I have new custom role made for WordPress
In Bricks->Settings->builder access, role is set to “No access”
When I create new user (with that custom role) it has access to builder on user level.
Every time new user is created I have to manually disable access. I think for new users it should be default to whatever is set in bricks global settings.
Thanks so much for your report!
How can I reproduce the problem?
How did you create the custom role?
I am able to get both results and I am able to reproduce the issue.
We are using plugin called “admin menu editor” (Admin Menu Editor – WordPress plugin | WordPress.org) I have the pro version of it. It has feature to register new roles. It should use add_role(). I havent tested to register new roles manually (custom function etc.).
New roles are visible in bricks settings (test role, test role 2):
To reproduce this issue we need to create a role that copies capabilities from administrator. (test role 2). It should be one time copy only, not “sync”. Should be doable with custom function too?
In setting it says “No access”, but when I create new user with role “test role 2” it has full access.
I will send you access to my playground via email.
I contacted the author of plugin he replied with following:
Have you ruled out the possibility that bricks always gives access to
roles that have certain admin capabilities, regardless of “builder
access” settings? Try the same thing with a more limited role like
“Author” and see if the problem still happens.
If bricks looks for a specific capability, and that capability is also
used for an admin menu item, enabling that item for the custom role
would give them the capability even if it’s not enabled in the “Roles” tab.
Does the problem persist if you temporarily deactivate Admin Menu
Editor Pro? This would at least rule out issues with the admin menu
configuration and the “editable roles” feature. If the same thing still
happens when AME is inactive, it’s most likely related to role capabilities.
Tested: user still gets access to bricks
Can you please try creating the role by copying from another role (e.g. Author) as suggested by the plugin author?
Not to hijack the thread, but I have the same problem using the Members plugin. Setting the new role to no access in the Bricks builder access menu, the role still has full Bricks access and capabilities.
Update: when I disable the edit posts permission for the user role in the Members plugin, the Bricks permissions are revoked. However, that role then can’t edit normal posts either, which is no good. Seems the Bricks permissions are somehow coupled to the edit post permissions, shouldn’t this be decoupled?
Update 2: I think I narrowed it down to the ‘remove user’ permission in the Members plugin. Strangely there are two permissions named ‘remove user’. Enabling one of them doesn’t seem to do anything at all, it doesn’t actually give remove user permissions to the role. Neither does it give Bricks access.
Enabling the other ‘remove user’, does give permission to remove a user as well as full Bricks access. I think this ‘remove user’ setting, is the one that should be decoupled from enabling Bricks access.
BTW I’m using a role that is cloned from the default WP ‘Author’ role.