[Vladimir]

Hi,

You have to resolve this issue with Tutor LMS developers.

Tutor LMS automatically restricts all users, who are don’t have role ‘administrator’, but have role ‘tutor_instructor’, by posts created by current user – for all post types, including WooCommerce products, orders, etc. I think, this is a bug, and they should restrict access for the own custom post types only, not for all as they do currently.

I tested free version of Tutor LMS. I granted to user with editor role the 2nd role – tutor_instructor. Editor automatically lost access to the all posts and pages except his own.

Here is the code responsible for the problem (tutor/classes/Admin.php):

add_action('admin_init', array($this, 'filter_posts_for_instructors'));

...

/**
 * Filter posts for instructor
 */
public function filter_posts_for_instructors(){
	if ( ! current_user_can('administrator') && current_user_can(tutor()->instructor_role)){
		@remove_menu_page( 'edit-comments.php' ); //Comments
		add_filter( 'posts_clauses_request', array($this, 'posts_clauses_request') );
	}
}

public function posts_clauses_request($clauses){
	global $wpdb;

	$user_id = get_current_user_id();

	$get_assigned_courses_ids = $wpdb->get_col($wpdb->prepare("SELECT meta_value from {$wpdb->usermeta} WHERE meta_key = '_tutor_instructor_course_id' AND user_id = %d", $user_id));

	$custom_author_query = "AND {$wpdb->posts}.post_author = {$user_id}";
	if (is_array($get_assigned_courses_ids) && count($get_assigned_courses_ids)){
		$in_query_pre = implode(',', $get_assigned_courses_ids);
		$custom_author_query = "  AND ( {$wpdb->posts}.post_author = {$user_id} OR {$wpdb->posts}.ID IN({$in_query_pre}) ) ";
	}

	$clauses['where'] .= $custom_author_query;

	return $clauses;
}

[Vladimir]

Role should can at least ‘read’ capability in order have access to admin backend.
Then follow the steps described at “this article for similar task.

[Vladimir]

Hi,

Thank you.

[Vladimir]

Hi,

According to WordPress built-in permissions logic:
– User can not edit any posts if he does not have ‘edit_posts’. User can not edit posts created by other users if he does not have ‘edit_others_posts’.

Thus, ‘edit_posts’, ‘edit_others_posts’ capabilities are required both in order user can edit posts created by other users.

URE shows ‘with author user ID’ field for user or role if it can at least ‘edit_others_posts’ or ‘edit_others_pages’ and restricts posts available for editing by posts created only by users which ID are listed in this field.

I can just suppose according to your description, that some other plugin may change default WordPress permissions logic. Try temporally deactivate all plugins except URE Pro and test what posts are available for editing to restricted user. If it will work as expected, activate plugins back one by one with new test in order to isolate a conflict.

[Vladimir]

Activate/deactivate add-on is safe – all settings made for add-on are in place.
Settings are deleted only upon plugin deletion via WordPress.
If you will confirm that redirection to WP dashboard is due to URE Pro “Admin menu access”, I will need 2 screenshots in addition:
1) “Users->User Role Editor->Admin menu” made for the tested role;
2) “Tools->Redirection” page with browser URL address visible at the top.

[Vladimir]

Hi,

Thanks for the suggestion. I work on adding this feature.

[Vladimir]

Yes, in general, redirection is a result of additional parameters in URL under “Block: Not Selected” model.

What will be, if you temporally turn OFF the “Activate Administrator Menu Access module” checkbox at URE settings. Will redirection still take place?

[Vladimir]

Hi,

Is role restricted via “Admin menu access” add-on?
If Yes, pay attention on the “Technical details – Block not selected” part of the documentation article.

[Vladimir]

Hi,

Currently, export to CSV is standalone. It does not have “import from CSV” pair as topic author have asked about export feature only.

Export/Import is realized for a single role only.

[Vladimir]

Excellent!

I use “User Switching” plugin from John Blackbourn.

[Vladimir]

You can use ‘Additional options for role>‘ feature and setup “Block admin notices” option, then turn it ON for your “not true” admin role.

[Vladimir]

Hi,

You can try the beta version 4.59.2.b3. It contains needed fix. It’s available after login from the same “Download” page.

[Vladimir]

Hi,

Thanks for this report. I confirm the bug. I will post here as the fix will be ready for testing.

[Vladimir]

Hi,

Do you use “Admin menu access” add-on to restrict this role and user? If Yes, then I suppose that you use “Block: Not Selected” model. Read carefully the “Block Not Selected” part of the article.
If you selected “Forms->Entries” menu item, it has /wp-admin/admin.php?page=gf_entries link, with the single argument/parameter ‘page’, but when you click ‘View’, URL has at least 9 new parameters /wp-admin/admin.php?page=gf_entries&view=entry&id=8&lid=18&order=ASC&filter=&paged=1&pos=0&field_id=&operator=) and URE blocks it redirecting user to the 1st allowed URL – dashboard. Add those parameters to ‘White List‘ for this menu item/URL.

[Vladimir]

Confirm that required capabilities (create_pages, edit_pages, publish_pages, edit_published_pages) are still granted to this user. If Yes, try to deactivate all plugins. If it will return ability to work with pages, activate plugins back one by one to isolate a reason.

[Author]

Posts