (!is_user_logged_in()) return $caps;

  $user_meta = get_userdata($user_id);
  if (array_intersect(['editor', 'administrator'], $user_meta->roles)) {
    if ('manage_privacy_options' === $cap) {
      $manage_name = is_multisite() ? 'manage_network' : 'manage_options';
      $caps = array_diff($caps, [ $manage_name ]);
    }
  }
  return $caps;
}
1
answered at

Thanks @Sven for the nice workaround, it works well but I had an issue when the user is not yet logged_in, the map_meta_cap action is fired anyway, which resulted on a "502 bad getaway" error. I added a is_user_logged_in() test before like so :

if (is_user_logged_in()){
    add_action('map_meta_cap', 'custom_manage_privacy_options', 1, 4);
}

Maybe it's my server configuration (nginx) that results on this bug, but if someone get the same error, here is a solution.

About

Geeks Mental is a community that publishes articles and tutorials about Web, Android, Data Science, new techniques and Linux security.