Activating MB Custom Post Type adds Meta Box Menu, regardless of cap - Meta Box

This topic has 1 reply, 1 voice, and was last updated 2 years, 11 months ago by pluginoven.

Viewing 2 posts - 1 through 2 (of 2 total)

Author

Posts
April 22, 2020 at 9:05 AM #19195
pluginoven
Participant
During the plugin activation, in the mb_cpt_load() function the plugin displays a Meta Box in the admin menu:
```
// Show Meta Box admin menu.
add_filter( 'rwmb_admin_menu', '__return_true' );
```
mb-custom-post-type.php line 31

Although the public add_menu() function on line 61 of inc/about/about.php in the meta-box plugin clearly shows the capabilities to be limited to activate_plugins:
```
add_menu_page(
    __( 'Meta Box', 'meta-box' ),
    __( 'Meta Box', 'meta-box' ),
    'activate_plugins',
    'meta-box',
    '__return_null',
    'data:image/svg+xml;...'
);
```
The Meta Box menu item is displayed for any user with at least a contributor role.

For now I am manually removing this in functions.php using:
```
add_action( 'admin_menu', 'my_menu_fix' , 100 );
function my_menu_fix(){
  if ( ! current_user_can('manage_options') ) {
    remove_menu_page( 'meta-box' ); //Meta Box
  }
}
```
But this should be corrected in the mb_cpt_load() function directly:
```
// Show Meta Box admin menu if allowed:
if ( current_user_can('activate_plugins') ) {
    add_filter( 'rwmb_admin_menu', '__return_true' );
}
```
I'll now fork this on github and submit a pull request.

Add New Note to this Reply
December 8, 2021 at 5:03 PM #32489

pluginoven
Participant

Issue resolved
https://github.com/wpmetabox/mb-custom-post-type/pull/22

Add New Note to this Reply
Author

Posts

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.