[Vladimir]

Hi,

Currently there is no such workaround. Restriction is applied to all existing taxonomies at once.
I will think how to exclude selected taxonomies from the restriction using custom filter and apply this to one of the future versions.

[Vladimir]

It’s by design. WordPress multi-site has superadmin, for which WordPress does not check any user capability at all. URE does not add any capability to single site ‘administrator’ role for this reason.

You can go to “Network admin->Users->User Role Editor”, select “Administrator” role, add ‘create_%’ capabilities to it, save changes. It was made for the main site. Then click ‘Update Network’. This way all roles from main site will be replicated to all other subsite.

You can replicate only administrator role to other subsites – if open URE directly from the main site, select “Administrator” role, turn ON the “Apply to All sites” checkbox then click “Update”.

[Vladimir]

Erik,

You use custom code to retrieve posts via WordPress API function get_posts() and does not include post_status argument to the arguments list. Function get_posts() uses ‘publish’ value for this argument as a default one in this case, line #2133:

So if you wish to make available records with ‘draft’ status too, you have to execute the separate query with ‘post_status’=>’draft’ argument added and concatenate the result of both queries.

[Vladimir]

Hi,

It seems as expected behavior. Restriction by category ID is global for all taxonomies. So when you all to see at backend and edit only posts with category (taxonomy) ID=3, you automatically prohibit editing posts with any other taxonomy ID. Thus use can not add to the post new tags/taxonomies.

As about 0 items at the tags or categories page, it is a result of URE’s internal caching. But if you limit user to edit post only with the restricted list of existing taxonomies – you should not allow him to edit them. You have to delegate this function to another user according to my logic. So taxonomy editing pages should not be available to a user restricted such way.

[Vladimir]

Hi,

I have made own tests. I can not repeat described issue with post and/or events restricted by built-in categories. If it’s possible to look at your site with admin privileges send URL and user credentials to my support email address.

[Vladimir]

Update: as function can accept parameter $user_id, we have to check not current user only, but a user with ID equal $user_id value:

    public static function can_manage_data($user_id = 0) {

        if ($user_id === 0) {
            $user = wp_get_current_user();
        } else {
            $user = get_userdata($user_id);
        }
/*
        if (in_array('administrator', $user->roles) OR in_array('editor', $user->roles)) {
            return TRUE;
        }
*/
        if ( user_can( $user, 'edit_others_posts') ) {
            return TRUE;
        }

        return FALSE;
    }

[Vladimir]

Fix is possible, if you are ready to edit this plugin code.
Replace can_manage_data() function at bulk-editor/classes/helper.php file (#356) with the version below. It allows to use plugin to any user who can ‘edit_others_posts’:

    public static function can_manage_data($user_id = 0) {

        if ($user_id === 0) {
            $user = wp_get_current_user();
        } else {
            $user = get_userdata($user_id);
        }
/*
        if (in_array('administrator', $user->roles) OR in_array('editor', $user->roles)) {
            return TRUE;
        }
*/
        if ( current_user_can('edit_others_posts') ) {
            return TRUE;
        }

        return FALSE;
    }

Take into account that you have to repeat this editing after any plugin update.

[Vladimir]

WPBE plugin developer decides that this plugin should be available only to users with ‘administrator’ or ‘editor’ role. Instead of user capability, which you would grant to any custom role, plugin checks directly ‘administrator’ and ‘editor’ role before add its menu page:

if (WPBE_HELPER::can_manage_data()) {
    add_action('admin_menu', function() {
                add_menu_page(esc_html('WPBE Bulk Editor', 'bulk-editor'), esc_html('WPBE Bulk Editor', 'bulk-editor'), 'publish_posts', 'wpbe', function() {
                    $this->print_plugin_options();
                }, 'dashicons-hammer', 90);
            }, 99);
}

public static function can_manage_data($user_id = 0) {

    if ($user_id === 0) {
        $user = wp_get_current_user();
    } else {
        $user = get_userdata($user_id);
    }
    // !!! this condition does not allow custom roles to use this plugin 
    if (in_array('administrator', $user->roles) OR in_array('editor', $user->roles)) {
        return TRUE;
    }

    return FALSE;
}

[Vladimir]

Hi,

URE uses WP_User::add_role() method (wp-includes/class-wp-user.php, #536 (WP v. 5.7) in this case, which fires this action

do_action( 'add_user_role', $this->ID, $role );

Check current page and additional parameters to execute your own hook only for the “Users” page and “Add Role” bulk action, not for other cases. For example, URE itself checks this:

if ( ( !empty( $_REQUEST['ure_add_role'] ) && !empty( $_REQUEST['ure_add_role_submit']) ) || ( !empty( $_REQUEST['ure_add_role_2'] ) && !empty( $_REQUEST['ure_add_role_submit_2'] ) ) ) {
// do something ...

[Vladimir]

Hi David!

Thanks for the remind and references on possibly useful code references from existing plugins.

Sure. This feature is a must have for User Role Editor Pro and I still plan to realize it.
I can not tell an exact time when I will be ready to introduce it though. So please wait a little bit more…

[Vladimir]

Hi,

Generally, it should work with new version. Custom roles and capabilities are will be in place.
4.5.1 was so long ago though. Max. problem you may meet – to re-configure manually the settings for some add-on, like “Admin menu access”.

[Vladimir]

Thanks. Quick check showed that WPMF does not use ‘ure_manage_options’ capability. Btw., for any permission check WPMF applies filter ‘wpmf_user_can’. So it’s possible to change, what permission it requires.

Re-thinking on the problem, I recalled that ‘edit restrictions’ set for a user automatically restricts the Media Library items available to this user – he sees only own items by default. More, if user can ‘ure_manage_options’, then ‘edit restrictions’ are not applied to him. So it would be a real reason of the described issue with access to the Media Library items inside WPMF, inspite of its internal access options.

Try to add this custom filter. It switches off the restrictions to the list of Media Library items available to a user with edit restrictions set.

[Vladimir]

OK. Thanks for sharing.

[Vladimir]

ure_manage_options – is the internal for User Role Editor user capability. If user can it, URE count it superadmin for URE itself. Thus URE does not restrict such user in any manner.

I doubt that WPMF checks ure_manage_options. It is more probable WordPress internal ‘manage_options’, which it may search as a substring occurrence in the user capabilities serialized value – just assumption. I can not say more without access to the WPMF source code. If you share it with support [at-sign] role-editor.com via Google Drive or similar, I may give you more details.

[Vladimir]

Hi,

One of the updates included into the recent version 4.59.2:
– Option “Force custom post types to use their own capabilities” replaces default capabilities for the custom taxonomies also. It takes the slug of the 1st post type associated with such taxonomy (e.g. ‘video’) and builds own capabilities this way: manage_terms->manage_video_terms, edit_terms->edit_video_terms, delete_terms->delete_video_terms, assign_terms->assign_video_terms. URE automatically adds such capabilities to the ‘administrator’ role. You have to grant these new capabilities to other roles manually.

Filter custom capabilities by word ‘terms’ via ‘Quick Search’ and grant needed capabilities to needed role.

[Author]

Posts