How to allow editor to edit privacy page / settings only?

by

In my WordPress installation (4.9.8.) the editor role isn’t allowed to edit the privacy page.

It would work with following in my functions.php:

$role_object = get_role( 'editor' );
$role_object->add_cap( 'manage_privacy_options', true );
$role_object->add_cap( 'manage_options' ); // this needs to be active in order that before cap works

But now the editor has lot more rights than just editing the privacy page.

Is there another way to grant access to the editor user role with some lines of PHP code?

As a workaround I make usage of this Plugin now:
https://wordpress.org/plugins/manage-privacy-options/

Another kind of workaround is just to choose no privacy page in the privacy settings.

3

Editing the privacy policy page is restricted to manage_privacy_options as pointed out in a comment in the WordPress core file wp-includes/capabilities.php:

/*
 * Setting the privacy policy page requires `manage_privacy_options`,
 * so editing it should require that too.
 */
if ( (int) get_option( 'wp_page_for_privacy_policy' ) === $post->ID ) {
  $caps = array_merge( $caps, map_meta_cap( 'manage_privacy_options', $user_id ) );
}

To allow users with the roles editor and administrator who can edit pages (in single and also multisite instances) to edit and delete the privacy policy page one has to overwrite the $caps array:

add_action('map_meta_cap', 'custom_manage_privacy_options', 1, 4);
function custom_manage_privacy_options($caps, $cap, $user_id, $args)
{
  if (!is_user_logged_in()) return $caps;

  if ('manage_privacy_options' === $cap) {
    $manage_name = is_multisite() ? 'manage_network' : 'manage_options';
    $caps = array_diff($caps, [ $manage_name ]);
  }
  return $caps;
}

Update: Allow users with the role editor or administrator to edit and delete the privacy policy page (which is not possible per default in multisite instances):

add_action('map_meta_cap', 'custom_manage_privacy_options', 1, 4);
function custom_manage_privacy_options($caps, $cap, $user_id, $args)
{
  if (!is_user_logged_in()) return $caps;

  $user_meta = get_userdata($user_id);
  if (array_intersect(['editor', 'administrator'], $user_meta->roles)) {
    if ('manage_privacy_options' === $cap) {
      $manage_name = is_multisite() ? 'manage_network' : 'manage_options';
      $caps = array_diff($caps, [ $manage_name ]);
    }
  }
  return $caps;
}

Leave a Comment