Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Loading…

Saving/permissions issues. #84

Closed
mattwiebe opened this Issue · 3 comments

2 participants

@mattwiebe

I integrated Options Framework into my The Erudite and have been having a number of reports of the options not saving. I'm wondering if there are any known issues that could be causing it?

I've been unable to reproduce this in any situation, but have a theory: maybe your use of the Settings API is producing situations where users are able to view the theme options, but not to save them? In other words, you need the edit_theme_options permission to view the theme options page, but here's permissions for the Settings API from the codex page:

NOTE: When using the Settings API, the form posts to options.php which provides fairly strict capabilities checking. Users will need 'manage_options' capability (and in MultiSite will have to be a Super Admin) to submit the form.

This creates a situation where users--especially in a Multisite setup--where users can see the options, but not save them, which is bad.

The two solutions would be 1) register the theme options page with the 'manage_options' capability, or 2) stop using the Settings API. I think the latter is the better user experience, but of course more work.

@devinsays
Owner

Yes, here's the core ticket: http://core.trac.wordpress.org/ticket/14365

Twenty Eleven got around it by using this:

/**
 * Change the capability required to save the 'twentyeleven_options' options group.
 *
 * @see twentyeleven_theme_options_init() First parameter to register_setting() is the name of the options group.
 * @see twentyeleven_theme_options_add_page() The edit_theme_options capability is used for viewing the page.
 *
 * By default, the options groups for all registered settings require the manage_options capability.
 * This filter is required to change our theme options page to edit_theme_options instead.
 * By default, only administrators have either of these capabilities, but the desire here is
 * to allow for finer-grained control for roles and users.
 *
 * @param string $capability The capability used for the page, which is manage_options by default.
 * @return string The capability to actually use.
 */
function twentyeleven_option_page_capability( $capability ) {
    return 'edit_theme_options';
}
add_filter( 'option_page_capability_twentyeleven_options', 'twentyeleven_option_page_capability' );

I think something like that would probably be the route to success.

@devinsays
Owner

Have not tested this yet, but I believe this should work:
2a157fd

@devinsays
Owner

I am going to close this. We can re-open if the issue is reported again.

@devinsays devinsays closed this
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.