[Vladimir]

I suppose that you as superadmin don’t allow users to register new subsites at the multisite network, it’s only your privilege. Thus only you decide what user to what site and with which role to add.
So you register user and add him to the “news.everythingagricultural.com” with required role. May be WordPress built-in roles will be enough: author to pulish new articles, editor – to moderate what author do. While user will can login to everythingagricultural.com (WP has the single users list for the whole multisite network) but he will can post only to the site to which you added him and where he has enough permissions (author or editor) – to “news.everythingagricultural.com”.

Any visitor can comment. Only one who can edit article can moderate the comments sent to it.

[Vladimir]

When user 1st time opens “Facebook Feed->Settings” (admin.php?page=cff-top) page plugin automatically redirects him to the “What’s New” (admin.php?page=cff-welcome-new) page, which you blocked. This was a reason of redirection.
I turned Off the related checkbox at “Admin menu”.
Also plugin may force such redirection after its update. So I recommend to leave it unblocked.

[Vladimir]

Clarify, do you need that user still can change member type editing user profile?

[Vladimir]

URE sends POST request via JavaScript here using predefined URL from ure_data.page_url property.

jQuery.ure_postGo(ure_data.page_url, {action: 'caps-readable', object: ure_obj, user_id: user_id, ure_nonce: ure_data.wp_nonce});

It’s defined at user-role-editor-pro/includes/classes/user-role-editor.php, line #733. If look deeper, URE takes URL from the URE_WP_ADMIN_URL PHP constant, which is defined at user-role-editor-pro/includes/define-constants.php, as:

define( 'URE_WP_ADMIN_URL', admin_url() );

Thus, URE uses here WordPress API admin_url() function in order to get admin URL. It does not use directly ‘wp-admin’ in this case. If some plugin replaces WordPress default path with a custom one, it should make it for WordPress API too, using appropriate filter, like ‘admin_url’.

[Vladimir]

“Advanced Custom Fields” plugin protects its “Custom Fields” menu and all submenu items with ‘manage_options’ capability. It’s possible though to grant this critical capability to a non-admin role, but block unneeded access using “Admin menu access” add-on.

As about access to the custom post types, it depends from how this CPT was defined. Read this article for more information.

‘read_private_pages’ should allow to view any private page. User just should know the URL.
It’s possible to further manage view access via “Content view restrictions” add-on.

[Vladimir]

Show screenshot what exact part of a page do you wish to hide, what meta box did you select at “Meta Boxes”.

[Vladimir]

Hi Steve,

Show the screenshot with this button. What plugin adds “Add Membership Plan”? If this is a paid product, can you share it with support [at-sign] role-editor.com via DropBox or Google Drive. I need reproduce the issue to investigate it.

[Vladimir]

Hi,

Update checking requests with your license key come from the single IP address only, according to my data.

[Vladimir]

Hi,

There is no such tool for clients.
More, I do not realize hard control for this currently :). Honest people will count. Others – more often do not buy licenses at all.
You just have to take into account that license count limit may be introduced at any time.

I will count your sites in a couple of days after get enough data from update server access logs.

[Vladimir]

Hi Olivia,

Look at the “Admin menu access” add-on, included into User Role Editor Pro.
Use it to find what capabilities protects admin menu items created by ‘Stripe gateway’ and a ‘price grid’ plugins. Open ‘Admin menu’ for administrator role and look.
If they are protected by ‘manage_options’ you can grant ‘manage_options’ to selected role and then block ‘Settings’ and other unneeded menu items which will become available for this role using “Admin menu” button. The article above includes the link to the similar example.

[Vladimir]

Hi @a-malasi,

Give me more details. Did you try to isolate a reason?

Deactivate all plugins except URE. If issue will gone after that, then there is a conflict with some plugin. Activating plugins back one by one and testing you can find which.

If only URE is responsible for redirection, what settings you made after which it appear? At what path (URL without domain) the redirection takes place? I

[Vladimir]

The SQL command ‘SELECT COUNT (*) FROM WHERE creator_id = 11’ really misses db table name just after the ‘FROM’ keyword. It’s a reason to ask support from “Restrict Content Pro” (RCP) plugin developers.

If you plan to restrict access to the content via RCP plugin, switch off User Role Editor Pro content view restrictions add-on at the URE’s settings. It’s active currently according to your screenshots.

Try to monitor your site logs with one of plugins deactivated.

[Vladimir]

Try to add code below to the end of your active theme functions.php file:

// block Posts menu for all users except administrator
    function remove_posts_menu() {
      global $menu, $submenu;
      
      $user = wp_get_current_user();
      if ( in_array( 'administrator', $user->roles ) ) {
          return;
      }
      //remove 'All posts' submenu item
      if ( isset( $submenu['edit.php'][5] ) ) {
        unset($submenu['edit.php'][5]);
      }
      // remove Posts top level menu
      if ( isset( $menu[5] ) ) {
        unset($menu[5]);
      }
      
      // redirect in case of try edit.php URL access
      $result = stripos($_SERVER['REQUEST_URI'], 'edit.php');
      if ($result===false) {
          return;
      }
      $result = stripos($_SERVER['REQUEST_URI'], 'post_type=');
      if ($result!==false) {    // allow access to custom post types
          return;
      }
      
      wp_redirect(get_option('siteurl') . '/wp-admin/index.php');
    }
    add_action('admin_head', 'remove_posts_menu', 100);

[Vladimir]

Hi,

Admin menu access add-on helps with this:

Block WordPress Admin Menu Items

If you wish to see full list of administrator menu items open “Admin menu” for the “Administrator” role.
There is no sense to block menu items for administrator. So checkboxes are unavailable here. It is a very good start point for WordPress menu user permissions study and research. You may use “Admin Menu” dialog here as the reference for your work with roles and capabilities as “Admin Menu” shows what user capability restricts access to what admin menu item including menu items added by active plugins.

Some plugins use own user capabilities, some plugins use one from WordPress built-in capabilities, like ‘manage_options’, ‘edit_posts’, etc.

The 1st step is to look what capabilities plugin uses to protect its menu. Open “Admin menu” for the ‘Administrator’ role, find needed menu item and look to the ‘User Capability’ column.
If you don’t wish a role has access to this menu, revoke from it the related user capabilities. If you can not revoke some capabilities as they are needed for access to other menu items, like ‘edit_posts’ then block unneeded menu items with “Admin menu access” add-on.
Similar if you need to provide to a role access for some menu item – grant to it the related user capabilities. Then check if it get access to unneeded menu items (like in case when you grant ‘manage_options’ capability) and block unneeded menu items with “Admin menu access” add-on.

[Vladimir]

Thanks you.

The source of the issue is that admin menu item ‘All Posts’ (edit.php) is prohibited (selected) for the role, but allowed are ‘All Pages’ (edit.php?post_type=page).
When user try to search some page, URL becomes edit.php?post_type=page&s=something…
which is not apparently allowed and edit.php is in the list of prohibited URLs. Thus URE fulfills the redirection. The same is similar for other custom post types, URL for which starts from edit.php too.

Quick workaround is allow for a role ‘All Posts’ menu and submenu items. I tested this for IU administrator role and left as it is for your review.

Let me know if this workaround is suitable for you. If it is not, I may offer you a piece of code which will hide ‘All Posts’ menu items from admin menu directly after adding to the active theme functions.php file.

[Author]

Posts