Forum Replies Created
-
Posts
-
Hi Jon,
Global search through the GML plugin source code showed that it does not check any WordPress permissions at all. It did not call neither current_users_can() nor has_cap().
I don’t have the special recommendation in this case.
But as GML plugin uses/modifies AJAX requests for Media Library attachments which WordPress itself does, user should can at least ‘upload_files’ and ‘edit_post’ for the attachment itself and often for the post to which this image is attached. These permissions are checked by WordPress before work with Media Library items very often.
Thus user should can edit and delete published posts/pages and others posts/pages, etc.
So as you discovered to be at least an editor at the Media Library site.Hi,
1st of all, any role with access to the wp-admin (Dashboard) should have a ‘read’ capability.
Some plugins, like WooCommerce restrict by default access to the WordPress back-end. Do you have active WooCommerce?
Look if you have some other plugin with similar option, for example Ultimate Membership. It requires apparently allow access to dashboard for selected role(s). You can try to deactivate all plugins except LearnDash and try. The activate plugins one by one to isolate which plugin prevents access to the WP backend.Hi,
Use “Admin menu access” add-on. For “Block Selected” model select “WooCommerce” menu item and “WooCommerce” submenu item and leave all others unselected for your role.
Hi,
Did you restrict this user (his role) using “Admin menu access” add-on?
If Yes, read carefully a last “Technical details” part of the documentation article.I suppose that you as superadmin don’t allow users to register new subsites at the multisite network, it’s only your privilege. Thus only you decide what user to what site and with which role to add.
So you register user and add him to the “news.everythingagricultural.com” with required role. May be WordPress built-in roles will be enough: author to pulish new articles, editor – to moderate what author do. While user will can login to everythingagricultural.com (WP has the single users list for the whole multisite network) but he will can post only to the site to which you added him and where he has enough permissions (author or editor) – to “news.everythingagricultural.com”.Any visitor can comment. Only one who can edit article can moderate the comments sent to it.
When user 1st time opens “Facebook Feed->Settings” (admin.php?page=cff-top) page plugin automatically redirects him to the “What’s New” (admin.php?page=cff-welcome-new) page, which you blocked. This was a reason of redirection.
I turned Off the related checkbox at “Admin menu”.
Also plugin may force such redirection after its update. So I recommend to leave it unblocked.URE sends POST request via JavaScript here using predefined URL from ure_data.page_url property.
jQuery.ure_postGo(ure_data.page_url, {action: 'caps-readable', object: ure_obj, user_id: user_id, ure_nonce: ure_data.wp_nonce});It’s defined at user-role-editor-pro/includes/classes/user-role-editor.php, line #733. If look deeper, URE takes URL from the URE_WP_ADMIN_URL PHP constant, which is defined at user-role-editor-pro/includes/define-constants.php, as:
define( 'URE_WP_ADMIN_URL', admin_url() );Thus, URE uses here WordPress API admin_url() function in order to get admin URL. It does not use directly ‘wp-admin’ in this case. If some plugin replaces WordPress default path with a custom one, it should make it for WordPress API too, using appropriate filter, like ‘admin_url’.
“Advanced Custom Fields” plugin protects its “Custom Fields” menu and all submenu items with ‘manage_options’ capability. It’s possible though to grant this critical capability to a non-admin role, but block unneeded access using “Admin menu access” add-on.
As about access to the custom post types, it depends from how this CPT was defined. Read this article for more information.
‘read_private_pages’ should allow to view any private page. User just should know the URL.
It’s possible to further manage view access via “Content view restrictions” add-on.Show screenshot what exact part of a page do you wish to hide, what meta box did you select at “Meta Boxes”.
Hi Steve,
Show the screenshot with this button. What plugin adds “Add Membership Plan”? If this is a paid product, can you share it with support [at-sign] role-editor.com via DropBox or Google Drive. I need reproduce the issue to investigate it.
Hi,
Update checking requests with your license key come from the single IP address only, according to my data.
Hi,
There is no such tool for clients.
More, I do not realize hard control for this currently :). Honest people will count. Others – more often do not buy licenses at all.
You just have to take into account that license count limit may be introduced at any time.I will count your sites in a couple of days after get enough data from update server access logs.
Hi Olivia,
Look at the “Admin menu access” add-on, included into User Role Editor Pro.
Use it to find what capabilities protects admin menu items created by ‘Stripe gateway’ and a ‘price grid’ plugins. Open ‘Admin menu’ for administrator role and look.
If they are protected by ‘manage_options’ you can grant ‘manage_options’ to selected role and then block ‘Settings’ and other unneeded menu items which will become available for this role using “Admin menu” button. The article above includes the link to the similar example.Hi @a-malasi,
Give me more details. Did you try to isolate a reason?
Deactivate all plugins except URE. If issue will gone after that, then there is a conflict with some plugin. Activating plugins back one by one and testing you can find which.
If only URE is responsible for redirection, what settings you made after which it appear? At what path (URL without domain) the redirection takes place? I
