[Vladimir]

Hi Jawad,

Before proceed with testing of dev. version refresh it to the latest one. It’s a 4.25.b5 from 17.04.2016 currently. Some bugs may be discovered and fixed already.

1, 2 – This links are not protected directly by a special user capability. It’s enough to have top level ‘edit_shop_orders’, ‘delete_shop_orders’ capabilities to get access to these actions.
Both actions requires some kind of hacks, javascript and/or CSS tricks to achieve what you need.

[Vladimir]

I understood now. That’s about posts (not post types) quant limit. It’s a fully different story. Thanks for the idea. May be I will add such module to URE Pro with time.

[Vladimir]

Hi,

Yes, it’s possible, with this workaround currently:
This module allows to limit user with ‘edit_others_posts’ capability to edit just posts from the list of authors – field “with author user ID”. If you input into this field the ID of user himself, he will see in the posts list just his own post.

I think to add direct checkbox ‘Own posts only’ to one of a future versions.

[Vladimir]

Manage a quant of custom post types created by user. It’s not trivial task.
All available to the user post types (built-in and custom) are created on the fly by call of the register_post_type() function. WordPress made it itself A lot of plugins may register own custom post types. Active theme may do the same. All of them do this without accent what user does that. So you can not manage this process externally.

If some plugin allows is in use for CPT creation I think the only possibility to achieve your goal is to add such restrictions to that plugin. So it adds user ID to any created CPT and count what quant of CPTs is allowed for what user.

[Vladimir]

To start a new thread click on the selected forum, scroll to the bottom of the page, use the form you will find there.

[Vladimir]

Thanks for the feedback and feature request.

It’s possible to replicate all roles at once to all sites. ‘Network Update’ button at ‘User Role Editor’ page serves for it. But bulk replication of users with meta data about roles assigned to them is not realized. I will add such functionality, with time…

[Vladimir]

Divi theme load its framework (create custom post type et_pb_layout) conditionally:

function et_builder_should_load_framework() {
	global $pagenow;

	$is_admin = is_admin();
	$action_hook = $is_admin ? 'wp_loaded' : 'wp';
	$required_admin_pages = array( 'edit.php', 'post.php', 'post-new.php', 'admin.php', 'customize.php', 'edit-tags.php', 'admin-ajax.php', 'export.php' ); // list of admin pages where we need to load builder files
	$specific_filter_pages = array( 'edit.php', 'admin.php', 'edit-tags.php' ); // list of admin pages where we need more specific filtering

	$is_edit_library_page = 'edit.php' === $pagenow && isset( $_GET['post_type'] ) && 'et_pb_layout' === $_GET['post_type'];
	$is_role_editor_page = 'admin.php' === $pagenow && isset( $_GET['page'] ) && apply_filters( 'et_divi_role_editor_page', 'et_divi_role_editor' ) === $_GET['page'];
	$is_import_page = 'admin.php' === $pagenow && isset( $_GET['import'] ) && 'wordpress' === $_GET['import']; // Page Builder files should be loaded on import page as well to register the et_pb_layout post type properly
	$is_edit_layout_category_page = 'edit-tags.php' === $pagenow && isset( $_GET['taxonomy'] ) && 'layout_category' === $_GET['taxonomy'];

	if ( ! $is_admin || ( $is_admin && in_array( $pagenow, $required_admin_pages ) && ( ! in_array( $pagenow, $specific_filter_pages ) || $is_edit_library_page || $is_role_editor_page || $is_edit_layout_category_page || $is_import_page ) ) ) {
		return true;
	} else {
		return false;
	}

}

So ‘et_pb_layout’ CPT is not available by default at User Role Editor page, which is loaded from users.php

I add a workaround for this issue into upcoming version 4.25, which is under testing currently. So the issue will be resolved with the next public release of URE Pro.

[Vladimir]

Thanks for this information. I repeated the issue at my test environment. I will inform you as I prepare the fix.

[Vladimir]

I confirm the issue with UpdraftPlus topbar menu. It will be fixed in version 4.25. Development version will include this fix starting from 4.25.b6, which I will make available today.

[Vladimir]

Good that a problem was resolved. Thanks for the feedback.

[Vladimir]

Are the previously discussed settings (editing restricted by author ID) still active for this user?

[Vladimir]

About WordPress “must-use” plugins: https://codex.wordpress.org/Must_Use_Plugins

Yes, you need to add the code to fully exclude the order from other users. They are included by default for products, where this user is an owner.

[Vladimir]

If you have a test environment try development version (current is 4.25.b5). It’s available after login from the same download page.

I added a filter, which allows to switch off order, which added by default according to the product owner ID. So add it to the theme’s functions.php or set up this code as the ‘must-use’ plugin.

add_filter('ure_edit_posts_access_add_orders_by_product_owner','ure_add_orders_by_product_owner',10,1);

function ure_add_orders_by_product_owner($value) {

  return false;
}

[Vladimir]

General recommendation – whenever it’s possible to block access via user capability – remove that capability from the user role. Use ‘Admin menu access’ module just in case you have to leave the capability in the role to provide access to some other menu items.

Links menu is protected by ‘manage_links’ capability. I suppose it is not used anywhere else. So remove it from the ‘production’ role.

Btw, I successfully blocked ‘Links’ menu as ‘Not Selected’ at recent test with URE Pro v. 4.24.6. It just confirms your guess that discussed site has something special…

[Vladimir]

Hi Kevin,

What version of User Role Editor Pro is installed at your site?

[Author]

Posts