I have a user role called Student and would like to allow them access to Private pages (currently only admin and editor roles can do this). I would like to create a function to do so. I found a post that said to add this to the functions.php in my child theme:
// Allow Students to see Private posts and pages
$subRole = get_role( 'Student' );
$subRole->add_cap( 'read_private_posts' );
$subRole->add_cap( 'read_private_pages' );
But it doesn't seem to do anything. Is there a way to change the ability to access private pages?
Also above it says 'read_private_pages' I want to be sure that they can submit the form on that page as well (not just read the page).
Do you can use plugins? If yes, try the plugin Capability Manager Enhanced.
This plugin is a way to manage WordPress role definitions.
More easy that edit direct in the code.
Related
I need to implement field-level permissions in a Page model, in a SilverStripe 3.2 website.
Let's imagine I have an ArticlePage.php model. It has the usual fields like $MenuTitle and $Content, and I've added other properties like $Subtitle and $Author.
I can protect the whole model by using providePermissions() and the associated canEdit() methods, but I need to protect individual fields / page properties.
What I need to do is:
Admins should be able to edit all fields
Users in another permissions group should only be able to edit and save $Subtitle
Is this possible in SilverStripe 3.2? Is there a SilverStripe way of doing it?
If not, is there a way I can Identify the user group of the current user and then perhaps conditionally show the $field->addFieldToTab() code? Is it possible to stop the user saving a field by posting the data maliciously, perhaps by adding the missing fields via inspector?
Thanks in advance.
So here's my own answer. This post was helpful: https://www.silverstripe.org/community/forums/customising-the-cms/show/11693
You can conditionally show CMS fields and tabs using code like the post demonstrates:
public function getCMSFields()
if(!Permission::check('PERMISSION_LABEL'){
$fields->removeFieldFromTab("Root.Main","MenuTitle");
$fields->removeByName('BannerImages');
// etc...
}
// etc...
}
Having defined the permission:
public function providePermissions()
{
return array(
'PERMISSION_LABEL' => 'Can edit some fields',
);
}
My concern with this approach was that a user could still create a form field on the page using inspector or JS and submit values for fields they should not be able to see.
Having tested this it appears that field values are not saved if they are not listed on the page, but are sent with the POST data. Although I'd love to know if a SilverStripe expert could confirm that.
I am using 'Woo Discount Rules Pro' plugin to offer discounts for different user categories.
In the user registration page, I have included an input field to get the category of the user.
Although the category is saving inside the user profile, the role of the user is saved as 'customer' since I gave the default role as 'customer'.
What I need to achieve is save the relevant category of the user which user selects(i.e. school, uni, office) under 'User Role' when the user registers.
I tried to look into some plugins which perform this action when the user registers.
I found a plugin called Registration Magic and that would solve my issue. But unfortunately, it is not free and has to pay to unlock this specific feature.
Any suggestions how to accomplish this action with or without a plugin? Thank you!
Ultimate Member plugin assigns default role to a new user via this hook:
add_action('um_after_new_user_register', 'um_after_new_user_register', 10, 2);
and rewrite the roles of new user:
...
$ultimatemember->user->set_role( $role );
...
You can add your own routine with lower priority, like
add_action('um_after_new_user_register', 'custom_after_new_user_register', 20, 1);
function custom_after_new_user_register($user_id) {
$user = get_user_by('id', $user_id);
if (!in_array('subscriber', $user->roles)) {
$user->add_role('subscriber');
}
}
WordPress will execute it after UM and new user will receive the additional role.
I did not tested this code, wrote it from scratch, just to give you an idea.
There is a plugin named Wp Role at Registration and it has solved this issue. Most of all it's a free plugin.
you can assign user role on signup using User Registration wordpress plugin : https://en-gb.wordpress.org/plugins/user-registration/
install it
create form with it and then go to form settings
I have created a edit link on my wordpress where subscribers can edit their posts. When they click this it takes them back to the admin portal to edit post. I want to make sure they can't see the categories widget on the right side how do I remove that from a user seeing this?
<?php edit_post_link(__("Edit Post"), ''); ?>
I ahve this un the function.php file but need to know how to make it just for subscribers.
function wpse60590_remove_metaboxes() { if() remove_meta_box( 'categorydiv' , 'post' , 'normal' ); remove_meta_box( 'tagsdiv-post_tag' , 'post' , 'normal' ); } add_action( 'admin_menu' , 'wpse60590_remove_metaboxes' );
You need to modify the capabilities of these users' role to prevent them from working with categories. The capability you need to disable for their role should be "manage_categories".
Just make sure all of the users you wish to limit are in the same role (e.g. "Contributor" or something).
In my experience the easiest way to manage capabilities for roles is the Members Plugin.
Once installed, go to Users -> Roles -> Select the role you wish to change. Find "manage_categories", uncheck it, and save.
If you are using a custom post type, we may have to add some settings where you register the taxonomy to specify the ability to assign a category to a post.
I've asked a few questions trying to solve this simple problem, but nothing seems to work.
Whats the recommended way to have private/public posts? I want to have a site that if an author/editor/administrator are logged in every private post and public post are viewable/searchable. If the user is not logged in only public posts a viewable.
I have thought about/tried doing this a number of ways. A simple way I achieved this way using a WP_Query to include/excluded all posts with a custom field "Private" when logged in/out.
While this worked fine I have two problems with it, how secure is it? and It requires a custom field, when Wordpress already has private post functionality.
The other way I have tried is to use Wordpress built in Private post feature but I cant get the private post to show up on the front-end. They show up in the edit screen for allowed users and in the loop(front-end) for admins but not editors or authors....
Using wordpress built in functions is my perferrred method but just cant get it to work correctly.
any suggestions or help? Someone must have done this without the need for a custom field?
thanks
You dont need to use a meta field to get private posts, its available on the wp query post_status parameter.
$args = array( 'post_status' => array( 'publish' ) ); // regular users
if ( is_user_logged_in() ) {
// signed in users
$args['post_status'][] = 'private';
}
$query = new WP_Query( $args);
I believe the most appropriate in your case is to use WordPress capabilities. Editors are already able to view private posts/pages on the front-end if logged in (because they have the read_private_posts capability).
Here's an example of how you would make private posts/pages viewable by author user role.
function so0805_init_theme_add_capabilities(){
/* allow authors to view private posts and pages */
$role_author = get_role('author');
$role_author->add_cap('read_private_pages');
$role_author->add_cap('read_private_posts');
}
add_action('init', 'so0805_init_theme_add_capabilities');
Paste this code inside functions.php of your theme.
I'm in the process of making some improvements to a live Drupal site that's using the Domain Access module to run a number of microsites. I'm trying to find a way of restricting the menus a user can post content to from the node edit screen. A user on one of the domains should only be able to post content to menus associated with that domain.
Is there a simple way of achieving this? I'm guessing there are some hooks I could use, but so far I have been unable to identify them. I'd prefer not to have to install further modules to achieve this and to be able to add some code to the current site to alter the forms. The site is struggling with the large number of modules we've had to install on it already.
According to the readme for the module, you need to set some specific permissions in user management:
To enable this feature, you should grant the 'edit domain nodes' and
(optionally) the 'delete domain nodes' permission to some roles. Then assign
individual users accounts to specific domains to assign them as Domain Editors.
From my experience many moons ago with the module, you can check the global $user object and figure out what domains the user should have access to. You can then use a form alter to remove any options from the select box that you don't want them seeing. As always with Drupal though, it's better to let someone else write the code - so if the Domain module provides this functionality, use it!
Here is some updated code for Drupal 7:
/**
* Implements hook_form_FORM_ID_alter().
*/
function MYMODULE_form_page_node_form_alter(&$form, &$form_state) {
global $_domain;
if (isset($_domain['domain_id'])) { // only display domain's primary links
$menus[domain_conf_variable_get($_domain['domain_id'], 'menu_main_links_source')] = $_domain['sitename'].' Main menu';
}
if (isset($menus)) {
$options = menu_parent_options($menus, $form['#node']->type);
$form['menu']['link']['parent']['#options'] = $options;
}
}
Eventually found a way of fixing this for the particular project I have been working on: in module_form_alter I've added the following:-
global $_domain;
if (isset($_domain['domain_id'])) { // only display domain's primary links
$menus[domain_conf_variable_get($_domain['domain_id']
,'menu_primary_links_source')] = $_domain['sitename'].' Primary links';
}
if ( isset($menus) ) {
$options = menu_parent_options($menus, $form['menu']['#item']);
$form['menu']['parent']['#options'] = $options;
}
This restricts the menu options to just the current domain's primary links menu which is just what we wanted.
Thanks to Fabian who pointed me in the right direction earlier.