- This topic has 0 replies, 1 voice, and was last updated 6 months, 1 week ago by
.
-
Topic
-
During the plugin activation, in the mb_cpt_load() function the plugin displays a Meta Box in the admin menu:
// Show Meta Box admin menu. add_filter( 'rwmb_admin_menu', '__return_true' );mb-custom-post-type.php line 31
Although the public add_menu() function on line 61 of inc/about/about.php in the meta-box plugin clearly shows the capabilities to be limited to activate_plugins:
add_menu_page( __( 'Meta Box', 'meta-box' ), __( 'Meta Box', 'meta-box' ), 'activate_plugins', 'meta-box', '__return_null', 'data:image/svg+xml;...' );The Meta Box menu item is displayed for any user with at least a contributor role.
For now I am manually removing this in functions.php using:
add_action( 'admin_menu', 'my_menu_fix' , 100 ); function my_menu_fix(){ if ( ! current_user_can('manage_options') ) { remove_menu_page( 'meta-box' ); //Meta Box } }But this should be corrected in the mb_cpt_load() function directly:
// Show Meta Box admin menu if allowed: if ( current_user_can('activate_plugins') ) { add_filter( 'rwmb_admin_menu', '__return_true' ); }I’ll now fork this on github and submit a pull request.
- You must be logged in to reply to this topic.