Forum Replies Created
-
Posts
-
Hi,
It seems as expected behavior. Restriction by category ID is global for all taxonomies. So when you all to see at backend and edit only posts with category (taxonomy) ID=3, you automatically prohibit editing posts with any other taxonomy ID. Thus use can not add to the post new tags/taxonomies.
As about 0 items at the tags or categories page, it is a result of URE’s internal caching. But if you limit user to edit post only with the restricted list of existing taxonomies – you should not allow him to edit them. You have to delegate this function to another user according to my logic. So taxonomy editing pages should not be available to a user restricted such way.
Hi,
I have made own tests. I can not repeat described issue with post and/or events restricted by built-in categories. If it’s possible to look at your site with admin privileges send URL and user credentials to my support email address.
Update: as function can accept parameter $user_id, we have to check not current user only, but a user with ID equal $user_id value:
public static function can_manage_data($user_id = 0) { if ($user_id === 0) { $user = wp_get_current_user(); } else { $user = get_userdata($user_id); } /* if (in_array('administrator', $user->roles) OR in_array('editor', $user->roles)) { return TRUE; } */ if ( user_can( $user, 'edit_others_posts') ) { return TRUE; } return FALSE; }Fix is possible, if you are ready to edit this plugin code.
Replace can_manage_data() function at bulk-editor/classes/helper.php file (#356) with the version below. It allows to use plugin to any user who can ‘edit_others_posts’:public static function can_manage_data($user_id = 0) { if ($user_id === 0) { $user = wp_get_current_user(); } else { $user = get_userdata($user_id); } /* if (in_array('administrator', $user->roles) OR in_array('editor', $user->roles)) { return TRUE; } */ if ( current_user_can('edit_others_posts') ) { return TRUE; } return FALSE; }Take into account that you have to repeat this editing after any plugin update.
WPBE plugin developer decides that this plugin should be available only to users with ‘administrator’ or ‘editor’ role. Instead of user capability, which you would grant to any custom role, plugin checks directly ‘administrator’ and ‘editor’ role before add its menu page:
if (WPBE_HELPER::can_manage_data()) { add_action('admin_menu', function() { add_menu_page(esc_html('WPBE Bulk Editor', 'bulk-editor'), esc_html('WPBE Bulk Editor', 'bulk-editor'), 'publish_posts', 'wpbe', function() { $this->print_plugin_options(); }, 'dashicons-hammer', 90); }, 99); }public static function can_manage_data($user_id = 0) { if ($user_id === 0) { $user = wp_get_current_user(); } else { $user = get_userdata($user_id); } // !!! this condition does not allow custom roles to use this plugin if (in_array('administrator', $user->roles) OR in_array('editor', $user->roles)) { return TRUE; } return FALSE; }Hi,
URE uses WP_User::add_role() method (wp-includes/class-wp-user.php, #536 (WP v. 5.7) in this case, which fires this action
do_action( 'add_user_role', $this->ID, $role );Check current page and additional parameters to execute your own hook only for the “Users” page and “Add Role” bulk action, not for other cases. For example, URE itself checks this:
if ( ( !empty( $_REQUEST['ure_add_role'] ) && !empty( $_REQUEST['ure_add_role_submit']) ) || ( !empty( $_REQUEST['ure_add_role_2'] ) && !empty( $_REQUEST['ure_add_role_submit_2'] ) ) ) { // do something ...Hi David!
Thanks for the remind and references on possibly useful code references from existing plugins.
Sure. This feature is a must have for User Role Editor Pro and I still plan to realize it.
I can not tell an exact time when I will be ready to introduce it though. So please wait a little bit more…Hi,
Generally, it should work with new version. Custom roles and capabilities are will be in place.
4.5.1 was so long ago though. Max. problem you may meet – to re-configure manually the settings for some add-on, like “Admin menu access”.Thanks. Quick check showed that WPMF does not use ‘ure_manage_options’ capability. Btw., for any permission check WPMF applies filter ‘wpmf_user_can’. So it’s possible to change, what permission it requires.
Re-thinking on the problem, I recalled that ‘edit restrictions’ set for a user automatically restricts the Media Library items available to this user – he sees only own items by default. More, if user can ‘ure_manage_options’, then ‘edit restrictions’ are not applied to him. So it would be a real reason of the described issue with access to the Media Library items inside WPMF, inspite of its internal access options.
Try to add this custom filter. It switches off the restrictions to the list of Media Library items available to a user with edit restrictions set.
ure_manage_options – is the internal for User Role Editor user capability. If user can it, URE count it superadmin for URE itself. Thus URE does not restrict such user in any manner.
I doubt that WPMF checks ure_manage_options. It is more probable WordPress internal ‘manage_options’, which it may search as a substring occurrence in the user capabilities serialized value – just assumption. I can not say more without access to the WPMF source code. If you share it with support [at-sign] role-editor.com via Google Drive or similar, I may give you more details.
Hi,
One of the updates included into the recent version 4.59.2:
– Option “Force custom post types to use their own capabilities” replaces default capabilities for the custom taxonomies also. It takes the slug of the 1st post type associated with such taxonomy (e.g. ‘video’) and builds own capabilities this way: manage_terms->manage_video_terms, edit_terms->edit_video_terms, delete_terms->delete_video_terms, assign_terms->assign_video_terms. URE automatically adds such capabilities to the ‘administrator’ role. You have to grant these new capabilities to other roles manually.Filter custom capabilities by word ‘terms’ via ‘Quick Search’ and grant needed capabilities to needed role.
Hi,
You have to resolve this issue with Tutor LMS developers.
Tutor LMS automatically restricts all users, who are don’t have role ‘administrator’, but have role ‘tutor_instructor’, by posts created by current user – for all post types, including WooCommerce products, orders, etc. I think, this is a bug, and they should restrict access for the own custom post types only, not for all as they do currently.
I tested free version of Tutor LMS. I granted to user with editor role the 2nd role – tutor_instructor. Editor automatically lost access to the all posts and pages except his own.
Here is the code responsible for the problem (tutor/classes/Admin.php):
add_action('admin_init', array($this, 'filter_posts_for_instructors')); ... /** * Filter posts for instructor */ public function filter_posts_for_instructors(){ if ( ! current_user_can('administrator') && current_user_can(tutor()->instructor_role)){ @remove_menu_page( 'edit-comments.php' ); //Comments add_filter( 'posts_clauses_request', array($this, 'posts_clauses_request') ); } } public function posts_clauses_request($clauses){ global $wpdb; $user_id = get_current_user_id(); $get_assigned_courses_ids = $wpdb->get_col($wpdb->prepare("SELECT meta_value from {$wpdb->usermeta} WHERE meta_key = '_tutor_instructor_course_id' AND user_id = %d", $user_id)); $custom_author_query = "AND {$wpdb->posts}.post_author = {$user_id}"; if (is_array($get_assigned_courses_ids) && count($get_assigned_courses_ids)){ $in_query_pre = implode(',', $get_assigned_courses_ids); $custom_author_query = " AND ( {$wpdb->posts}.post_author = {$user_id} OR {$wpdb->posts}.ID IN({$in_query_pre}) ) "; } $clauses['where'] .= $custom_author_query; return $clauses; }Role should can at least ‘read’ capability in order have access to admin backend.
Then follow the steps described at “this article for similar task.
