Conflicting access issues of WPMU plugins with bbpress plugin.

The Issue we were facing:
1. The Non-super-admin users cannot create new forums.
2. The problem is for site administrators, they see invalid post type error on trying to create a New Forum from the frontend of the site. The Forum menus disappear completely in the back admin dashboard.

Why is it happening?

All checks to see confirm whether a user can or cannot take an action are based on what WordPress calls capabilities. WordPress roles are groups of these capabilities, such as administrator, editor, etc.

BBPress has a slew of custom actions that users can take, so BBPress creates its own roles. This is performed on the fly, so BBPress' roles are not stored in the db. This is performed on the after_setup_theme hook, which is fired just before WordPress sets up the logged-in user object.
Plugins shouldn't perform any action on the user object until its actually instantiated, i.e. after the init hook. Not all plugins are adhering to this rule, and they are all WPMUDEV plugins.

A number of these plugins invoke the current_user_can() function on the plugins_loaded hook, which is well before the init hook. This includes default-theme, admin-message, google-analytics-async, pretty-plugins, lock-posts and remove-email-verifications, all WPMUDEV plugins.
Some of the WPMU plugins (all of the above installed on our network) use outdated wpmudev-dash-notification.php file which uses plugins_loaded hook instead of init hook (which was corrected in latest version of this external file. But some of these plugins still use the older version and it should be updated by WPMU.

So is there any possibility that you can make the appropriate fixes in the next release of these plugins? That would be really appreciated.

Feel free to contact me if you need any further information about this.
Thank you

  • Nastia

    Hello @Web Publishing, I hope you are well today!

    Thank you very much for your suggstion! We appreciate your detailed descriptions!

    1. The Non-super-admin users cannot create new forums.
    2. The problem is for site administrators, they see invalid post type error on trying to create a New Forum from the frontend of the site. The Forum menus disappear completely in the back admin dashboard

    I just tested this on my end and as super admin I was able to create a forum on a subsites.
    Would you please run a quick check for a conflict with a plugin or theme?
    Please follow the flowchart from our manual:
    https://premium.wpmudev.org/manuals/using-wpmu-dev/getting-support/

    Would you be able to grant us support access so we can take a closer look?
    You can grant support access via admin dashboard - WPMU DEV > Support > Support Access > Grant Access.
    https://premium.wpmudev.org/manuals/wpmu-dev-dashboard-enabling-staff-login/

    Please, mention here the name of the subsites.

    So is there any possibility that you can make the appropriate fixes in the next release of these plugins?

    I will ping to our developers about these issues. But would you please tell us to which plugins you are referring to?

    Please advise,

    Kind Regards,
    Nastia

  • Web Publishing

    Hello,
    Thank you for such a quick response.
    I am really glad that you actually tested the scenario. There is the thing with this bug that it works perfectly fine sometimes but doesn’t in certain cases.
    I am really sorry but we cannot give you Support access because of some rules and regulations. But I can assure you that we have been working really hard to figure out and fix the issue for the past several months. As a result of it we could now pin-point that where do things start going wrong.
    As mentioned in the screenshot below, the external file wpmudev-dash-notification.php VERSION 3.1which is added to any plugin can solve the issue.
    If the plugin has wpmudev-dash-notification.php with version 3.1then the issues noted in the 1st message are solved automatically. But for plugins which are still using <b>wpmudev-dash-notification.php with version less than 3.1 have this access conflict issue.
    The list of such plugins is:

    1. default-theme
    2. admin-message
    3. google-analytics-async
    4. pretty-plugins
    5. lock-posts
    6. remove-email-verifications

    Updating the plugins with a version 3.1 file would solve the issue.
    Thanks

  • Nastia

    Hello @Web Publishing!

    I hope this message finds you well!

    I pinged our developer about this, he agreed that those plugins havn’t had an update for a while.

    Thank you for your suggestion, we’ll try to fix this as soon as possible. :slight_smile:

    In the meatime, would you please activate a WPMUDEV Dashboard plugin activated as is required, omce you do this, none of that older code should cause an issue.

    I hope this helps! Take care :slight_smile:

    Kind Regards,
    Nastia.

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.