Closed mwittmann closed 3 years ago
@mwittmann Nice catch. I'll attend to this when I have time.
@mwittmann Have a look at this issue for a temporary fix.
@mwittmann Try 10d96673102037713fe07d64d6296b30ab66b23d and see if that works for you. (It should)
The commit works perfectly, thanks!
On my WordPress multisite, I've created a WordPress "Site Admin" role that gives a user all regular WordPress "Administrator" role capabilities, but does not give them access to CiviCRM. My intention is precisely that: let them have all regular WordPress child site Administrator capabilities, but do not let them access CiviCRM.
That mostly works fine. However, I find that such users can still access the (relatively new?) "CiviCRM Settings" page (https://mydomain.org/wp-admin/admin.php?page=civi_options).
This is the case even though "Settings Page Access" and "Administer CiviCRM" restrictions are enabled (checkbox checked) on the network options for "CiviCRM Admin Utilities" (https://mydomain.org/wp-admin/network/settings.php?page=cau_network_parent).
Could/should "CiviCRM Admin Utilities" suppress access to the "CiviCRM Settings" page, controlled either with the existing "Settings Page Access" and "Administer CiviCRM" checkboxes, or possibly through a new checkbox option?