[Vladimir]

I can’t use “Block Not Selected” if I’m working with custom post types – as these are always edited with a URL similar to “wp-admin/post.php?post=nn&action=edit’. Is that correct?

No, in general, it’s possible to use “block not selected” option with custom post types. I suppose, that a possible source of a problem in your case is that the link like ‘wp-admin/post.php?post=nn&action=edit’ would be associated with one of the existed (but not selected and thus blocked) admin menu item, created by a theme or plugin. URE does not block any link except selected, just not selected links included into admin menu should be blocked.

Try to look for similar URL at the list of URLs shown at the dialog window when you click ‘Admin menu’ for the role. Is there such URL? To what plugin does it belong?

[Vladimir]

Hi Donal,

When you select a menu item to be blocked, URE does not simply hides it. URE blocks the URL assigned to the hidden menu item. Any try to use blocked URL leads to the redirection to URL, assigned to the 1st available (not blocked) menu item.

When we work with ‘block not selected’ model – all URLs from the main admin menu except apparently selected become blocked. So I suppose that you have some menu item with similar URL, like ‘wp-admin/post.php?post=nn&action=edit’ and it’s counted as blocked.

I can not repeat described situation at my development environment though, as I don’t have supposed menu item.

All selected URLs under “block selected’ model should be really blocked. Can you show an example when you turn ON some checkbox but still can access that URL typing it directly at a browser address bar?

Combining “Admin menu access” data from multiple roles assigned to the same user, you have to take into account this logic:
– assigned restrictions take effect in the assigned roles order. Admin menu blocking data from the 1st (primary) role takes effect always;
– data from the rest roles are taking into account only if they use the same blocking model. For example, if the 1st role has ‘block selected’ model, but the 2nd role has ‘block not selected’ model, the 2nd role ‘admin menu access’ data is ignored.
– ‘admin menu access’ data from other roles with the same blocking model are added to the data from the 1st role.

If you have an example when the rules described above don’t work, let’s discuss it. I will try to repeat the situation and fix the bug if we discover it.

[Vladimir]

Thanks for letting me know that problem was resolved.

User Role Editor includes control of input characters for role ID and does not allow spaces inside it. I did not suppose that you created new roles beyond User Role Editor.

[Vladimir]

1) Try with default WordPress 2017 theme, as theme code may be involved too.
If it will not isolate conflict,
2) Setup development copy of your site to which you can give me admin access. I will search a reason of this problem myself.

[Vladimir]

I suppose a conflict with some other plugin. Try to deactivate all other plugins temporally. Will it help? Then activate them back one by one to isolate a conflicting code.
Then I will try to repeat your issue testing URE with that plugin together.

[Vladimir]

Try to deactivate all plugins except User Role Editor to isolate a conflicting one.

I may take a look on-line if you send admin credentials to support [at-sign] role-editor.com

[Vladimir]

“Edit posts restrictions” – “Activate user access management to editing selected posts/pages” at the “Content editing restrictions section”:

Allow user to edit selected posts and pages only

[Vladimir]

Check browser JavaScript console if it has any JavaScript errors. It’s possible that jQuery doesn’t work correctly at user profile for that reason.

As a workaround you can assign a second role to the user via “Capabilities” link under that user at the users list or if you click “Edit” link to the right from the “Capabilities” label.

[Vladimir]

Correct, every subsite at WP multisite has its own options table db_prefix + blog_id + ‘options’. So we have to make select against every wp_i_options table for every subsite.

uninstall.php is executed inside WP only when you delete plugin at “Plugins” page by click at the ‘Delete’ link. I offered to look at the code to get the idea, where URE stores its data.

Do you see any roles at subsites? Just to check lost you them or no after db prefix change.

I suppose that you have access to “Network admin->Plugins”. So you can network deactivate “User Role Editor Pro”. Click ‘Delete’ under its row after that to fully delete User Role Editor Pro.

1st, try to network deactivate/activate back User Role Editor Pro. Plugin tries to restore its own user capabilities at activation in case they are lost.

[Vladimir]

The same result I got for the ‘Edit posts restrictions’ add-on: When user was granted 2 roles, where 1st is allowed to edit 1 category, but 2nd is allowed to edit 2 category only, such user is allowed to edit (see at the Posts list) posts from the both categories simultaneously.

Re-check your settings for roles and user and show screenshot if a problem will stay unresolved.

[Vladimir]

Hi,

Example below is shown for the default db prefix ‘wp_’.

1st, WordPress core stores user roles with capabilities at wp_options db table at option name ‘wp_user_roles’:

SELECT * FROM wp_options WHERE option_name='wp_user_roles';

If db prefix was changed, WP will not find its user roles.

2nd, look at the user-role-editor-pro/uninstall.php
You will see there where URE Pro stores its settings and additional modules data and how to delete theme using SQL tool.

It does not prevent access to the Users->User Role Editor menu. It seems you lost user roles, so try to change user roles option_name value using new db prefix.

[Vladimir]

Hi,

Just retested ‘Content view restrictions’ add-on: user with 2 roles can view together posts with category 1 allowed for the 1st role and posts with category 2 allowed for the 2nd role.

[Vladimir]

Hi,

Do you use “admin menu access” add-on and restrict some menu items for this role?
If ‘Yes’, send me full URL with parameters which was redirected to other menu items after you click search orders button.

[Vladimir]

It seems that you use an older version of Woocommerce. If we look at the latest one, this code looks like:

public function prevent_admin_access() {
		$prevent_access = false;

		if ( 'yes' === get_option( 'woocommerce_lock_down_admin', 'yes' ) && ! is_ajax() && basename( $_SERVER["SCRIPT_FILENAME"] ) !== 'admin-post.php' ) {
			$has_cap     = false;
			$access_caps = array( 'edit_posts', 'manage_woocommerce', 'view_admin_dashboard' );

			foreach ( $access_caps as $access_cap ) {
				if ( current_user_can( $access_cap ) ) {
					$has_cap = true;
					break;
				}
			}

			if ( ! $has_cap ) {
				$prevent_access = true;
			}
		}

		if ( apply_filters( 'woocommerce_prevent_admin_access', $prevent_access ) ) {
			wp_safe_redirect( wc_get_page_permalink( 'myaccount' ) );
			exit;
		}
	}

You can see that ‘view_admin_dashboard’ was added. This could be the reason why this capability did not work for you. Custom code to add WooCommerce’s ‘woocommerce_prevent_admin_access’ filter is not needed with it. So, in hope that the most of clients use the latest version of WooCommerce, there is no need to add such code to the User Role Editor.

[Vladimir]

Strange. Try to exclude redirection to front-end with this filter (add code to the functions.php file of your active theme):

add_filter('woocommerce_prevent_admin_access', '_wc_prevent_admin_access', 10, 1);
 
function _wc_prevent_admin_access($prevent_admin_access) {
 
    return false;
}

Will it work?

[Author]

Posts