Change WordPress user roles and capabilities › Forums › How to or FAQ › Defining Posts View Access in php
- This topic has 19 replies, 2 voices, and was last updated 3 years, 11 months ago by Vladimir.
-
AuthorPosts
-
25/02/2020 at 04:46 #6653zunkParticipant
Hi,
I use Posts View Access feature for a specific role ‘ca_role_client’ that allows content access to any post that used specifics terms : 69, 61.
But I need to do the same thing in PHP to be able to customize ure_posts_view_access_data for an existing role.
Do you have any hook or function that I could use to do the trick?
Thanks in advance,26/02/2020 at 13:49 #6661VladimirKeymasterHi,
Currently there is not suitable hook for this purpose. I will add a couple for the next update – approximately the begin of March, 2020.
26/02/2020 at 15:15 #6662zunkParticipantHi, thanks for you answer !
So you confirm me the feature I need will be available at the approx date?26/02/2020 at 15:19 #6663VladimirKeymasterYes, I confirm this.
26/02/2020 at 15:26 #6664zunkParticipantit would be also very nice to have a hook to manage the Content View Restriction per Custom Post Type.
05/03/2020 at 09:26 #6677VladimirKeymasterBeta version 4.55.1.b1 is available after login at the ‘Download’ page.
Related updates:
New: Content view access add-on:
– ‘ure_content_view_access_data_for_role’ custom filter was added. It takes 2 parameters: 1st – array with content view access data defined for a role, $role_id – role ID, for which content view access data is filtered.
– ‘ure_content_view_access_data_for_user’ custom filter was added. It takes 2 parameters: 1st – array with content view access data defined for a user, $user_id – user ID, for which content view access data is filtered.Try to use new filters in your code.
31/12/2020 at 11:43 #7230zunkParticipantHi,
Does it work with custom post type and media?
if I use the ID into the array ?$restriction[‘data’][‘posts’] = array(ID Of the media or post type)
09/01/2021 at 12:15 #7248zunkParticipantHi Vladimir,
Any chance to create the opposites filter that will authorize specific content for user or user role instead of selecting restrictions?
I mean, my content is always restricted for every user, and I would like to authorize specific content.09/01/2021 at 13:48 #7249VladimirKeymasterHi,
Yes, it’s possible. Just select suitable access model:
$restriction[‘access_model’] = 1; // Prohibit view
and
$restriction[‘access_model’] = 2; // Allow view$restriction[‘data’][‘posts’] = array( 10, 20, 30 ); // posts/pages/custom post types ID list
Post ID array works for any post type: as WordPress built-in posts and page, as any custom post type.
09/01/2021 at 16:23 #7250zunkParticipantit works, thanks you so much !
10/01/2021 at 18:48 #7251zunkParticipantHi Vladimir,
I’ve a question regarding security of this hook.I’m building a member access website in order to share some deliveries of my company to my customers within Posts.
The aim is that only the customer attached to the delivery can read/access/view the post I’ve made for him.
So, I’m able to provide the post ID of deliveries, for any role (customer).
With your hooks, I’m able to make readable the Post I want for a dedicated role. Everything is already stored in a DB, so I call it easly and It works.
using this setting:
$restriction[‘access_model’] = 2;
$restriction[‘access_error_action’] = 1;
The “problem” with this approach is that I need first to allow “All user login” to view these Posts. To be securized, I also need to define this hook for every Role: in the other case the role (for which I dont define this setting) could have access to all posts.
So it works with a dynamic “$role_id” (related to the current user) checking at the begin of this hook.But I wonder if my approach is good for security or if you recommand me another way?
thanks11/01/2021 at 12:01 #7252VladimirKeymasterHi,
I need first to allow “All user login” to view these Posts
Why do you need this? Did you try to prohibit view for all user login for those posts at the post level and overwrite the condition via hook for select role(s) only? I mean restriction define at the hook will be final and overwrite one which define earlier at the post editor.
11/01/2021 at 12:14 #7253zunkParticipantif ( $role_id == my_user_role() ) {
$user_id = get_current_user_id();
$prestation = my_societe_prestations($user_id);
array_push($prestation, 49); //49 = Accueil
$restriction[‘access_model’] = 2;
$restriction[‘access_error_action’] = 1;
$restriction[‘data’][‘posts’] = $prestation;}
return $restriction;I use this setting, and it works as expected only if in the post level I choose:
View access: “Allow View”
For user: Any User Role
Action : Return HTTP 404 ErrorI’ve also tried with :
View access: “Prohibited View”
For user: All visitors
Action : Return HTTP 404 Error
But in this case, the post view is not accessible by the user role despite the use of the exact same hook.Do I miss something?
11/01/2021 at 12:34 #7254zunkParticipantJust to be sure I’ve replaced the function my_user_role() by a static string of the role ID, and this is the same: it works in the 1rst case, but in the second case the access is phohibited.
So it seems that this hook is overwrite in my case by the post level restriction.11/01/2021 at 12:53 #7255VladimirKeymasterOK. I made own test.
Set for the post ID=3267 at the post editor these values:
– View Access: Prohibit view;
– For Users: All visitors (logged in or not);
– Action: Return HTTP 404 error.As a result the post is not accessible for not logged-in and logged-in users.
Then I added the code:add_filter( 'ure_content_view_access_data_for_role', 'my_content_view_access_data_for_role', 10, 2 ); function my_content_view_access_data_for_role( $restriction, $role_id ) { if ( $role_id=='author' ) { $restriction['access_model'] = 2; $restriction['access_error_action'] = 1; $restriction['data']['posts'] = array( 3267 ); // posts/pages ID list } return $restriction; }
The post is not accessible for not logged-in and logged-in users with any role except administrator and author.
-
AuthorPosts
- You must be logged in to reply to this topic.