Defining Posts View Access in php

[zunk]

Hi,
I use Posts View Access feature for a specific role ‘ca_role_client’ that allows content access to any post that used specifics terms : 69, 61.
But I need to do the same thing in PHP to be able to customize ure_posts_view_access_data for an existing role.
Do you have any hook or function that I could use to do the trick?
Thanks in advance,

[Vladimir]

Hi,

Currently there is not suitable hook for this purpose. I will add a couple for the next update – approximately the begin of March, 2020.

[zunk]

Hi, thanks for you answer !
So you confirm me the feature I need will be available at the approx date?

[Vladimir]

Yes, I confirm this.

[zunk]

it would be also very nice to have a hook to manage the Content View Restriction per Custom Post Type.

[Vladimir]

Beta version 4.55.1.b1 is available after login at the ‘Download’ page.
Related updates:
New: Content view access add-on:
– ‘ure_content_view_access_data_for_role’ custom filter was added. It takes 2 parameters: 1st – array with content view access data defined for a role, $role_id – role ID, for which content view access data is filtered.
– ‘ure_content_view_access_data_for_user’ custom filter was added. It takes 2 parameters: 1st – array with content view access data defined for a user, $user_id – user ID, for which content view access data is filtered.

Try to use new filters in your code.

[zunk]

Hi,
Does it work with custom post type and media?
if I use the ID into the array ?

$restriction[‘data’][‘posts’] = array(ID Of the media or post type)

[zunk]

Hi Vladimir,
Any chance to create the opposites filter that will authorize specific content for user or user role instead of selecting restrictions?
I mean, my content is always restricted for every user, and I would like to authorize specific content.

[Vladimir]

Hi,

Yes, it’s possible. Just select suitable access model:

$restriction[‘access_model’] = 1; // Prohibit view
and
$restriction[‘access_model’] = 2; // Allow view

$restriction[‘data’][‘posts’] = array( 10, 20, 30 ); // posts/pages/custom post types ID list

Post ID array works for any post type: as WordPress built-in posts and page, as any custom post type.

[zunk]

it works, thanks you so much !

[zunk]

Hi Vladimir,
I’ve a question regarding security of this hook.

I’m building a member access website in order to share some deliveries of my company to my customers within Posts.
The aim is that only the customer attached to the delivery can read/access/view the post I’ve made for him.
So, I’m able to provide the post ID of deliveries, for any role (customer).
With your hooks, I’m able to make readable the Post I want for a dedicated role. Everything is already stored in a DB, so I call it easly and It works.
using this setting:
$restriction[‘access_model’] = 2;
$restriction[‘access_error_action’] = 1;
The “problem” with this approach is that I need first to allow “All user login” to view these Posts. To be securized, I also need to define this hook for every Role: in the other case the role (for which I dont define this setting) could have access to all posts.
So it works with a dynamic “$role_id” (related to the current user) checking at the begin of this hook.

But I wonder if my approach is good for security or if you recommand me another way?
thanks

[Vladimir]

Hi,

I need first to allow “All user login” to view these Posts

Why do you need this? Did you try to prohibit view for all user login for those posts at the post level and overwrite the condition via hook for select role(s) only? I mean restriction define at the hook will be final and overwrite one which define earlier at the post editor.

[zunk]

if ( $role_id == my_user_role() ) {
$user_id = get_current_user_id();
$prestation = my_societe_prestations($user_id);
array_push($prestation, 49); //49 = Accueil
$restriction[‘access_model’] = 2;
$restriction[‘access_error_action’] = 1;
$restriction[‘data’][‘posts’] = $prestation;

}
return $restriction;

I use this setting, and it works as expected only if in the post level I choose:
View access: “Allow View”
For user: Any User Role
Action : Return HTTP 404 Error

I’ve also tried with :
View access: “Prohibited View”
For user: All visitors
Action : Return HTTP 404 Error
But in this case, the post view is not accessible by the user role despite the use of the exact same hook.

Do I miss something?

[zunk]

Just to be sure I’ve replaced the function my_user_role() by a static string of the role ID, and this is the same: it works in the 1rst case, but in the second case the access is phohibited.
So it seems that this hook is overwrite in my case by the post level restriction.

[Vladimir]

OK. I made own test.
Set for the post ID=3267 at the post editor these values:
– View Access: Prohibit view;
– For Users: All visitors (logged in or not);
– Action: Return HTTP 404 error.

As a result the post is not accessible for not logged-in and logged-in users.
Then I added the code:

add_filter( 'ure_content_view_access_data_for_role', 'my_content_view_access_data_for_role', 10, 2 );
 
function my_content_view_access_data_for_role( $restriction, $role_id ) {
    if ( $role_id=='author' ) {
        $restriction['access_model'] = 2;
        $restriction['access_error_action'] = 1;
        $restriction['data']['posts'] = array( 3267 );   // posts/pages ID list
    } 
 
    return $restriction;
}

The post is not accessible for not logged-in and logged-in users with any role except administrator and author.

[Author]

Posts