soderlind/editor-can-manage-privacy-options

Grants WordPress Editors the ability to manage privacy settings and access privacy admin pages

Maintainers

Details

github.com/soderlind/editor-can-manage-privacy-options

Homepage

Source

Issues

Fund package maintenance!
paypal.me/PerSoderlind

Installs: 0

Dependents: 0

Suggesters: 0

Security: 0

Stars: 0

Watchers: 0

Forks: 0

Open Issues: 0

Type:wordpress-plugin

1.2.1 2025-09-18 21:27 UTC

Requires

GPL-2.0-or-later 81bc21505b65124e74fac39263ac6bc4a4d4a250

wordpresswp

This package is auto-updated.

Last update: 2025-09-18 21:59:05 UTC

README

A lightweight WordPress plugin that grants the Editor role access to manage site Privacy Settings — capabilities normally restricted to Administrators.

Screenshot of the Privacy submenu added under Settings for Editors

Why This Plugin?

By default, only Administrators can configure the site's privacy policy settings (selecting the Privacy Policy page, accessing the privacy guide, etc.). This plugin safely extends that access to trusted Editors without broadly elevating their administrative capabilities.

Features

  • Maps the core manage_privacy_options meta capability to an Editor-level base capability (edit_pages, filterable)
  • Adds the Privacy submenu under Settings for Editors (only if core hasn’t already exposed it)
  • Prevents duplicate "Privacy" menu entries (CSS + defensive late cleanup)
  • Request‑scoped temporary elevation only on privacy-related pages
  • Avoids granting unrelated high-risk capabilities like manage_options
  • Heuristic admin detection (treats users with high-level caps as admins)

How It Works (Technical)

Hooks used:

  • map_meta_cap – remaps manage_privacy_options to a safer base capability
  • admin_menu – adds the Privacy menu (and late duplicate cleanup)
  • admin_init – sets up request-scoped access if viewing privacy pages
  • user_has_cap – temporarily grants manage_options only when core checks it on privacy pages
  • admin_head, admin_print_styles, in_admin_footer – inject CSS to hide duplicate submenu entries

Capability Mapping Filter

You can customize the base capability via the epm_privacy_base_cap filter:

add_filter( 'epm_privacy_base_cap', function( $default ) {
    return 'edit_others_posts'; // or another appropriate capability
} );

Installation

  • Quick Install

  • Composer Install

    composer require soderlind/editor-can-manage-privacy-options

  • Updates

    • Plugin updates are handled automatically via GitHub. No need to manually download and install updates.

Requirements

  • WordPress 6.5+
  • PHP 8.2+

Security Notes

  • Scope limited strictly to privacy-related pages
  • No persistent role modification; all adjustments are dynamic
  • Defensive checks prevent privilege creep into unrelated admin areas

FAQ

Does this let Editors change other site-wide admin options?
No. Only privacy-related access is facilitated.

Can I change which role gets access?
Yes, by mapping to a different capability using the epm_privacy_base_cap filter.

Why inject CSS for duplicates?
Rare timing edge cases can produce temporary duplicate menu entries. CSS plus late cleanup ensures a clean UI.

Does it work in multisite?
Yes in principle; network-level elevated capabilities mark a user as effectively admin and bypass the editor logic.

Development

Pull requests and issues welcome.

License

MIT — see LICENSE file.

Author

Per Søderlind