Saving/permissions issues. #84

mattwiebe opened this Issue Jan 3, 2012 · 3 comments

2 participants


I integrated Options Framework into my The Erudite and have been having a number of reports of the options not saving. I'm wondering if there are any known issues that could be causing it?

I've been unable to reproduce this in any situation, but have a theory: maybe your use of the Settings API is producing situations where users are able to view the theme options, but not to save them? In other words, you need the edit_theme_options permission to view the theme options page, but here's permissions for the Settings API from the codex page:

NOTE: When using the Settings API, the form posts to options.php which provides fairly strict capabilities checking. Users will need 'manage_options' capability (and in MultiSite will have to be a Super Admin) to submit the form.

This creates a situation where users--especially in a Multisite setup--where users can see the options, but not save them, which is bad.

The two solutions would be 1) register the theme options page with the 'manage_options' capability, or 2) stop using the Settings API. I think the latter is the better user experience, but of course more work.


Yes, here's the core ticket:

Twenty Eleven got around it by using this:

 * Change the capability required to save the 'twentyeleven_options' options group.
 * @see twentyeleven_theme_options_init() First parameter to register_setting() is the name of the options group.
 * @see twentyeleven_theme_options_add_page() The edit_theme_options capability is used for viewing the page.
 * By default, the options groups for all registered settings require the manage_options capability.
 * This filter is required to change our theme options page to edit_theme_options instead.
 * By default, only administrators have either of these capabilities, but the desire here is
 * to allow for finer-grained control for roles and users.
 * @param string $capability The capability used for the page, which is manage_options by default.
 * @return string The capability to actually use.
function twentyeleven_option_page_capability( $capability ) {
    return 'edit_theme_options';
add_filter( 'option_page_capability_twentyeleven_options', 'twentyeleven_option_page_capability' );

I think something like that would probably be the route to success.


Have not tested this yet, but I believe this should work:


I am going to close this. We can re-open if the issue is reported again.

@devinsays devinsays closed this Jan 29, 2012
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment