Unite Gallery Plugin Permissions

The Basics

The WordPress Plugin “Unite Gallery” is a great plugin. The Unite Gallery Plugin allows you to embed and manage various types of photos and photo galleries on your WordPress site. To me, it stands out above other plugins of its type due to the customizability and multitude of options that it provides. While I don’t use it on this particular WordPress site, I do use it in another.

However, the Unite Gallery Plugin is not without its rough edges, as is typical for WordPress Plugins. In particular, documentation for this project is very sparse (http://wp.unitegallery.net/documentation-wp/index.html).  And the support for the plugin is lackluster, with incomplete answers and often times slow response time.  If you’re lucky, you’ll get a response on the WordPress plugin site at https://wordpress.org/support/plugin/unite-gallery-lite. If you’re unlucky, you’ve paid for the plugin and are digging through code. In either the free or the paid case, support and documentation are lacking.

Administrators Only

The biggest drawback to the Unite Gallery Plugin is that by default, it is only shown to users assigned the Administrator role on WordPress. Even worse, both the Free and Paid version of this plugin (as of 9/1/2015)  do not provide an interface for modifying who can view the plugin.

In other words — if you are not an administrative role holder in WordPress, you will not be able to see/use the Unite Gallery Plugin.

What Author States …. is wrong

So the author of the plugin says that in order to allow, say, Editors to view and use the plugin you have to modify the /wp-content/plugins/unitegallery/inc_php/unitegallery_globals.class.php file, and change the “const PERMISSION = “admin”” line to  “const PERMISSION = “editor”.

Unfortunately, as of 9/1/2015, that does not work. In typical fashion, what you can find on the WordPress support page is outdated and incorrect.

Sigh.

OK – so if you’ve read this far you are probably chomping at the bit to find out how to allow other users (Editors, Contributors, etc) to view and use the plugin.

I found that unite gallery actually controls who can see the plugin by checking if the requesting user has the “manage_options” capability. Cool. But, not cool. Only Administrators by default have the “manage_options” capability, and thus only Administrators can see the plugin.

Now, you don’t want to go granting editors or contributors the manage_options capability, as it will give them access to the following:

Settings > General
Settings > Writing
Settings > Reading
Settings > Discussion
Settings > Permalinks
Settings > Miscellaneous

Into the Code We Go

Since we can’t (well, shouldn’t) grant other roles manage_options capability, we then need to modify the code so that it checks a user for a capability more suitable of a non-privileged user.

To do this, I used a plugin called User Role Editor, which allowed me to see what capabilities each of our WordPress Roles had.

Administrator was the only user to have manage_options as expected.

Editor, the level we wanted to have access to the plugin, did not have manage_options, but was the only role to have the “edit_others_posts” options.

Bingo.

So, I downloaded the plugin via FTP and grepped it for ‘manage_options’, returning the user role check in two places:


/wp-content/plugins/unitegallery/inc_php/framework/provider/functions_wordpress.class.php line 1211 

and

/wp-content/plugins/unitegallery/inc_php/framework/provider/provider_admin.class.php line 7 

Upon changing the value of “manage_options” to “edit_others_posts” in these two files and reuploading them to WordPress, my Editors can finally see the plugin.

Lazy coding for an otherwise great plugin.

Updating

NOTE:  If you upgrade or update your Unite Gallery Plugin, you will most likely have to go into these files and modify them, as the changes will be overwritten with the update.

Cheers,

1 Comment

Leave a Comment

Your email address will not be published. Required fields are marked *