Appointments+ Administrative Permissions

Hi! I'd like to report a bug: Appointments+ 2.2.3 doesn't respect Administrative Permissions (Appointments Role Access) assignments if user role has "delete_users" capability, in which case despite giving user role access, no access is granted. Removing the "remove_users" capability from user role, suddenly fixes this all granted access is respected.

  • Nahid
    • Tech Support

    Hey David @ BBS !
    Hope you are having a great day!

    I was able to replicate the issue as well in my test site. This has already been flagged to the developers of the plugin. They'll be back to us with any updates, confirmations, workarounds and fixes (if possible) in this ticket (or we'll be updating the ticket as soon as we hear back from them internally). Please note that the response time of the developers might be a bit delayed than that of the general support staff. We really appreciate your patience and consideration regarding this.

    Kind regards,
    Nahid

  • David @ BBS
    • Site Builder, Child of Zeus

    Hi Nahid,

    It's been a five months since our last interaction on this topic and still no update on this. We've gone through 2 plugin updates and this still hasn't been addressed. Under v2.2.5 the problem still exists.

    What's the status on this? Would love to know how we need to move forward.

    Thanks

  • Dimitris
    • Support Star

    Hello David @ BBS,

    hope you're doing good today! :slight_smile:

    I've got some feedback from lead developer of Appointments+ plugin. As it seems, this is a issue that can be reproduced but can't be fixed.

    This is happening because WP use delete_users capability in a special case. I
    a single site installation this capability is used to recognise super-admin in the is_super_admin() function. It is a bit odd, but truly we can do nothing.

    You can find this code in WP core here:
    https://core.trac.wordpress.org/browser/tags/4.9.5/src/wp-includes/capabilities.php#L778

    Warm regards,
    Dimitris

  • David @ BBS
    • Site Builder, Child of Zeus

    Hi Dimitris,

    Thanks for looking into this. Since this is clearly a faulty logic, I dug around the code and found a work-around that will still maintain the logic for multi-sites but fix the bug that is created in single site installations.
    Take a look at line 38 in file: wp-content/plugins/appointments/includes/pro/includes/addons/app-admin-admin_permissions.php
    if (is_super_admin()) return $capability;
    If you change this line to read:
    if (is_super_admin() && is_multisite()) return $capability;
    this will fix the problem. Super Admins on multisite installations will have access to everything, whereas users on single sites who have been granted the necessary permissions will be given access to the elements they are allowed to access (all respecting the Appointments role access permissions).

    Can the lead developer please take a look at this proposed work-around and see if this logic works?

    Regards,
    David

  • Nahid
    • Tech Support

    Hey there David @ BBS !
    Hope you are doing well today!

    Sincere apologies about the delayed response here. It seems we missed following up about the update in this thread, we are really very sorry about that, but the issue had been resolved along with the Appointments+ 2.3.1 release. As for reporting the issue and suggesting a possible solution, I have sent some points your way.

    Hope this helps. Please let us know if you need any further assistance regarding this. Thanks!

    Kind regards,
    Nahid

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.