Forum Replies Created
-
Posts
-
add_filter( ‘ure_content_view_access_data_for_role’, ‘my_content_view_access_data_for_role’, 10, 2 );
function my_content_view_access_data_for_role( $restriction, $role_id ) {
if ( $role_id==’soc2′ ) {
$restriction[‘access_model’] = 2;
$restriction[‘access_error_action’] = 1;
$restriction[‘data’][‘posts’] = array(49, 101, 100, 99);
}
return $restriction;
}I’ve delete the rest of my php for a try, then desactivate all my plugins.
I’ve put the same setting in the post 99:
– View Access: Prohibit view;
– For Users: All visitors (logged in or not);
– Action: Return HTTP 404 error.
The 49, 101, and 100 use this settings:
View access: “Allow View”
For user: Any User Role
Action : Return HTTP 404 Errorit works for 49, 101, 100 but the 99 is still prohibited.
I really don’t understand my instal is pretty new.
I’ve create another user and a new role with “Read” capability, but this is the same. I do not have cache plugin, and I can see any change I do in live.Last hope could be a setting into URE settings that I miss or that I should uncheck?
I’ve also tried with “post_type Page” and it is the same than with a Custom Post Type..humm thanks for this support.
So the problem comes from my side…I can’t check the same setting as yours, because I’ve deleted ‘subscriber’, ‘contributor’, ‘author’, ‘editor’ roles.
I only create new roles with URE from none (“make copy of none”).
At the moment, I do not use any capability for my roles.
Any chance my prob could come from a capability missing (a one available in default “author” role)?
🙁Just to be sure I’ve replaced the function my_user_role() by a static string of the role ID, and this is the same: it works in the 1rst case, but in the second case the access is phohibited.
So it seems that this hook is overwrite in my case by the post level restriction.if ( $role_id == my_user_role() ) {
$user_id = get_current_user_id();
$prestation = my_societe_prestations($user_id);
array_push($prestation, 49); //49 = Accueil
$restriction[‘access_model’] = 2;
$restriction[‘access_error_action’] = 1;
$restriction[‘data’][‘posts’] = $prestation;}
return $restriction;I use this setting, and it works as expected only if in the post level I choose:
View access: “Allow View”
For user: Any User Role
Action : Return HTTP 404 ErrorI’ve also tried with :
View access: “Prohibited View”
For user: All visitors
Action : Return HTTP 404 Error
But in this case, the post view is not accessible by the user role despite the use of the exact same hook.Do I miss something?
Hi Vladimir,
I’ve a question regarding security of this hook.I’m building a member access website in order to share some deliveries of my company to my customers within Posts.
The aim is that only the customer attached to the delivery can read/access/view the post I’ve made for him.
So, I’m able to provide the post ID of deliveries, for any role (customer).
With your hooks, I’m able to make readable the Post I want for a dedicated role. Everything is already stored in a DB, so I call it easly and It works.
using this setting:
$restriction[‘access_model’] = 2;
$restriction[‘access_error_action’] = 1;
The “problem” with this approach is that I need first to allow “All user login” to view these Posts. To be securized, I also need to define this hook for every Role: in the other case the role (for which I dont define this setting) could have access to all posts.
So it works with a dynamic “$role_id” (related to the current user) checking at the begin of this hook.But I wonder if my approach is good for security or if you recommand me another way?
thanksHi Vladimir,
Any chance to create the opposites filter that will authorize specific content for user or user role instead of selecting restrictions?
I mean, my content is always restricted for every user, and I would like to authorize specific content.Hi,
Does it work with custom post type and media?
if I use the ID into the array ?$restriction[‘data’][‘posts’] = array(ID Of the media or post type)
it would be also very nice to have a hook to manage the Content View Restriction per Custom Post Type.
