New to the community? Start here

Fault with Define Default Admin Capability

I have a query re Membership2 Pro

In the Help option in the admin I see this;

Thank you for using Membership 2

Here is a quick overview:

You use verion 1.0.2.6 of Membership 2

Hey, this is the PRO version of Membership 2 – thanks a lot for supporting us!

All users with capability manage_options are M2 Admin-users.

Currently M2 is configured to not send any emails.

WP_DEBUG is disabled on this site.

If I click on Advanced Settings I see the following;

Define Membership 2 Admin users

By default all users with capability manage_options are considered Membership 2 admin users and have unlimited access to the whole site (including protected content). To change the required capability add the line define( “MS_ADMIN_CAPABILITY”, “manage_options” ); in wp-config.php. When you set the value to false then only the Superadmin has full access to the site.

If I enter define( “MS_ADMIN_CAPABILITY”, “manage_options” ); in wp-config.php users without manage_options are still un-restricted by role for content

These users do have some admin access to manage users but they are seeing menu items I do not want them to see and content I do not want them to see.

I have tried changing this to define( “MS_ADMIN_CAPABILITY”, false ); so only I have unrestricted access but that has no effect either

Any ideas?

Support Access is granted.

Fri, 8 Jan 2016 20:17:55
  • Tyler Postle
    • Recruit

    Hey Wayne,

    Hope you’re doing well today!

    So you want to give some users access to manage users but don’t want to give them too much access?

    The best option in this case is to change the required capability.

    By default you can see it is “manage_options”; however, that is the capability required to change settings in almost all plugins.

    Let’s change it to something a little more restrictive like “read_private_posts”, it won’t really give them access to anything further besides private posts.

    So add this to your wp-config.php now:

    define( "MS_ADMIN_CAPABILITY", "read_private_posts" );

    Then you can either create a membership that includes the read_private_posts capability and apply that membership to the users you want to be able to manage users or you can use this plugin: https://en-ca.wordpress.org/plugins/user-role-editor/ to apply the capability to the specific users :slight_smile:

    Hope this helps! If you have any further questions just let us know.

    Cheers,

    Tyler

  • Wayne
    • The Incredible Code Injector

    Hi @Tyler Postle

    Sorry I understand all of that, what I am saying is that whatever I set it to in the wp-config it makes no difference, the staff accounts still are not restricted by the membership plugin because they are technically admins and are exempt. They do not have manage_options on their permissions but yet they are still being classed as membership admins.

    Applying the setting in wp-config has no effect at all whatever I set it to.

    Wayne

  • Tyler Postle
    • Recruit

    Hey Wayne,

    Sorry, I definitely misunderstood that.I’ve just tested this on my sandbox and as soon as I take away the capability from the user it removes their membership admin status.

    So you have it set to “manage_options” right now? I can see that your volunteer coordinator doesn’t have that capability but is still an admin.

    Would you be able to send in your FTP so I can debug further? :slight_smile:

    You can send that privately through our contact form: https://wpmudev.com/contact/

    Select “I have a different question” for your topic – this and the subject line ensure that it gets assigned to me.

    Send in:

    Subject: “Attn: Tyler Postle

    -WordPress admin username

    -WordPress admin password

    -login url

    -FTP credentials (host/username/password)

    -link back to this thread for reference

    -any other relevant urls

    **If you keep support access active then no need to send in wp-admin

    Look forward to hearing back!

    Cheers,

    Tyler

  • Wayne
    • The Incredible Code Injector

    @Tyler Postle

    I have created a custom capability of “membershipadmin” and set the config file as follows

    define( "MS_ADMIN_CAPABILITY", "membershipadmin" );

    Ideally I would like it so that only for roles that have this selected can be classed as membership admins. Having tested it again it does not work.

    Regards

    Wayne

  • Tyler Postle
    • Recruit

    Hey Wayne,

    Sorry for my delay here and glad you got this sorted out. I’m sending some points your way for posting back the solution. It’s odd I’m not getting the same issue. I see we already have some staff on your other ticket. We’ll continue helping out there :slight_smile:

    Cheers,

    Tyler