Secondary Roles Issue

[waynebaker]

Hi

I have a site where I am using URE along with Tutor LMS and Woocommerce.

The roles are Administrator, Manager, Instructor (this instructor role is created by Tutor LMS on plugin installation)

If I assign a user the role of Manager they are able to manage the woocommerce, store, products etc just fine. However they are not Instructors for Tutor LMS and therefore cannot create and manage courses despite having all the permissions for doing so. As a result I add Instructor as an additional role, this then allows them to create courses in Tutor LMS rather than seeing the permission denied screen however when managing products and coupon codes in woocommerce they can now only see and manage ones they have created.

In URE I have ensured that the option to manage their own posts only is not checked. It is all around if I add this secondary role to them or not. Tutor LMS requires this secondary role to function correctly so I am at a loss. Any ideas?

Thanks

[Vladimir]

Hi,

You have to resolve this issue with Tutor LMS developers.

Tutor LMS automatically restricts all users, who are don’t have role ‘administrator’, but have role ‘tutor_instructor’, by posts created by current user – for all post types, including WooCommerce products, orders, etc. I think, this is a bug, and they should restrict access for the own custom post types only, not for all as they do currently.

I tested free version of Tutor LMS. I granted to user with editor role the 2nd role – tutor_instructor. Editor automatically lost access to the all posts and pages except his own.

Here is the code responsible for the problem (tutor/classes/Admin.php):

add_action('admin_init', array($this, 'filter_posts_for_instructors'));

...

/**
 * Filter posts for instructor
 */
public function filter_posts_for_instructors(){
	if ( ! current_user_can('administrator') && current_user_can(tutor()->instructor_role)){
		@remove_menu_page( 'edit-comments.php' ); //Comments
		add_filter( 'posts_clauses_request', array($this, 'posts_clauses_request') );
	}
}

public function posts_clauses_request($clauses){
	global $wpdb;

	$user_id = get_current_user_id();

	$get_assigned_courses_ids = $wpdb->get_col($wpdb->prepare("SELECT meta_value from {$wpdb->usermeta} WHERE meta_key = '_tutor_instructor_course_id' AND user_id = %d", $user_id));

	$custom_author_query = "AND {$wpdb->posts}.post_author = {$user_id}";
	if (is_array($get_assigned_courses_ids) && count($get_assigned_courses_ids)){
		$in_query_pre = implode(',', $get_assigned_courses_ids);
		$custom_author_query = "  AND ( {$wpdb->posts}.post_author = {$user_id} OR {$wpdb->posts}.ID IN({$in_query_pre}) ) ";
	}

	$clauses['where'] .= $custom_author_query;

	return $clauses;
}

[Author]

Posts