[Vladimir]

Hi,

So, you wish to allow paid user to view some page by its ID.
Use Content View Restrictions add-on.
Open page 1 for edit and allow view this page only to the role 1.
Allow view page 2 only to the role 2.

The important step is: assign to a user needed role after payment. You can do it manually with delay to access to a service, or automatically – you need to find appropriate action, executed after payment was finished.

[Vladimir]

Hi Rob,

I added this article to documentation:

Block admin access to front-end navigation menus

[Vladimir]

URE works this way by design. You can revoke from a user only those capabilities which granted to him directly. Capability granted via a role, can be revoked this way:
1) revoke from user that role
or
2) revoke that capability from that role.

[Vladimir]

Thanks for the provided access to the source code. There were similar error reports at wordpress.org support forum. I duplicate the answer here:

The reason of a problem is a line of code at the BuddyBoss platform plugin. Open wp-content/plugins/buddyboss-platform/bp-load.php file and look at the line #149:

apply_filters( 'all_plugins', 'bp_core_unset_bbpress_buddypress_active_all_plugins', - 1 );

It incorrectly calls `apply_filters’ for WordPress core ‘all_plugins’ filter. Why do I think so? Be cause of it sends to it not array with plugins list, as WordPress itself does at includes/class-wp-plugins-list-table.php:91:
$all_plugins = apply_filters( 'all_plugins', get_plugins() );
where function get_plugins() returns “array Key is the plugin file path and the value is an array of the plugin data”.

But it sends own function ‘bp_core_unset_bbpress_buddypress_active_all_plugins’ and priority value: -1. These parameters are valid for add_filter() function.
I suppose this is just a typo.

More, bp_core_unset_bbpress_buddypress_active_all_plugins() function which belongs to BuddyBoss Platform plugin accept a single $plugins parameter and returns it unchanged.

So quick fix is replace line #149 with this valid version:

add_filter( 'all_plugins', 'bp_core_unset_bbpress_buddypress_active_all_plugins', - 1 );

[Vladimir]

Hi,

Thanks for this information.

User Role Editor (URE) hides itself from not administrator users who have access to the “Plugins” page. URE uses ‘all_plugins’ WordPress filter to exclude itself from the installed plugins list.
Look at this filter official definition:

all_plugins

This filter should take parameter of type array, not the string, as BuddyBoss sends, according to the line #2 from the stack trace:

#2 /wp-content/plugins/buddyboss-platform/bp-loader.php(149): apply_filters(‘all_plugins’, ‘bp_core_unset_b…’, -1);

URE tries unset array element for its own record in line 461:

459 // exclude URE from plugins list
460 $key = basename(URE_PLUGIN_DIR) . ‘/’ . URE_PLUGIN_FILE;
461 unset($plugins[$key]);

Look at the screenshot below. I took it from PHP debugger at my test site.

$plugins parameter contains array of installed plugins as it should by WordPress design and documentation.

But at your site $plugins modified by BuddyBoss executed ‘all_plugins’ filter earlier with lower priority (-1 comparing to default 10), contains not array with plugins list, but the string ‘bp_core_unset_b…’. Finally, I see this as a reason of PHP error, raised inside URE code.

I’m ready to investigate the issue further if you can provide me BuddyBoss plugin (plus a theme if required) for testing. Share it with support [at-sign] role-editor.com via Google Drive or similar.

[Vladimir]

Turn ON ‘Show deprecated capabilities’ checkbox at the top of URE page to see ‘edit_files’ capability.

[Vladimir]

Hi,

Yoast SEO checks ‘edit_files’ capability before allow user to work with its ‘File Editor’.

Take into account that any mistake in .htaccess file may lead to site blocking. You need to think twice before allow direct file editing at the live site.

Btw., ‘edit_files’ allows to edit inside WordPress themes and plugins file.

[Vladimir]

Thanks for letting me know.

[Vladimir]

Hi,

It’s not possible using user capabilities. But it seems that you can use a filter. Tickera adds “Export PDF” tab using this filter:

add_filter( 'tc_settings_new_menus', array( &$this, 'tc_settings_new_menus_additional' ) );

function tc_settings_new_menus_additional( $settings_tabs ) {
	$settings_tabs[ 'tickera_export_mixed_data' ] = __( 'Export PDF', 'tc' );
	return $settings_tabs;
		}

You can add to this filter with larger priority (99) your own function, which will remove ‘tickera_export_mixed_data’ element from the array with the list of tabs.

Let me know if you need further help.

[Vladimir]

Hi,

Do your subsites use own domain names? Is it realized with some plugin help?

There are rare cases when POST works via redirection to a new domain name, but request for a new page does not contain POST parameters (current_role) in this case, which were send to the server initially.

[Vladimir]

You may try this solution:

add_action( 'registered_post_type', 'cpt_add_edit_permissions', 10, 2 );

function cpt_add_edit_permissions( $post_type, $post_type_object ) {

    if ( !class_exists( 'URE_Lib') ) {
        return;
    }
    
    $roles = array('administrator', 'editor');
    $lib = URE_Lib::get_instance();
    $capabilities = $lib->get_edit_post_capabilities();
    foreach( $capabilities as $capability ) {
        if ( isset( $post_type_object->cap->$capability ) ) {
            URE_Capabilities::add_cap_to_roles( $roles, $post_type_object->cap->$capability );
        }        
    }
    
}

This code automatically adds edit capabilities to roles from the all $roles array for any registered post type.
Parameters:
$post_type – post type slug, like ‘post’,
$post_type_object – self commented.

Just fill $roles array with your own roles ID, which is allowed to create new custom post types and setup this code as a must use plugin to wp-content/mu-plugins folder.

[Vladimir]

Hi,

Did you block any admin menu items for this role using “Admin menu” with “Block not selected” option?

[Vladimir]

I asked about plugin to clarify what permission allows to create custom post type. I don’t have access to the “Toolset Types” plugin though. This solution is not suitable in case it uses some widely used capability like ‘manage_options’

URE adds user capabilities for custom post type (CPT) to ‘administrator’ role automatically only when “Users->User Role Editor” page is opening. I added custom filter ure_cpt_editor_roles in order to extend the list of roles to which URE will add capabilities for CPT in addition to default administrator. It will be available with the next update.

URE page should be opened at least 1 time after new CPT was added. Will this update satisfy your needs?

[Vladimir]

Try to deactivate/activate back AdRotate plugin. Some plugins re-install its user capabilities and roles on activation.

If that will not help, you have variants 1, 2 from the mentioned article.

[Vladimir]

What plugin do you use to create new custom post types?

[Author]

Posts