[Vladimir]

Hi,

It does not have sense to set any restriction to the user or role if you allow him full access to the plugins: deactivating plugins, installing new plugins use can get full access to the site. The same is right if you give to a user a full access to the User Role Editor.

If you need to provide a restricted access to the WordPress admin back-end, first of all restrict it revoking unneeded user capabilities from the role. Leave capability at the role just in case user can not access some menu item without it.

I created another test role () at your site for demonstration and excluded from it almost all user capabilities you blocks with “Admin Menu”. Just after that I blocked the rest unneeded menu items with “Admin Menu”.

There are much less menu items to block. So, in order to provide you a quick decision for the product search problem with ‘wp-lister’ plugin, I blocked admin menu items for new role with “Block selected” model. When you block menu items using ‘block selected’ URE blocks just them and does not try to block others.
When you use “block not selected” URE compares full URLs, taking in account all parameters and, even if the main menu link is allowed, but you try to open it with the additional parameters, URE may block it, if parameters are not found in the list of allowed parameters. This is a reason why “product search with module” via wp-lister does not work currently with “block not selected” model.

Please test if user with new restricted role has the access, which you try to configure.

[Vladimir]

>> I want to give them all the access but im restricting the functions via the ADMIN MENU if that make sense.

Good point. I see that the latest update in this part excluded users with “delete_users” capability from the scope of “Admin access menu” and other add-ons because of WordPress’s built-in is_super_admin() function counts them as superadmin users under single site WordPress.
I will rollback this change with a next update. For the time being you may replace is_super_admin() method in the includes/classes/ure-lib.php file with this version:

/**
     * Returns true if user has a real super administrator permissions
     * It takes into account $this->raised_permissions value, in order do not count a user with temporally raised permissions 
     * of a real superadmin under WP Multisite
     * For WP Singlesite superadmin is a user with 'administrator' role only in opposite the WordPress's is_super_admin(),
     * which counts any user with 'delete_users' capability as a superadmin.
     * 
     * @param int $user_id
     * @global WP_User $current_user
     * @return boolean
     */
    public function is_super_admin($user_id = false) {
                
        if (empty($user_id)) {
            $user = wp_get_current_user();
            $user_id = $user->ID;
        } else {
            $user = get_userdata($user_id);
        }
        if (!$user || !$user->exists()) {
            return false;
        }
        
        if ($this->multisite && !$this->raised_permissions && is_super_admin($user_id)) {
            return true;
        }
        
        if (!$this->multisite && $this->user_has_capability($user, 'administrator')) {
            return true;
        }                
        
        return false;
    }
    // end of is_super_admin()

[Vladimir]

1. Does, a new role contain ‘delete_users’ capability? User Role Editor Pro does not apply restrictions to the superadmin users. It uses WordPress built-in is_super_admin() function to check this. WP checks ‘delete_users’ capability to define if not multisite WP user is super admin or not.

2. You may send a copy of wp-lister plugin to support [at-sign] role-editor.com
I will test and make suggestion on the issue.

[Vladimir]

Hi,

Yes, 4.29 contains the fix for the search issue.

I confirm, the admin menu access data should not be changed with this update. Please re-check “Admin menu” settings for the role. Are they in place?

[Vladimir]

Right, you need to activate the “Posts edit access restrictions” add-on.

I thought you activated it after reading this “…only be able to edit their Inventory posts…”.

[Vladimir]

If user should edit just his own data remove ‘edit_others_inventorys’, ‘delete_others_inventorys’.
To hide from the listings the items created by other authors open ‘Posts Edit’ for the role and turn ON the “Own data only” checkbox.

[Vladimir]

‘Yes’ on both questions.

[Vladimir]

Thanks.

Temporal workaround: You may give ‘manage_options’ to the role for this user and use “Admin menu access” add-on to block extra menu items which will become available to the user after that.

Investigate a problem at the dev. copy. Try to deactivate all plugins (may be except one which creates a CPT inventory if you use some). Will it change situation?

[Vladimir]

Could you temporarily set via wp-config.php the debug output for WordPress and let me know the error message?
May be you can look at the server PHP or Apache system logs to get more information about the reason of this problem.

[Vladimir]

Hi,

1) Thanks for this information. I added BuddyPress custom action to the URE Pro in order it may catch meta boxes added by BP to the user profile “Extended Profile” tab. Fix is available with the development version 4.29.b10.

2) BuddyPress does not create its own roles. Give me more details what does not work?

[Vladimir]

Hi,

When you set edit restrictions for the role or user User Role Editor applies this restriction to all post types including the ‘attachment’ one. WordPress use this post type for the Media Library items.
It’s possible to exclude some post types from this restriction scope with custom filter:

ure_restrict_edit_post_type

Try to exclude ‘attachment’ post type from edit restrictions using this filter.

[Vladimir]

Hi,

Thanks for this note. I confirm this problem with “Admin menu access” add-on code. Additional permissions will not help here. Fix for it was included into upcoming version 4.29. It’s available currently for testing as a development version from the same download page. I will publish it this month.
This is a related part of changes:
– WooCommerce products, orders, coupons filtering arguments in URLs are supported now.
If you prohibited for the role ‘Posts’ menu, but allowed WooCommerce ‘Products’, ‘Orders’ or ‘Coupons’ (use the same edit.php in URL), you could meet a problem with filtering WooCommerce product by category or product type, etc. User would be redirected to the dashboard. This means that URLs with filtering parameters in it (like product_cat, product_type) was blocked by URE Pro.

[Vladimir]

Thanks for staying with User Role Editor Pro. Your account and license expiration date is OK. I suppose that it’s a caching problem. WordPress caches the result of its update requests for 24 hours. Try to force download page refresh at the browser too (or even clear browser cache).

[Vladimir]

User Role Editor does not offer such feature. Custom PHP coding is required.

[Vladimir]

Hi,

In order subsites have the same roles you may go to the “Network Admin->Users->User Role Editor” and click the “Network Update” button. All subsites will get roles from the main site as a result.

In order a user has the same 2 roles at the all subsites you may go to the “Network Admin->Users”, find needed user row and click “Capabilities” under it. Then click “Network Update”. User will get the same 2 roles at every subsite as he has at the main site.

[Author]

Posts