Closed andyburnsco closed 3 years ago
So this https://github.com/civicrm/civicrm-wordpress/pull/231 not this plugin
@andyburnsco The "action links" you point to in the code are visible below the this plugin on the "Plugins" screen in WordPress Admin. By definition they are only visible to those with access to the "Plugins" page, which means they have manage_options
in Single Site and manage_network_options
in Multisite. As a result, I'm pretty sure they need no capability check.
Your screenshot shows the CiviCRM "Settings" page link introduced in 5.34 and, as you rightly point out in your follow up comment, has the wrong access capability assigned. Thanks for catching this - I'll create a PR there.
@andyburnsco https://lab.civicrm.org/dev/wordpress/-/issues/96
For the submenu settings link in the left admin bar underneath CiviCRM, no permission exist on who can access them. It appears if you can _accesscivicrm, you can see the link. The settings link should require _administercivicrm.
https://github.com/christianwach/civicrm-admin-utilities/blob/master/civicrm-admin-utilities.php#L519
On Version 0.8.3.
On Civi 5.35.0 this is occurs. On Civi 5.31.0 it does not. Something changed in core.