Forum Replies Created
-
Posts
-
I successfully tested custom code for your scenario with URE Pro edit restrictions add-on activated together:
1) Activate edit restrictions add-on.
2) Install code below as a Must Use plugin or add it to the active theme functions.php file:add_filter('ure_post_edit_access_authors_list', 'ure_modify_authors_list', 10, 1); function get_orders_manager_users() { global $wpdb; $role = 'sales_agent'; $where = $wpdb->prepare( 'meta_value LIKE %s', '%'. $wpdb->esc_like( '"' . $role . '"' ) .'%' ); $query = "SELECT user_id FROM {$wpdb->usermeta} WHERE $where"; $result = $wpdb->get_results( $query ); if ( empty( $result ) ) { return ''; } $users_list = array(); foreach( $result as $user ) { $users_list[] = $user->user_id; } return $users_list; } function ure_modify_authors_list( $authors ) { $user = wp_get_current_user(); if ( !in_array( 'sales_agent', $user->roles ) ) { return $authors; } $users_list = get_orders_manager_users(); $authors1 = implode(',', $users_list ); if ( !empty( $authors ) ) { $authors .= ','. $authors; } else { $authors = $authors1; } return $authors; }As a result any user with sales_agent role will be restricted in orders editing by authors list equal the list of users with the sales_agent role.
If you pre-install URE to the site, input the license key or add it to WordPress configuration via PHP constant, like below:
// User Role Editor Pro License Code define('URE_LICENSE_KEY', '5ae21 ... a75de');and use has permissions to update plugins (update_plugins), there is not need to have access to URE settings. Such user will can install URE updates via ‘Dashboard->UPdates’ with any other plugin update together.
We still want them to be able to install, activate, deactivate and delete any plugins they choose to use.
You have to take into account that person who can install any plugin (PHP code) to the site can get superuser privileges in a minute. There is no sense to restrict such person via WordPress, as he can get access to any resource via PHP.
If exclude ability to install new plugins, or security problem is not important in this case, as finally site owner is responsible for what he is doing, you can use URE Pro add-on, which allows to restrict the list of installed plugins which are available to the user for activation/deactivation.
You may try to use URE Pro edit access add-on for this purpose. It allows to show posts(orders) by the list of author (comma separated user IDs). URE applies custom filter “ure_post_edit_access_authors_list“. Just extract the list of users who has role sales_agent, and return through this filter this list if current user has this role too.
Answering on your question at Stackoverflow:
WooCommerce order is a custom post type ‘shop_order’. Its main record is stored at wp_posts database table (‘wp_’ is db prefix). This record does not store the information about user role. It has field ‘post_author’, which contains user ID, under which this order was created. In order to find a role you need to load user by ID using get_user_by(), and check role(s) of that user.
Hello Eddy,
Try to build more advanced settings for your “Block not selected” mode to fix the search problem. Read carefully the “Block not selected” part of the admin menu documentation article.
Btw., what plugin adds “Rank Math” admin menu item? I will investigate the described issue.
Hi Fung,
Thanks for letting me know.
Btw., it would be some database request result caching issue, if you use one.Hi,
where the setting is so that users can only work with their own stuff?
1) Activate “Edit restrictions” add-on.
2) The option named “Own data only” you may turn ON directly for the selected user at user profile or at the “Post edit” dialog window opened for selected role at the “User Role Editor”.You may try beta version 4.60.2.b3 available after login from the “Download” page. It contains needed fixes.
Thanks for this report.
Can you select “Network” tab, select related ‘admin-ajax.php’ request –
Form Data
action: ure_ajax
sub_action: get_nav_menusand look on the “Response” tab content for that request?
Does it show some PHP fatal error message?I will make more thorough own tests either and return with a fix if find any problem.
Hi,
Unfortunately, it’s not possible. WooCommerce provided access to the orders list for user who can ‘edit_shop_orders’ and shows order content only opening order editing page. So I don’t see a way to disable all order editing features without creating a separate read only form for order viewing, which is beyond the URE plugin functionality.
User Role Editor by default extends WordPress UI to allow grant more than single user role via “Other Roles” field. You can hide it adding this custom code to the active theme functions.php file:
add_filter('ure_show_additional_capabilities_section', 'ure_show_additional_capabilities_section'); add_filter('ure_bulk_grant_roles', 'ure_show_additional_capabilities_section'); function ure_show_additional_capabilities_section($show) { $user = wp_get_current_user(); if (in_array('user-manager', $user->roles)) { $show = false; } return $show; }Read this article.
“Admin menu access” module shows menu items list according to the current permissions granted to the selected role. Generally if role does not have permissions to see menu item, there is no need to block it via extension like “Admin menu access”, as such menu should be not available for user.
Some plugin defines its admin menu in more complex manner, checking user permissions directly, but using lower capabilities, like ‘read’ or ‘edit_posts’ in the menu definition code. If you meed with case, when “Admin menu” does not show menu item for a role, but user sees this menu, let me know, what menu item and to what plugin it belongs. I will investigate it.
Read this article.
