- This topic has 19 replies, 5 voices, and was last updated 6 years, 1 month ago by
.
-
Posts
-
Hi, Not sure what permission I’m missing but when one of the restricted user perform a product search it redirected back to the dashboard.
Pls assist.
ThanksHi,
Thanks for this note. I confirm this problem with “Admin menu access” add-on code. Additional permissions will not help here. Fix for it was included into upcoming version 4.29. It’s available currently for testing as a development version from the same download page. I will publish it this month.
This is a related part of changes:
– WooCommerce products, orders, coupons filtering arguments in URLs are supported now.
If you prohibited for the role ‘Posts’ menu, but allowed WooCommerce ‘Products’, ‘Orders’ or ‘Coupons’ (use the same edit.php in URL), you could meet a problem with filtering WooCommerce product by category or product type, etc. User would be redirected to the dashboard. This means that URLs with filtering parameters in it (like product_cat, product_type) was blocked by URE Pro.Hi,
Has this search issue been fixed with the latest release?Also, I did a test on our site and did an upgrade to the latest version and noticed the ADMIN MENU items I have disabled is now visible. Not sure why the upgrade may have caused this.
Hi,
Yes, 4.29 contains the fix for the search issue.
I confirm, the admin menu access data should not be changed with this update. Please re-check “Admin menu” settings for the role. Are they in place?
Thanks.
1. I noticed with the new update if the ROLE was cloned from ADMINISTRATOR then the ADMIN MENU doesn’t work with the latest update. I tried to disable some of the menu items but it doesn’t apply.
For now, I cloned SHOP MANAGER and it seems to be OK.2. The Woocommerce product search is working if I’m ADMINISTRATOR and SHOP MANAGER but I’m having an issue with SHOP MANAGER unable to search for products with a module. WooCommerce product search is working but not within the module: https://www.wplab.com/plugins/wp-lister/ to be more specific.
1. Does, a new role contain ‘delete_users’ capability? User Role Editor Pro does not apply restrictions to the superadmin users. It uses WordPress built-in is_super_admin() function to check this. WP checks ‘delete_users’ capability to define if not multisite WP user is super admin or not.
2. You may send a copy of wp-lister plugin to support [at-sign] role-editor.com
I will test and make suggestion on the issue.How do I clone ADMIN but remove the super admin so it doesnt detect super admin part?
I want to give them all the access but im restricting the functions via the ADMIN MENU if that make sense.
The previous version was I able to clone ADMIN and then restrict the menu but since I updated to the latest version that doesnt seem to be working anymore.>> I want to give them all the access but im restricting the functions via the ADMIN MENU if that make sense.
Good point. I see that the latest update in this part excluded users with “delete_users” capability from the scope of “Admin access menu” and other add-ons because of WordPress’s built-in is_super_admin() function counts them as superadmin users under single site WordPress.
I will rollback this change with a next update. For the time being you may replace is_super_admin() method in the includes/classes/ure-lib.php file with this version:/** * Returns true if user has a real super administrator permissions * It takes into account $this->raised_permissions value, in order do not count a user with temporally raised permissions * of a real superadmin under WP Multisite * For WP Singlesite superadmin is a user with 'administrator' role only in opposite the WordPress's is_super_admin(), * which counts any user with 'delete_users' capability as a superadmin. * * @param int $user_id * @global WP_User $current_user * @return boolean */ public function is_super_admin($user_id = false) { if (empty($user_id)) { $user = wp_get_current_user(); $user_id = $user->ID; } else { $user = get_userdata($user_id); } if (!$user || !$user->exists()) { return false; } if ($this->multisite && !$this->raised_permissions && is_super_admin($user_id)) { return true; } if (!$this->multisite && $this->user_has_capability($user, 'administrator')) { return true; } return false; } // end of is_super_admin()Thanks, I have sent you the module via email and will wait for your total instruction on how to resolve this issue.
Hi,
It does not have sense to set any restriction to the user or role if you allow him full access to the plugins: deactivating plugins, installing new plugins use can get full access to the site. The same is right if you give to a user a full access to the User Role Editor.
If you need to provide a restricted access to the WordPress admin back-end, first of all restrict it revoking unneeded user capabilities from the role. Leave capability at the role just in case user can not access some menu item without it.
I created another test role () at your site for demonstration and excluded from it almost all user capabilities you blocks with “Admin Menu”. Just after that I blocked the rest unneeded menu items with “Admin Menu”.
There are much less menu items to block. So, in order to provide you a quick decision for the product search problem with ‘wp-lister’ plugin, I blocked admin menu items for new role with “Block selected” model. When you block menu items using ‘block selected’ URE blocks just them and does not try to block others.
When you use “block not selected” URE compares full URLs, taking in account all parameters and, even if the main menu link is allowed, but you try to open it with the additional parameters, URE may block it, if parameters are not found in the list of allowed parameters. This is a reason why “product search with module” via wp-lister does not work currently with “block not selected” model.Please test if user with new restricted role has the access, which you try to configure.
Let me know if you still need a custom decision for the ‘wp-lister’ plugin product search problem when you restrict access to admin menu using “block not selected” model.
It’s possible to provide by adding wp-lister parameters to the list of allowed parameters for this URL admin.php?page=wplister.Compare, you allowed the at admin menu access to menu item with this URL
admin.php?page=wplister
but when we try to search a product, plugin try to use this URL
admin.php?page=wplister&listing_status&s=some_word&action=-1&profile_id&paged=1&action2=-1Hi, I have the same issue when searching for a product with Woo 3.0.2 using a restricted “Shop Manager” role. I have User Role Editor Pro Version 4.37. We are not using the WP Lister Plugin though. Maybe I missed something above, any suggestions?
Hi,
Show a full URL (without domain) with all arguments, which you see at a browser after click ‘Search’.
- You must be logged in to reply to this topic.
