Edit Page capability requires Edit Post in order to work

I was able to recreate. I am creating a patch right now.

Ugh, that was a nasty one to fix. I'd really appreciate it if someone who knows what they're talking about could review this patch.

Fix for edit_pages cap

In page-new.php you checked the edit-posts cap. This isn't ready. Consider moving to 2.1 milestone.

Automattically determine proper menu parent

Here's a more flexible patch that automatically determines which submenu page should be the parent page. If for some reason a user cannot manage posts, pages, categories, or comments but can manage files, "Files" will be the parent page for the "Manage" menu.

(In [3536]) Dynamic menu reparenting. fixes #2257

I think a little more investigation/debugging needs to be done with the code additions done to admin-functions.php, specifically after Feb 12th to Feb 17th - it breaks backwards compatibility, perhaps in an avoidable way.

http://trac.wordpress.org/changeset/3536

After upgrading a blog from 2.0.4 to 2.1a2 I discovered that users with level 0 or 1 who I had given access to gravatars2 and an extended profile setup that uses the userextra plugin, could no longer access it - getting the error:

"You do not have sufficient permissions to access this page."

even though they could see it on the menu properly.

This comes from the added $menu_nopriv structure which may be built incorrectly and always returns false for them via

if ( isset($menu_nopriv[$pagenow]) )     return false;

It may also be causing some menu items from plugins not to be shown even at the admin level though I am still tracing that bug - some of my menu items have disappeared even though I can still directly access them via the full ?page= url.

Which plugins exactly?

By the way I blogged about it in more detail here if that helps explain it better.

I specifically see the following behavior with the new menu.php code:

gravatar2 plugin: users can see the menu entry but when clicking on it are forbidden entry

userextra plugin: same as above

fifo-enroll-comments plugin: users can actually see and go into the menu but admin cannot see the menu sub-item at all

mangage roles plugin: admin cannot see the submenu at all - I can call it manually and it will run however

there might be others, I will go back and look in detail and append here

(note all the behavior is properly restored with the pre-2.1 code)

My enroll comments plugin doesn't work because I use

add_submenu_page("profile.php", . . .

to add the options page, and in 2.1 the user page is "users.php" for anyone who can edit users, "profile.php" for everyone else.

(my apologies for mispelling your name filosofo)

Deeper investigation has led me to something else. Apparently I had a plugin active that tampers with admin menus - but not how you think - it actually IMPROVED things.

The "admin drop down menu" plugin apparently has a superior priviledge search as it shows me ALL the available options as long as I have the 2.0.4 menu.php installed and the plugin activated. view source: http://frenchfragfactory.net/ozh/download/plugins/wp_ozh_adminmenu.php They all are available and work via the click.

Strangely if I do not have the plugin activated, all my admin submenu options disappear under "User" - maybe not so strangely - as it was when I use the 2.0.4 menu.php

Under the 2.1a2 menu.php however, I do not get any of the extra options that are available, with or without the admin drop down plugin activated.

Logged in as a level 0 subscriber and the admin dropdown plugin disabled, the 2.1a2 menu.php properly hides the unaccessable items however if you click on the ones that are left you get the You do not have sufficient permissions to access this page.

Going back to the 2.0.4 menu.php exposes ALL of the menu options without the admin drop down plugin, so that's a no-go there.

I humbly recommend you take a close look at the admin dropdown menu plugin code to see how it scans for privileges and mimic it, as apparently it does something superior?

Thank you.

I just realized the above may not be clear as I am running low on sleep. Here it is in a nutshell:

To visualize completely proper menu behavior in 2.1a2, install the menu.php from 2.0.4 and install+activate the "admin dropdown menu" plugin.

All menus will then be properly shown based on accessability (hidden if they are not, exposed if they are) for both users and admin.

The newer menu.php code with $menu_nopriv 1. does NOT show admin all their options added by plugins (it hides some things that should not be hidden)

2. will cause users to get a lack of privilege error for items they can see, and should have access to, that are added by plugins

Simple demonstration of the problem: 1. If you are running 2.1a2, install the Role Manager plugin and then try to find the menu option under Users -> Roles (I cannot) There are a few other plugins that also exhibit this behavior. 2. roll back to the 2.0.4 menu.php, install the "admin dropdown menus" plugin and you will now be able to find the menu items

I'll add some back-compat code to fix plugins that are adding submenus to profile.php. That's the only problem I'm seeing at the moment. gravatars2 requires user level 9 for its options and management pages. That is being enforced correctly in my testing.

Since a number of plugins are adding to the user/profile menu, add_user_page() might be in order.

[4093] should help.

I've now tested your new 4093 menu.php and admin-functions.php

(Oh I meant the "new" Gravatars2 which has adjustable userlevel settings so users can set their own avatars.)

I am pleased to report you fixed the admin menu for the administrator - I can see the once hidden extra options.

However the problem with subscriber level 0 users, which I allow access to userextra and gravatars2 (via their adjustable userlevel settings), still exists.

They can SEE the proper menu entries but they cannot access - You do not have sufficient permissions to access this page.

(This is with admin dropdown menu plugin either turned OFF or ON)

Shouldn't the logic be if they are shown the menu item they should be able to access it? Remember, the behavior works correctly in 2.0.4

I know it has something to do with your new $menu_nopriv failing that If statement check in admin-functions.php function user_can_access_admin_page

Thanks so much for the quick attention to this, you're great Ryan.

[4097] Try that.

[4100]

rev 4100 seems to fix both the admin menu for administrator (showing all sub-functions) and also allows proper access for subscribers. Good job!

Not sure what was with the change from 4097 to 4100 and that block commented out but it works now, so if the original bug for this ticket is still solved, I guess it's done? I'll leave it up to you to close the ticket.

Nice work Ryan and thanks again!

_ck_ , whimsy , markjaquith are there any outstanding issues here or can the bug be closed?