- This topic has 2 replies, 2 voices, and was last updated 7 years, 5 months ago by
.
-
Posts
-
Hello,
I set B2B users to be able to edit only their own posts. In the backend, B2B are seeing only their own posts and it is wwhat i needhttp://hpics.li/71b7b28
http://hpics.li/a3ce013But in front, I’m displaying all posts (First table : posts belonging to B2B – Second table : posts not belonging to B2B)
I loggedin as B2B user and see that i can edit non B2B posts !!!Test :
https://goo.gl/VL8YIo
b2b / b2b123456Thank you for your help
Hi,
I see the problem.
If you try to open other author post (like 103) at the back-end post editor via direct link:
wp-admin/post.php?post=103&action=edit
you will get permissions error message:
Désolé, vous n’avez pas l’autorisation de modifier les entrées dans ce type de contenu.It’s possible if front-end editor code does not respect permissions set by WordPress. For example it may check if current user can edit_posts, but it may does not check if current user can edit this post ID=103 and send update directly to the database.
Could you send me (support [at-sign] role-editor.com) this front-end editor code (plugin or theme) copy for the investigation?
- You must be logged in to reply to this topic.
