Mismatched permissions for theme settings

  • Author
    Posts
  • #100295

    The Nirvana settings page is added for all users with the “edit_theme_options” capability, which seems appropriate.

    However, the settings are then created and managed using the WordPress Settings API, which only allows updates by users with the “manage_options” capability (see the first yellow flag on the documentation).

    So if a user (such as an Editor) has been granted the “edit_theme_options” capability, they can view the settings page, but get a permissions error when they actually try to save.

    Both viewing and saving these settings should be behind the same permission.

Viewing 1 post (of 1 total)

You need to log in to reply to this topic.