[Biranit Goren]

Well, I think we need to figure a solution.

Correct me if I’m wrong, but if I give all users with the “allow” taxonomy IDs, the same term_id (as I did initially) then one user will be able to edit another user’s posts.

I bought the User Role Editor Pro plugin, because it solved a problem that I had: I needed to give users the ability to edit posts that are not theirs, if they have a certain taxonomy. This, on top of their own posts of course.

For some reason, the way the plugin works, is that it won’t let a user add a new post without auto-assigning the post a term_id from the allowed user’s taxonomy IDs. If you figure out a way to NOT require that — then there won’t be a necessity for a unique term_id per user…

[Biranit Goren]

Hi Vladimir,

I realized later that I actually have a conceptual mistake: if all users get the same term_id set — then all users will be able to edit other users’ posts 🙂

So instead, I am using the user’s user_id as the term, and my functions look as follows:

function rgb_allow_user_posts($post_id, $post, $update) {
	global $pagenow, $wpdb;
	
	if ($pagenow !=='post-new.php') {   // for new added post only
	    return;
	}
	
	$user_id = get_current_user_id();
	
	$terms_list_str = get_user_meta($user_id, 'wp_ure_categories_list', true);
	if (empty($terms_list_str)) {
	    return;
	}
	
	$restriction_type = get_user_meta($user_id, 'wp_ure_posts_restriction_type', true);
	if ($restriction_type!=1) {   // allow
	    return;
	}
	
	wp_set_object_terms( $post_id, strval($user_id), 'ure', false);
}
add_filter('wp_insert_post', 'rgb_allow_user_posts', 10, 3);

function rgb_add_user_term($user_id) {
	$organizations = get_user_meta($user_id, 'wp_ure_categories_list', true);
	if ($organizations!='' && get_user_meta($user_id, 'wp_ure_posts_restriction_type', true)=='1') {
		$user_term = get_term_by( 'name', $user_id, 'ure');
		$vals = explode(', ', $organizations);
	   	if (!in_array($user_term->term_id, $vals)) {
	   		$organizations = '$user_term->term_id . ', ' . $organizations;
	   		update_user_meta($user_id, 'wp_ure_categories_list', $organizations);
	   	}
	}
}
add_action('profile_update', 'rgb_add_user_term', 99);

Hope this helps…

Thanks,

Bira

[Biranit Goren]

Very glad to hear. Thank you!

[Biranit Goren]

OK… another update 🙂

I was able to confirm that the auto_assign_term function simply doesn’t work — for whatever reason. So I set about creating my own flow to do something similar, and therefore I was able to solve this issue as follows:

1) I registered a custom taxonomy called “ure”;
2) I added a term called “always” to this taxonomy — its term_id is 969
3) I added a function to functions.php that ensures that 969 is added to the list of IDs, if such list exists:

function rgb_add_term_969($user_id) {
	$organizations = get_user_meta($user_id, 'wp_ure_categories_list', true);
	if ($organizations!='' && get_user_meta($user_id, 'wp_ure_posts_restriction_type', true)=='1') {
		$vals = explode(', ', $organizations);
	   	if (!in_array('969', $vals)) {
	   		$organizations = '969, ' . $organizations;
	   		update_user_meta($user_id, 'wp_ure_categories_list', $organizations);
	   	}
	}
}
add_action('profile_update', 'rgb_add_term_969', 99);

4) I then added a function that always adds term 969 to a new post:

function rgb_allow_user_posts($post_id, $post, $update) {
	global $pagenow, $wpdb;
	
	if ($pagenow !=='post-new.php') {   // for new added post only
	    return;
	}
	
	$terms_list_str = $this->user->get_categories_list();
	if (empty($terms_list_str)) {
	    return;
	}
	
	$restriction_type = $this->user->get_restriction_type();
	if ($restriction_type!=1) {   // allow
	    return;
	}
	
	wp_set_object_terms( $post_id, 969, 'ure', false);
}
add_filter('wp_insert_post', 'rgb_allow_user_posts', 10, 3);

And this now works…

The difference is that you are using wp_set_post_terms — which is very precarious on how it treats IDs — rather than treating them as integers, it appears to sometimes treat them as a string, thus adding a new term whose name is 969 — rather than using the existing term_id 969. Using wp_set_object_terms seemed to help me here.

So now my users are able to add new posts, and they don’t have to set any taxonomy.

Thanks 🙂

Bira

[Biranit Goren]

Well, I tried doing this myself — I created a taxonomy called “ure” and added a term to it. Then appended term_id 969 to all users’ meta value of wp_ure_categories_list.

I then added a function on my functions.php that auto-assigns term_id 969 to the post, and hooked it into the filter wp_register_post.

It did NOT work — the message “You are not allowed to edit this post.” continues to show… 🙁

[Biranit Goren]

Vladimir, I think I know what is happening.

Your solution to the issue reported here, I believe, was to add the function “auto_assign_term”. However, this is a really problematic solution — and in my website’s case, I think it might not work at all. Here’s why.

Let’s say that I have user called Joe who is allowed to publish his own blog posts, but also has permissions to publish/edit posts on behalf of an organization called YMCA. We have a custom taxonomy called “organizations”. So this user can add stories “by Joe” or stories “By Joe for YMCA”. He can also edit other stories that were published for YMCA.

Now, with your function auto_assign_term — you are a) forcing that post to have this custom taxonomy attached to it, when we don’t actually want it; and b) because we have a different wp_set_post_terms() function running on save_post, we are essentially deleting the term you auto_assigned.

This is my guess.

In my opinion, the correct way to solve this issue is for you to create a custom taxonomny called “ure” (for example) which has a single term called “allow” — and you assign THAT term to any new post by that user. This way, this term will never be deleted by any other plugin or function, your custom taxonomy is hidden and doesn’t clash with existing taxonomies, and by adding THAT you will ensure a user can always add posts even before or without setting the taxonomy he’s restricted to.

Your thoughts?

Thanks,

Bira

[Biranit Goren]

Hi Vladimir,

I am running version 4.23.2 — and I’m afraid this is the problem I get. A user with taxnomy IDs in his profile cannot add new posts, he can only edit existing posts that have the taxonomy in his profile.

Just to be clear: if someone has taxonomies in his profile, he should be able to :

a) start a new post without any taxonomy;
b) start a new post with the taxonomy ID that’s in his profile.

Am I correct?

Well, right now, as I said, I have the exact issue described in the opening post…

Many thanks for your help,

Bira

[Biranit Goren]

I have the exact same problem, and the issue is quite urgent. Is there a patch we can put in place until a new update with a fix comes along?

Many thanks

[Biranit Goren]

OK, I believe I managed to resolve this.

Please close this thread 🙂

[Biranit Goren]

Update:

By adding the following code to functions.php, I am now able to allow users access to the media library:

function rgb_show_attachments_full_list($show_full_list) {
    return true;
}
add_filter('ure_attachments_show_full_list', 'rgb_show_attachments_full_list', 10, 1);

However, users cannot USE images from the media library in their posts — they are only limited to seeing the images.

Can you help please?

Thanks,

Bira

[Author]

Posts