How to Grant Editor and Author Roles Access to Flamingo in WordPress

Many WordPress site administrators use the Flamingo plugin to store form submissions from Contact Form 7. A common challenge arises when you need to grant access to these submissions to users with roles other than Administrator, such as Editors or Authors. By default, Flamingo restricts access to users with the edit_users capability, which is typically only given to Administrators.

Why This Happens

The Flamingo team designed the plugin's permissions this way for security. The edit_users capability is a powerful permission that should not be granted lightly. However, this default setting means that trusted roles like Editor, who manage content, cannot view form submissions without a workaround.

The Recommended Solution: Use the `flamingo_map_meta_cap` Filter

The proper way to change these permissions is by using WordPress's built-in filter hook, flamingo_map_meta_cap. This method is safer than directly editing the plugin's files, which would cause your changes to be lost every time the plugin updates.

The following code snippet maps Flamingo's custom capabilities to standard WordPress capabilities that an Editor role already possesses, such as edit_pages.

Code for Full Flamingo Access (Inbound Messages & Address Book)

add_filter( 'flamingo_map_meta_cap', 'bugwp_grant_flamingo_access' );

function bugwp_grant_flamingo_access( $meta_caps ) {
    $meta_caps = array_merge( $meta_caps, array(
        'flamingo_edit_contacts' => 'edit_pages',
        'flamingo_edit_contact' => 'edit_pages',
        'flamingo_delete_contact' => 'edit_pages',
        'flamingo_edit_inbound_messages' => 'edit_pages',
        'flamingo_edit_inbound_message' => 'edit_pages',
        'flamingo_delete_inbound_message' => 'edit_pages',
        'flamingo_delete_inbound_messages' => 'edit_pages',
        'flamingo_spam_inbound_message' => 'edit_pages',
        'flamingo_unspam_inbound_message' => 'edit_pages'
    ) );
    return $meta_caps;
}

Code for Inbound Messages Access Only

If you only need to grant access to the Inbound Messages section and not the Address Book, you can use a more minimal code snippet.

add_filter( 'flamingo_map_meta_cap', 'bugwp_grant_flamingo_inbound_access' );

function bugwp_grant_flamingo_inbound_access( $meta_caps ) {
    $meta_caps = array_merge( $meta_caps, array(
        'flamingo_edit_inbound_messages' => 'edit_pages',
        'flamingo_edit_inbound_message' => 'edit_pages'
    ) );
    return $meta_caps;
}

How to Implement This Code

1. Access your WordPress site's files, typically through your hosting control panel's file manager or via FTP.
2. Navigate to your theme's directory (e.g., /wp-content/themes/your-theme-name/).
3. Edit the functions.php file.
4. Paste one of the code snippets above at the very end of the file, before the closing ?> tag if it exists, or simply at the end.
5. Save the file.

Important Note: Always use a child theme when making changes to theme files. This prevents your customizations from being overwritten when the parent theme is updated.

Important Security Consideration

While this solution enables access for Editors, be aware that it broadens what users in that role can see and do. The Editor role is a trusted one, but you should only grant this access to users who genuinely need it. Granting access to the Author role (publish_posts) is possible but is generally considered less secure and is not the standard practice.

What This Solution Does Not Do

Based on community discussions, this solution grants access to all Flamingo data. It does not provide a way to restrict access to submissions from specific forms or channels for different users. This type of granular permission control is not a native feature of the Flamingo plugin.