Problem with Active Directory Integration and Editor Restrictions

[Michael K]

I am currently using the pro version of this plugin, and using another plugin called “Active Directory Integration”. Everything is working perfectly, except when I sync my Active Directory, it deletes the values I have put in “Posts/Pages/Custom Post Types Editor Restrictions”. For the current problem, where is this custom editor permission data stored? Is there any reason it should be cleared when the users role is updated/changed?

Also, it would be great if the “Posts/Pages/Custom Post Types Editor Restrictions” was available on “Roles” as well as on the individual user.

[Vladimir]

Data input by this add-on at the user profile are stored as the user meta data at the ‘wp_usermeta’ DB table with ‘wp_ure_’ prefix.

Is there any reason it should be cleared when the users role is updated/changed?

I don’t see such reason in general. It could be possible just in case ADI plugin fully clears user meta data during its data update process. I will look into this plugin code and let you know if I find something. I could not test it myself as I don’t have AD server available for testing.

I work currently on the ‘posts edit restrictions’ for roles. It will be available soon.

[Michael K]

I have done more digging, and I am still unsure what is happening. On the table wp_usermeta, URE uses a meta_key of wp_ure_posts_list and wp_ure_categories_list, as well as a meta_key named wp_ure_posts_restriction_type. I have values set in all 3, and after I run the ADI bulk import, it deletes the records for wp_ure_posts_lists and wp_ure_categories_list, but it leaves wp_ure_posts_restriction_type set. The section of code in ADI I think is relevant is:

// create new users or update them
						if (!$user OR (strtolower($user->user_login) != strtolower($username))) { // use strtolower!!!
							$user_id = $this->_create_user($ad_username, $userinfo, $display_name, $user_role, '', true);
							$added_users++;
						} else {
							$user_id = $this->_update_user($ad_username, $userinfo, $display_name, $user_role, '', true);
							$updated_users++;
						}

[Vladimir]

I repeated a problem at my test environment emulating fake data from AD.
Code after which user loses his URE created meta data is ad-integration.php, line #2784:

if ($display_name != '') {
	wp_update_user(array('ID' => $user_id, 'display_name' => $display_name));
			}

But it is correct. It just shows the bug in my own code, where I delete metadata if there is empty value of a correspondent POST array element, like this:

if (!empty($_POST['ure_posts_list'])) {
...
} else {
  delete_user_meta($user_id, $this->umk_posts_list);
}

This code is definitely fired when user profile is updated not from the web-page but via WordPress API call. So I confirm the bug in User Role Editor Pro and will develop a fix for it.

Thanks a lot for your help in discovering this issue. Update will be available in a week.

[Vladimir]

Quick fix for version 4.21.1. Open wp-content/user-role-editor-pro/includes/pro/classes/posts-edit-access.php, find save_user_restrictions() function, line #313 and replace this code:

if (isset($_POST['ure_posts_restriction_type'])) {
    $posts_restriction_type = $_POST['ure_posts_restriction_type'];
    if ($posts_restriction_type!=1 && $posts_restriction_type!=2) {  // sanitize user input
        $posts_restriction_type = 1;
    }
    update_user_meta($user_id, $this->umk_posts_restriction_type, $posts_restriction_type);
}

with this version:

if (isset($_POST['ure_posts_restriction_type'])) {
    $posts_restriction_type = $_POST['ure_posts_restriction_type'];
    if ($posts_restriction_type!=1 && $posts_restriction_type!=2) {  // sanitize user input
        $posts_restriction_type = 1;
    }
    update_user_meta($user_id, $this->umk_posts_restriction_type, $posts_restriction_type);
} else {    // 'profile_update' action was fired not from the 'user profile' page, so there is no data to update
    return;
}

[Author]

Posts