Change WordPress user roles and capabilities › Forums › Restrict or Permit access inside WordPress – how to › Problems creating new post with user having category/taxonomy ID restriction
- This topic has 12 replies, 3 voices, and was last updated 8 years, 7 months ago by Biranit Goren.
-
AuthorPosts
-
02/02/2016 at 19:55 #1933Michael KParticipant
I have encountered a problem for users that have the following settings. Under “Posts/Pages/Custom Post Types Editor Restrictions”, I have the radio button is selected as “Allow”. If I have anything entered into the box “with category/taxonomy ID (comma separated)”, it does not let me post.
When I try to create a post as a user with a category ID there, it tells me “You are not allowed to edit this item” when I try to create a new post. The user can edit documents that already exist in that category without a problem.
If I clear out that field, the user can post without a problem, so it isn’t a role/capability issue. It appears to happen as soon as the system tries to save a draft, before I try to publish/save manually.
03/02/2016 at 06:33 #1935VladimirKeymasterThanks. I reproduced a problem and will develop a fix for it.
18/02/2016 at 15:16 #2004Biranit GorenParticipantI have the exact same problem, and the issue is quite urgent. Is there a patch we can put in place until a new update with a fix comes along?
Many thanks
18/02/2016 at 15:55 #2005VladimirKeymasterThe fix for this issue was included into the version 4.23. Did you test with it?
18/02/2016 at 19:43 #2006Biranit GorenParticipantHi Vladimir,
I am running version 4.23.2 — and I’m afraid this is the problem I get. A user with taxnomy IDs in his profile cannot add new posts, he can only edit existing posts that have the taxonomy in his profile.
Just to be clear: if someone has taxonomies in his profile, he should be able to :
a) start a new post without any taxonomy;
b) start a new post with the taxonomy ID that’s in his profile.Am I correct?
Well, right now, as I said, I have the exact issue described in the opening post…
Many thanks for your help,
Bira
18/02/2016 at 21:50 #2007Biranit GorenParticipantVladimir, I think I know what is happening.
Your solution to the issue reported here, I believe, was to add the function “auto_assign_term”. However, this is a really problematic solution — and in my website’s case, I think it might not work at all. Here’s why.
Let’s say that I have user called Joe who is allowed to publish his own blog posts, but also has permissions to publish/edit posts on behalf of an organization called YMCA. We have a custom taxonomy called “organizations”. So this user can add stories “by Joe” or stories “By Joe for YMCA”. He can also edit other stories that were published for YMCA.
Now, with your function auto_assign_term — you are a) forcing that post to have this custom taxonomy attached to it, when we don’t actually want it; and b) because we have a different wp_set_post_terms() function running on save_post, we are essentially deleting the term you auto_assigned.
This is my guess.
In my opinion, the correct way to solve this issue is for you to create a custom taxonomny called “ure” (for example) which has a single term called “allow” — and you assign THAT term to any new post by that user. This way, this term will never be deleted by any other plugin or function, your custom taxonomy is hidden and doesn’t clash with existing taxonomies, and by adding THAT you will ensure a user can always add posts even before or without setting the taxonomy he’s restricted to.
Your thoughts?
Thanks,
Bira
18/02/2016 at 22:31 #2008Biranit GorenParticipantWell, I tried doing this myself — I created a taxonomy called “ure” and added a term to it. Then appended term_id 969 to all users’ meta value of wp_ure_categories_list.
I then added a function on my functions.php that auto-assigns term_id 969 to the post, and hooked it into the filter wp_register_post.
It did NOT work — the message “You are not allowed to edit this post.” continues to show… ๐
18/02/2016 at 23:32 #2009Biranit GorenParticipantOK… another update ๐
I was able to confirm that the auto_assign_term function simply doesn’t work — for whatever reason. So I set about creating my own flow to do something similar, and therefore I was able to solve this issue as follows:
1) I registered a custom taxonomy called “ure”;
2) I added a term called “always” to this taxonomy — its term_id is 969
3) I added a function to functions.php that ensures that 969 is added to the list of IDs, if such list exists:function rgb_add_term_969($user_id) { $organizations = get_user_meta($user_id, 'wp_ure_categories_list', true); if ($organizations!='' && get_user_meta($user_id, 'wp_ure_posts_restriction_type', true)=='1') { $vals = explode(', ', $organizations); if (!in_array('969', $vals)) { $organizations = '969, ' . $organizations; update_user_meta($user_id, 'wp_ure_categories_list', $organizations); } } } add_action('profile_update', 'rgb_add_term_969', 99);
4) I then added a function that always adds term 969 to a new post:
function rgb_allow_user_posts($post_id, $post, $update) { global $pagenow, $wpdb; if ($pagenow !=='post-new.php') { // for new added post only return; } $terms_list_str = $this->user->get_categories_list(); if (empty($terms_list_str)) { return; } $restriction_type = $this->user->get_restriction_type(); if ($restriction_type!=1) { // allow return; } wp_set_object_terms( $post_id, 969, 'ure', false); } add_filter('wp_insert_post', 'rgb_allow_user_posts', 10, 3);
And this now works…
The difference is that you are using wp_set_post_terms — which is very precarious on how it treats IDs — rather than treating them as integers, it appears to sometimes treat them as a string, thus adding a new term whose name is 969 — rather than using the existing term_id 969. Using wp_set_object_terms seemed to help me here.
So now my users are able to add new posts, and they don’t have to set any taxonomy.
Thanks ๐
Bira
19/02/2016 at 01:15 #2010VladimirKeymasterHi Bira,
In my opinion, the correct way to solve this issue is for you to create a custom taxonomy called โureโ (for example) which has a single term called โallowโ โ and you assign THAT term to any new post by that user. This way, this term will never be deleted by any other plugin or function, your custom taxonomy is hidden and doesnโt clash with existing taxonomies, and by adding THAT you will ensure a user can always add posts even before or without setting the taxonomy heโs restricted to.
Thank you for the brilliant idea and useful note about
wp_set_post_terms()
function. Proposed decision allows to add new post without visible term assigned. This allows to have an option to “start a new post without any taxonomy” too.I will apply this enhanced logic to the next update. Thanks again.
19/02/2016 at 01:54 #2011Biranit GorenParticipantVery glad to hear. Thank you!
21/02/2016 at 11:40 #2016Biranit GorenParticipantHi Vladimir,
I realized later that I actually have a conceptual mistake: if all users get the same term_id set — then all users will be able to edit other users’ posts ๐
So instead, I am using the user’s user_id as the term, and my functions look as follows:
function rgb_allow_user_posts($post_id, $post, $update) { global $pagenow, $wpdb; if ($pagenow !=='post-new.php') { // for new added post only return; } $user_id = get_current_user_id(); $terms_list_str = get_user_meta($user_id, 'wp_ure_categories_list', true); if (empty($terms_list_str)) { return; } $restriction_type = get_user_meta($user_id, 'wp_ure_posts_restriction_type', true); if ($restriction_type!=1) { // allow return; } wp_set_object_terms( $post_id, strval($user_id), 'ure', false); } add_filter('wp_insert_post', 'rgb_allow_user_posts', 10, 3); function rgb_add_user_term($user_id) { $organizations = get_user_meta($user_id, 'wp_ure_categories_list', true); if ($organizations!='' && get_user_meta($user_id, 'wp_ure_posts_restriction_type', true)=='1') { $user_term = get_term_by( 'name', $user_id, 'ure'); $vals = explode(', ', $organizations); if (!in_array($user_term->term_id, $vals)) { $organizations = '$user_term->term_id . ', ' . $organizations; update_user_meta($user_id, 'wp_ure_categories_list', $organizations); } } } add_action('profile_update', 'rgb_add_user_term', 99);
Hope this helps…
Thanks,
Bira
22/02/2016 at 00:27 #2018VladimirKeymasterHi Bira,
This add-on does not give to a user new permission. It setups restrictions for the existing permissions only. So it should not allow to edit others posts until user actually has ‘edit_others_posts’ capability.
Some sites has tens thousands of users. Creation of unique term for every user is not very effective solution…
22/02/2016 at 06:43 #2019Biranit GorenParticipantWell, I think we need to figure a solution.
Correct me if I’m wrong, but if I give all users with the “allow” taxonomy IDs, the same term_id (as I did initially) then one user will be able to edit another user’s posts.
I bought the User Role Editor Pro plugin, because it solved a problem that I had: I needed to give users the ability to edit posts that are not theirs, if they have a certain taxonomy. This, on top of their own posts of course.
For some reason, the way the plugin works, is that it won’t let a user add a new post without auto-assigning the post a term_id from the allowed user’s taxonomy IDs. If you figure out a way to NOT require that — then there won’t be a necessity for a unique term_id per user…
-
AuthorPosts
- You must be logged in to reply to this topic.