[wp-hackers] options capabilities bug?

[Steve Taylor]

I'm using Justin Tadlock's excellent Members plugin to create a "Super
Editor" role. Basically to allow some client editors to change
settings on the site, but to keep them from updating, installing
plugins, etc.

So, besides the usual Editor capabilities, I've assigned them the
manage_options one.

They can see the Settings menus, but when they submit one, they get
the "You do not have permission" notice.

I've tracked this down to this in my custom theme code:

add_action( 'admin_menu', 'slt_all_settings_link' );
function slt_all_settings_link() {
	add_options_page( __('All Settings'), __('All Settings'),
'update_core', 'options.php' );
}

I want this "all settings page" output just for admins, so I use the
update_core capability. However, setting it this way causes the above
issue with users who have been granted the manage_options capability,
but who don't have the capability set for the options.php page. If I
change the above capability to manage_options, the other screens work
too.

Is this a bug? Or is it just something unavoidable in the way the
internal options handling works?

I'm setting the above page to be visible with manage_options for now,
it's no biggie - just thought I report this in case there's other
ramifications.

cheers,

Steve