Forum Replies Created
-
Posts
-
You don’t need to add these snippets to CS plugin. I took them from its source code to show you the possibility to change ‘manage_options’ to any other user capability.
If do not change that, just grant ‘manage_options’ capability to shop manager. It will get access to the ‘Snippets’ admin menu. Also it will get access to all other admin menu items, protected by ‘manage_options’, like ‘Settings’ for example. You can block them using “Admin menu access” add-on included into URE Pro.Hi,
1. I clarify the meaning of ‘Reset’ action in this case with 2 detailed subsequent text warnings. This is a reason, why I will not change the thing which is 8+ years old.
2. I accept and will realize this suggestion. Thank you.
3. I fixed the image links in the mentioned article. Thanks again.Hi,
Code Snippets plugin uses ‘manage_options’ user capability and ‘manage_network_options’ for the WordPress multisite.
It allows to replace default user capability via custom filters:
code_snippets_cap:/** * Retrieve the name of the capability required to manage sub-site snippets * * @return string */ public function get_cap_name() { return apply_filters( 'code_snippets_cap', 'manage_options' ); }and
code_snippets_network_cap:/** * Retrieve the name of the capability required to manage network snippets * * @return string */ public function get_network_cap_name() { return apply_filters( 'code_snippets_network_cap', 'manage_network_options' ); }Take into account that user who can execute PHP code at the site server can get superadmin access in a minute. You should trust to such person.
Hi,
Quick fix for WooCommerce roles is to deactivate and activate back WooCommerce plugin. WC restores its roles automatically on activation.
To @aakraak:
Grant subscriber role to some user and login as that user or switch to it using “User Switching plugin.
Hi,
Currently there is no such workaround. Restriction is applied to all existing taxonomies at once.
I will think how to exclude selected taxonomies from the restriction using custom filter and apply this to one of the future versions.It’s by design. WordPress multi-site has superadmin, for which WordPress does not check any user capability at all. URE does not add any capability to single site ‘administrator’ role for this reason.
You can go to “Network admin->Users->User Role Editor”, select “Administrator” role, add ‘create_%’ capabilities to it, save changes. It was made for the main site. Then click ‘Update Network’. This way all roles from main site will be replicated to all other subsite.
You can replicate only administrator role to other subsites – if open URE directly from the main site, select “Administrator” role, turn ON the “Apply to All sites” checkbox then click “Update”.
Erik,
You use custom code to retrieve posts via WordPress API function get_posts() and does not include post_status argument to the arguments list. Function get_posts() uses ‘publish’ value for this argument as a default one in this case, line #2133:
So if you wish to make available records with ‘draft’ status too, you have to execute the separate query with ‘post_status’=>’draft’ argument added and concatenate the result of both queries.
Hi,
It seems as expected behavior. Restriction by category ID is global for all taxonomies. So when you all to see at backend and edit only posts with category (taxonomy) ID=3, you automatically prohibit editing posts with any other taxonomy ID. Thus use can not add to the post new tags/taxonomies.
As about 0 items at the tags or categories page, it is a result of URE’s internal caching. But if you limit user to edit post only with the restricted list of existing taxonomies – you should not allow him to edit them. You have to delegate this function to another user according to my logic. So taxonomy editing pages should not be available to a user restricted such way.
Hi,
I have made own tests. I can not repeat described issue with post and/or events restricted by built-in categories. If it’s possible to look at your site with admin privileges send URL and user credentials to my support email address.
Update: as function can accept parameter $user_id, we have to check not current user only, but a user with ID equal $user_id value:
public static function can_manage_data($user_id = 0) { if ($user_id === 0) { $user = wp_get_current_user(); } else { $user = get_userdata($user_id); } /* if (in_array('administrator', $user->roles) OR in_array('editor', $user->roles)) { return TRUE; } */ if ( user_can( $user, 'edit_others_posts') ) { return TRUE; } return FALSE; }Fix is possible, if you are ready to edit this plugin code.
Replace can_manage_data() function at bulk-editor/classes/helper.php file (#356) with the version below. It allows to use plugin to any user who can ‘edit_others_posts’:public static function can_manage_data($user_id = 0) { if ($user_id === 0) { $user = wp_get_current_user(); } else { $user = get_userdata($user_id); } /* if (in_array('administrator', $user->roles) OR in_array('editor', $user->roles)) { return TRUE; } */ if ( current_user_can('edit_others_posts') ) { return TRUE; } return FALSE; }Take into account that you have to repeat this editing after any plugin update.
WPBE plugin developer decides that this plugin should be available only to users with ‘administrator’ or ‘editor’ role. Instead of user capability, which you would grant to any custom role, plugin checks directly ‘administrator’ and ‘editor’ role before add its menu page:
if (WPBE_HELPER::can_manage_data()) { add_action('admin_menu', function() { add_menu_page(esc_html('WPBE Bulk Editor', 'bulk-editor'), esc_html('WPBE Bulk Editor', 'bulk-editor'), 'publish_posts', 'wpbe', function() { $this->print_plugin_options(); }, 'dashicons-hammer', 90); }, 99); }public static function can_manage_data($user_id = 0) { if ($user_id === 0) { $user = wp_get_current_user(); } else { $user = get_userdata($user_id); } // !!! this condition does not allow custom roles to use this plugin if (in_array('administrator', $user->roles) OR in_array('editor', $user->roles)) { return TRUE; } return FALSE; }Hi,
URE uses WP_User::add_role() method (wp-includes/class-wp-user.php, #536 (WP v. 5.7) in this case, which fires this action
do_action( 'add_user_role', $this->ID, $role );Check current page and additional parameters to execute your own hook only for the “Users” page and “Add Role” bulk action, not for other cases. For example, URE itself checks this:
if ( ( !empty( $_REQUEST['ure_add_role'] ) && !empty( $_REQUEST['ure_add_role_submit']) ) || ( !empty( $_REQUEST['ure_add_role_2'] ) && !empty( $_REQUEST['ure_add_role_submit_2'] ) ) ) { // do something ...
