Forum Replies Created

Viewing 15 posts - 16 through 30 (of 31 total)
  • Author
    Posts
  • Hello Vladimir,

    Revisiting this with an update. We have shibboleth plugin configured to set Primary role to “Subscriber” on each login – so that sort of solved the mystery.

    This time, I have a question for what happens when we do “Update Network”.
    Setup includes
    1) Multisite with roles and users at network level.
    2) There are sub sites, that have users with “Other Roles” set with site-specific roles, and or network level roles. Some sites need roles that should not visible to other sites.

    Test Workflow:
    1) Add a capability to a network level role- “Site Editor”
    2) Update Network

    Expected result is that only the capabilities of that role, for all subsites is updated. The User>Role Assignment is not modified.

    However, after the Update Network, we notice that sub site level user>role assignment is lost.

    Can you please explain what we need to do, so we don’t have users losing roles on sub sites, but we are still able to add/remove capabilities for network level roles.

    Thanks,
    Shweta

    I meant: “GA Site Administrator” role, which is a collection of many capabilities that seem distinct from the Keymaster capabilities as far as I can tell.

    Basically GA Site Administrator is unrelated to Keymaster, yet it gives users ability to see the page. This ability to see pages by those that are not in the specified group to view the page could be a security risk.

    Ok Thanks! I will probably create a shortcode because I do need to add a custom URL.

    I meant, under “General” tab there is no message, but there is one under “Additional Modules”

    I do see the settings under My Sites > Network Admin > Settings > User Role Editor

    Under the “Additional Modules” tab there is no message under “General” but under “Additional Modules” there is a Content View Restrictions heading with a “Message for post access error:” textbox. This is the one you are referring to correct?

    So, I am presuming that there is no way to have a different message for a given site, there is only one message for the entire network, correct?

    Thanks.

    in reply to: Custom User Edit Page #3838

    Vladimir,

    This is the grant-roles.php file in the plugin code. I was just modifying it to debug.
    The contructor instantiates $lib, and within show_grant_roles_html, its used as $this->lib, which passes through and works.

    
     public function __construct() {
            
            $this->lib = URE_Lib::get_instance();   
    
       
        public function show_grant_roles_html() {
    
            if (!$this->lib->is_right_admin_path('users.php')) {      
    	    return;
            }   
    	   
           // if ( !current_user_can('edit_users')) {
            if ( !current_user_can('edit_users')) {
                /*echo " IN show_grant_roles_html ".current_user_can('edit_users');
    	    if(current_user_can('ga_site_administrator'))
    			echo " use has ga_site_administrator";	
                print_r(get_role('ga_site_administrator' )->capabilities);   
    	    */
    
    		return;
            }
    

    The moment i change ga_site_administrator (which is a custom role, with edit_users capability), the to ‘edit_users’, the grant roles button disappears.

    Also, another interesting thing – with my change applied – if I select 1 user and click on Grant Roles, I get URE: Insufficient Privileges. If I select 2 or more, It brings up the html for Granting Roles.

    Thanks,

    Shweta

    in reply to: Custom User Edit Page #3834

    FYI: To test, I removed edit_users in this function, and replaced with the custom role-‘ga_site_administrator’ — and Grant Roles showed up. However, since it’s in the plugin code, it should be fixed there.. eventually. What could be going wrong?

    
     public function show_grant_roles_html() {
            if (!$this->lib->is_right_admin_path('users.php')) {
                return;
            }
            if (!current_user_can('ga_site_administrator')) {
    

    Image didn’t get included earlier.. trying again.

    The bug it seems is that it’s not passing !current_user_can(‘edit_users’), even even the capabilities listed for the user show that edit_users => 1

    grant roles

    in reply to: Custom User Edit Page #3833

    Vladimir,

    I finally got to setting this up. I’ve applied the filter to return true using the code for user with role ‘ga_site_administrator’. I tried to debug, and added some debug statements in classes/grant-roles.php

    FILTER TO ALLOW GRANT ROLES FOR EDIT_USERS

    
    add_filter('ure_bulk_grant_roles', 'ga_show_ure_bulk_grant_roles');
    function ga_show_ure_bulk_grant_roles($show) {
        
        if(current_user_can_for_blog(null, 'ga_site_administrator') && !ga_is_super_admin())
        {
           $show = TRUE;
           echo " Show GRANT ROLES ";
        }
        
    
        return $show;
    }
    

    GRANT ROLES CODE:

    
     public function show_grant_roles_html() {
            if (!$this->lib->is_right_admin_path('users.php')) {
                return;
            }
            if (!current_user_can('edit_users')) {
                echo " IN show_grant_roles_html ".current_user_can('edit_users');
                if(current_user_can('ga_site_administrator'))
                            echo " use has ga_site_administrator";  
                print_r(get_role('ga_site_administrator' )->capabilities);   
    
                return;
            }
    ?>        
    

    Grant Roles - edit_users capability still doesn't show up

    in reply to: Custom User Edit Page #3791

    Vladimir,

    Clicking on Grant Roles, pops up the window with Primary Role and Secondary roles- but the user’s roles are not pre-selected. I think the previously set roles should be selected before the user starts to make changes. Can you check on that please?

    in reply to: Custom User Edit Page #3732

    Thanks! I will try it in our stage env and provide feedback.

    in reply to: Custom User Edit Page #3725

    Vladimir,

    Any ETA on the update? We have a critical implementation for a site, pending your update.

    Thanks for working on this.

    -Shweta

    in reply to: Custom User Edit Page #3684

    That’s great.. Let us know when you are ready!

    -Shweta

    in reply to: Custom User Edit Page #3667

    Thats great. When do you think this could be released?

    Thanks,
    Shweta

    in reply to: Custom User Edit Page #3641

    Vladimir,

    another thing – With Grant Roles, it seems the list is not limited by the “Other Roles access”, and when user is granted those roles, it overwrites their primary role for the site too.

    Is it possible, to Not allow this ‘user-manager’ to update the primary role, instead just update the “Other Roles” using Grant Roles button on All Users page?

    in reply to: Custom User Edit Page #3639

    Vladimir,

    Thank you so much for your quick response, and suggestion to update the code for this. I will try out this recipe and see how it works. We do require non-admin user, to be able to grant multiple roles.

    Thanks,
    Shweta

Viewing 15 posts - 16 through 30 (of 31 total)