[Vladimir]

Hi Erik,

I updated the code to fix the issue. Take a look.

[Vladimir]

I suppose, that plugin responsible for the front-end access to the downloads checks not user capability, but user role. If this plugin has settings for the list of role, allowed to download, add ‘administrator’ to that roles list.

[Vladimir]

Hi,

Thanks a lot for pointing to this bug. It’s a typo. Quick fix: open post-edit-access-role.php file for editing and replace plus ‘+’ character with this the dot: ‘.’
Correct version of line #72:

return array('result'=>'success', 'message'=>'Posts edit permissions for role:'. $role_id, 'html'=>$html);

I included this fix to the next release.

[Vladimir]

Hi Erik,

You are right. To make it universal use right version of the query with “IN ($ag)”, which currently is commented out by /* … */. Hardcoded ‘SBU004’ may stay there from the testing/debugging stage.

[Vladimir]

Hi,

Sorry for the delay. Let’s wait for the end of month. I will try to add this feature to the next update I plan to publish at the end of October – begin of November 2021.

[Vladimir]

Hi,

Additional authentication parameters are required for the API calls. This post may help

Authentication

[Vladimir]

URE does not include suitable hooks to rename plugin. FYI, I do not appreciate this.

Yes, if you will replace plugin name directly in the plugin source code, the changes will be overwritten every time you will install updated version.

[Vladimir]

I successfully tested custom code for your scenario with URE Pro edit restrictions add-on activated together:
1) Activate edit restrictions add-on.
2) Install code below as a Must Use plugin or add it to the active theme functions.php file:

add_filter('ure_post_edit_access_authors_list', 'ure_modify_authors_list', 10, 1);

function get_orders_manager_users() {
    global $wpdb;
    
    $role = 'sales_agent';
    $where = $wpdb->prepare( 'meta_value LIKE %s', '%'. $wpdb->esc_like( '"' . $role . '"' ) .'%' );
    $query = "SELECT user_id FROM {$wpdb->usermeta} WHERE $where";
    $result = $wpdb->get_results( $query ); 
    if ( empty( $result ) ) {
        return '';
    }
    
    $users_list = array();
    foreach( $result as $user ) {
        $users_list[] = $user->user_id;
    }    
    
    return $users_list;
}

function ure_modify_authors_list( $authors ) {
    
    $user = wp_get_current_user();
    if ( !in_array( 'sales_agent', $user->roles ) ) {
        return $authors;
    }
    
    $users_list = get_orders_manager_users();
    $authors1 = implode(',', $users_list );
    if ( !empty( $authors ) ) {
        $authors .= ','. $authors;
    } else {
        $authors = $authors1;
    }    
        
    return $authors;
}

As a result any user with sales_agent role will be restricted in orders editing by authors list equal the list of users with the sales_agent role.

[Vladimir]

If you pre-install URE to the site, input the license key or add it to WordPress configuration via PHP constant, like below:

// User Role Editor Pro License Code
define('URE_LICENSE_KEY', '5ae21 ... a75de');

and use has permissions to update plugins (update_plugins), there is not need to have access to URE settings. Such user will can install URE updates via ‘Dashboard->UPdates’ with any other plugin update together.

[Vladimir]

We still want them to be able to install, activate, deactivate and delete any plugins they choose to use.

You have to take into account that person who can install any plugin (PHP code) to the site can get superuser privileges in a minute. There is no sense to restrict such person via WordPress, as he can get access to any resource via PHP.

If exclude ability to install new plugins, or security problem is not important in this case, as finally site owner is responsible for what he is doing, you can use URE Pro add-on, which allows to restrict the list of installed plugins which are available to the user for activation/deactivation.

[Vladimir]

You may try to use URE Pro edit access add-on for this purpose. It allows to show posts(orders) by the list of author (comma separated user IDs). URE applies custom filter “ure_post_edit_access_authors_list“. Just extract the list of users who has role sales_agent, and return through this filter this list if current user has this role too.

[Vladimir]

Answering on your question at Stackoverflow:

WooCommerce order is a custom post type ‘shop_order’. Its main record is stored at wp_posts database table (‘wp_’ is db prefix). This record does not store the information about user role. It has field ‘post_author’, which contains user ID, under which this order was created. In order to find a role you need to load user by ID using get_user_by(), and check role(s) of that user.

[Vladimir]

Hello Eddy,

Try to build more advanced settings for your “Block not selected” mode to fix the search problem. Read carefully the “Block not selected” part of the admin menu documentation article.

Btw., what plugin adds “Rank Math” admin menu item? I will investigate the described issue.

[Vladimir]

Hi Fung,

Thanks for letting me know.
Btw., it would be some database request result caching issue, if you use one.

[Vladimir]

Hi,

where the setting is so that users can only work with their own stuff?

1) Activate “Edit restrictions” add-on.
2) The option named “Own data only” you may turn ON directly for the selected user at user profile or at the “Post edit” dialog window opened for selected role at the “User Role Editor”.

[Author]

Posts