NO BUG: Bricks 2.0: Editor Permissions - admin always has full access

Currently in 1.12.4 you can set an admin WP user to edit only permissions.

In 2.0 they are forced to always be full access. This is no good for clients that have admin access to WP that you need to control access to the builder.

You should still be able to set a Bricks permission level per user no matter what WP user level they are.

If the role name was “administrator”, I believe it was locked even before. Can you show me how you edited the permissions in 1.12.4, so I can replicate it?

You can always create new role for users, and add all capabilities, then you can assign different builder access for them.

Matej

In 1.12.4 go to the users list, then select an admin user and edit their profile.

You see this:

It’s a per user setting which is super handy.

There are many reasons to give clients full admin access rather than custom privileges, we’ve encountered many many issues with various plugins and permissions over the years that are hard to sort if you don’t use admin as your user role.

I’d like to be able to retain the ability from the current setup but apply one of the custom created Bricks roles enabled in v2

Ah, I see, you mean here. I was checking in Bricks Settings.

So, from 2.0-alpha forward, if the user has manage_option capability, then we consider that it has full access (admin account).

I’ll mark this topic as no-bug because this is a new behaviour. Previously, the capability wasn’t set/checked correctly, and would cause some odd issues.

Best regards,
Matej

I feel like that’s a major regression. We’ve got a lot of sites with admin users assigned to clients that will suddenly be able to edit all parts of content they previously couldn’t.

I feel like it should stay working the way it does now. It will cause all sorts of issues. There are a bunch of form plugins that don’t play nicely with custom permission sets and we CANNOT have users that want to edit forms be any less than Admin even with custom permissions. Also we feel that at least one client account should be an admin user for the reason of site ownership. Most of those clients have no business with full access to bricks though.

Hope the team brings back user-level control—critical for agency workflows

1 Like

Yes agreed.

Oxygen had this years ago.

Also another use case is agency employees who need admin access to the site but are not competent front end devs.

Being able to limit the things they can do in the builder with the new permissions system would be super helpful and help speed up client work.as well as keeping the site safe.

The default for admins should be full access no question. However, we HAVE to be able to override it on a user by user basis.

I’ve made a suggestion here:

If you want to add your support to it.

1 Like