Forum Replies Created
-
Posts
-
Hi,
Resolved.
Both addons use custom user capabilities, which all were granted to administrator by Gravity Forms plugin automatically, but not exist/created by default.
I added to new capabilities:
– gravityforms_mailchimp;
– gravityforms_event_tracking.
I granted them to the sdol-admin role. This role sees now both links “Mailchimp” and “Submission Tracking”.If you setup the code for custom filter ure_restrict_edit_post_type (I gave the link above) to exclude events from the edit restrictions, user will have access to all events without restrictions. It does not depend from post ID list in the edit restrictions form.
You just need:
1) replace ‘editor’ with your own role ID, let it be ‘role_a’;
2) replace ‘post’ with valid custom post type for events, let it be for this example: ‘event’.
So instead ofif ( in_array( 'editor', $user->roles ) ) { if ( $post_type==='post' ) { $restrict_it = false; } }your code will have
if ( in_array( 'role_a', $user->roles ) ) { if ( $post_type==='event' ) { $restrict_it = false; } }In assumption that you made all correctly, you can input post ID list after that and check that all events are still available for the role.
You don’t need a code for this. Open ‘Users->User Role Editor’, select role, click ‘Posts Edit’ insert the list of posts ID into the ‘with post ID (comma separated)’ field.
Or, you can make it individually for selected users via user profile.Right, “Edit access” add-on restrict all post types at once, if find at least one restriction criteria. If you need to exclude events from edit restrictions you can use custom filter ure_restrict_edit_post_type.
Hi Jon,
Global search through the GML plugin source code showed that it does not check any WordPress permissions at all. It did not call neither current_users_can() nor has_cap().
I don’t have the special recommendation in this case.
But as GML plugin uses/modifies AJAX requests for Media Library attachments which WordPress itself does, user should can at least ‘upload_files’ and ‘edit_post’ for the attachment itself and often for the post to which this image is attached. These permissions are checked by WordPress before work with Media Library items very often.
Thus user should can edit and delete published posts/pages and others posts/pages, etc.
So as you discovered to be at least an editor at the Media Library site.Hi,
1st of all, any role with access to the wp-admin (Dashboard) should have a ‘read’ capability.
Some plugins, like WooCommerce restrict by default access to the WordPress back-end. Do you have active WooCommerce?
Look if you have some other plugin with similar option, for example Ultimate Membership. It requires apparently allow access to dashboard for selected role(s). You can try to deactivate all plugins except LearnDash and try. The activate plugins one by one to isolate which plugin prevents access to the WP backend.Hi,
Use “Admin menu access” add-on. For “Block Selected” model select “WooCommerce” menu item and “WooCommerce” submenu item and leave all others unselected for your role.
Hi,
Did you restrict this user (his role) using “Admin menu access” add-on?
If Yes, read carefully a last “Technical details” part of the documentation article.I suppose that you as superadmin don’t allow users to register new subsites at the multisite network, it’s only your privilege. Thus only you decide what user to what site and with which role to add.
So you register user and add him to the “news.everythingagricultural.com” with required role. May be WordPress built-in roles will be enough: author to pulish new articles, editor – to moderate what author do. While user will can login to everythingagricultural.com (WP has the single users list for the whole multisite network) but he will can post only to the site to which you added him and where he has enough permissions (author or editor) – to “news.everythingagricultural.com”.Any visitor can comment. Only one who can edit article can moderate the comments sent to it.
When user 1st time opens “Facebook Feed->Settings” (admin.php?page=cff-top) page plugin automatically redirects him to the “What’s New” (admin.php?page=cff-welcome-new) page, which you blocked. This was a reason of redirection.
I turned Off the related checkbox at “Admin menu”.
Also plugin may force such redirection after its update. So I recommend to leave it unblocked.URE sends POST request via JavaScript here using predefined URL from ure_data.page_url property.
jQuery.ure_postGo(ure_data.page_url, {action: 'caps-readable', object: ure_obj, user_id: user_id, ure_nonce: ure_data.wp_nonce});It’s defined at user-role-editor-pro/includes/classes/user-role-editor.php, line #733. If look deeper, URE takes URL from the URE_WP_ADMIN_URL PHP constant, which is defined at user-role-editor-pro/includes/define-constants.php, as:
define( 'URE_WP_ADMIN_URL', admin_url() );Thus, URE uses here WordPress API admin_url() function in order to get admin URL. It does not use directly ‘wp-admin’ in this case. If some plugin replaces WordPress default path with a custom one, it should make it for WordPress API too, using appropriate filter, like ‘admin_url’.
“Advanced Custom Fields” plugin protects its “Custom Fields” menu and all submenu items with ‘manage_options’ capability. It’s possible though to grant this critical capability to a non-admin role, but block unneeded access using “Admin menu access” add-on.
As about access to the custom post types, it depends from how this CPT was defined. Read this article for more information.
‘read_private_pages’ should allow to view any private page. User just should know the URL.
It’s possible to further manage view access via “Content view restrictions” add-on.Show screenshot what exact part of a page do you wish to hide, what meta box did you select at “Meta Boxes”.
