intoxstudio / restrict-user-access Goto Github PK

Describe the bug
After updates our website does not redirect correctly logged out users and users with restrictions. For example tjas.nl/?redirect_to=%2Fexample stays in the search bar and does not redirect to tjas.nl/example. However, for admins and users with more rights it works... After deactivating the plugin it works for all. How can this be solved as our site is not working properly...

To Reproduce
Steps to reproduce the behavior:

1. Go to 'https://tjas.nl/samenwerken/sponsoren'
2. See error

Expected behavior
Should just go to https://tjas.nl/samenwerken/sponsoren

Screenshots
If applicable, add screenshots to help explain your problem.

Desktop (please complete the following information):

• OS: [e.g. iOS]
• Browser [e.g. chrome, safari]
• Version [e.g. 22]

Smartphone (please complete the following information):

• Device: [e.g. iPhone6]
• OS: [e.g. iOS8.1]
• Browser [e.g. stock browser, safari]
• Version [e.g. 22]

Additional context
Add any other context about the problem here.

Currently you can manage all restrictions etc. on the access level edit page.
It would be neat to have some (limited) management available on the edit pages of a post or term.
Some ideas:

• Restrict access to access level > This would correspond with a new access condition for the selected level.
• Non-access behavior (redirect / message)

Hi, I'm getting the following fatal error in my log files and the WP site doesn't render. Any idea what might be causing it?

Class 'WPCAObjectManager' not found in /var/.../wordpress/wp-content/plugins/restrict-user-access/level.php on line 228

Version 2.3.1 is breaking the website with the following error:

Fatal error: Uncaught Error: Call to undefined function wp_get_current_user() in C:\Sites\thewebsite\wp-includes\capabilities.php:693 Stack trace: #0 C:\Sites\thewebsite\wp-content\plugins\ultimate-member\includes\core\class-access.php(433): current_user_can('administrator') #1 C:\Sites\thewebsite\wp-includes\class-wp-hook.php(307): um\core\Access->exclude_posts(Object(WP_Query)) #2 C:\Sites\thewebsite\wp-includes\class-wp-hook.php(331): WP_Hook->apply_filters(NULL, Array) #3 C:\Sites\thewebsite\wp-includes\plugin.php(522): WP_Hook->do_action(Array) #4 C:\Sites\thewebsite\wp-includes\class-wp-query.php(1804): do_action_ref_array('pre_get_posts', Array) #5 C:\Sites\thewebsite\wp-includes\class-wp-query.php(3542): WP_Query->get_posts() #6 C:\Sites\thewebsite\wp-includes\post.php(2430): WP_Query->query(Array) #7 C:\Sites\thewebsite\wp-content\plugins\restrict-user-access\app.php(447): get_posts(Array) #8 C:\Sites\thewebsite\wp-content\plugins\restrict-user-access\app.php(594): RUA_App- in C:\Sites\thewebsite\wp-includes\capabilities.php on line 693

From the comments on the support forum the previous version is ok
https://wordpress.org/support/topic/current-version-2-3-1-is-breaking-our-site-2-3-is-working/

Is it possible to restrict different Groups and therefore Forums to particular users?

Many thanks
Pete

Does hiding resticted post from category page is in your road map?

Hi

I am looking for a plugin by which we can limit output of REST API to specific user roles.

Does your plugin this? How?

Thanks

Description
When I select multiple users on the Edit Access Level < Members tab, then select Remove from the Bulk actions menu and apply, nothing happens. All of the members were added via a User Role automation trigger.

To Reproduce

1. Go to User Access < Access Levels and select Access Level
2. Click Members tab
3. Select multiple Members by clicking the checkboxes or Select All
4. In Bulk Actions menu, choose Remove
5. Click Apply

Expected behavior
The selected members will be removed from the access level.

Screenshots
Video recording of issue: https://www.loom.com/share/2596f900e723434d9800453e8e4d030b

Define public API method to deduce the Access Level of a given piece of content.

--

We would used this to check if a page is protected so that the user does not have to be redirected to login.

Why not make a SVG icon to use in WP admin instead of the current dashicon?
If you would like help on this, please send me the vector/original file!

Hi,

I want to be able to give restricted access to 2 user groups like the code below, is this possible? One can not inherit anothers' roles using Extend because they have very different permissions.

[restrict role="usergroup1, usergroup2"]

Some restricted content only ug1 and ug2 should see

[/restrict]

Is it possible to restrict certain content for a logged-out user? The current shortcodes provide a lot of access control to really specifically tailor content to the user, but not for logged-out ones.

I would love to have a "fallback" in place. So, I have 3 items of text for each case:

• Group 1: All of the content
• Group 2: Some of the content
• Anonymous: "hey, please sign up!"

Seems to me as a great addition, so might be I'm overlooking it or it could be one for the backlog.

Describe the bug

When a single leven is created for member access which sets restrictions for a CPT a website maintainer still gets redirected.
Such a website maintainer doesn't get any level (since it's a maintainer, not a member) but also hasn't admin access.
This maintainer can edit a CPT but cannot view it because RUA redirects the user because of restrictions.

To Reproduce
Steps to reproduce the behavior:

1. Create CPT
2. Create single level: Member
3. Set restrictions for CPT to be only viewed by members
4. Make sure the editor role can edit the CPT
5. Login as editor and try to view a CPT you created.
6. Computer says no :(

Expected behavior
I would expect access levels to be ignored when a logged in user has certain capabilities, like in this case edit the CPT.

The project could not be analyzed because of maven build errors. Please review the error messages here. Another build will be scheduled within 24 hours. If the build is successful this issue will be closed, otherwise the error message will be updated.

_{This is an automated GitHub Issue created by Sonatype DepShield. GitHub Apps, including DepShield, can be managed from the Developer settings of the repository administrators.}

I have a site with 3 user access levels.

Members
- Editors
-- Administrators

that looks like this, with Members set as the parent of Editors and Editors set as the parent of Administrators.

Members has a single Condition group which gives access to a specific page, that anonymous visitors should not see. This works as expected, but the permission is not being inherited by Editors and Administrators and a redirect happens.

Since it's only a single page that needs to be restricted, I've worked around it by adding that page to each access level, but the docs do indicate that inheritance should work.

Hey there,

I'm hoping restrict-user-access can really help us avoid writing code!

We are building a Wordpress Multisite network, with BuddyPress network-activated (thus its toolbar is visible on all sites in the network).

However, we want to ensure similar privacy levels to Facebook, in the sense that our users' BuddyPress profiles should be (able to be) private, except to other users who they have a BuddyPress relationship with (eg. followers).

So there are two key use cases:

1. Public internet (not logged in to BuddyPress): do not show any BuddyPress member profile details, especially their Sites page (ie. the old "blogs" page).
2. Logged-in user: only show BuddyPress "Sites" page and "Activity" to other users who are logged-in and, say, following the profile in question.

Please let me know if Restrict User Access can achieve the above? I apologise for using a GitHub issue to ask this question — I couldn't find a better way to contact you!

Warm regards,

Adam

I have restricted posts that get displayed in loops on various pages. How do I detect if its restricted during a loop. ie. get_posts() or while $query->has_posts() loops?

I am trying to hide the admin bar for specific roles:
if ( ! current_user_can( 'manage_options' ) ) { show_admin_bar( false ); }
Unfortunately this is not working with restrict user access plugin activated.
Also general deactivating is not working:
add_filter('show_admin_bar', '__return_false'); or
show_admin_bar( false );
Any tip would be great! Thanks much.

I am seeing the same issue as https://wordpress.org/support/topic/redirect-to-page-only-works-for-the-first-click/

The first link redirects as expected but any subsequent pages trigger a 404 error.

Here's my site info in case that's helpful and thanks for the great plugin!

### wp-core ###
version: 5.4

site_language: en_US

user_language: en_US

timezone: America/New_York

permalink: /%postname%/

https_status: true

user_registration: 0

default_comment_status: open

multisite: false

user_count: 5

dotorg_communication: true
wp-paths-sizes
wordpress_path: /nas/content/live/sylintisac

wordpress_size: 41.17 MB (43173526 bytes)

uploads_path: /nas/content/live/sylintisac/wp-content/uploads

uploads_size: 14.30 MB (14990623 bytes)

themes_path: /nas/content/live/sylintisac/wp-content/themes

themes_size: 5.46 MB (5729679 bytes)

plugins_path: /nas/content/live/sylintisac/wp-content/plugins

plugins_size: 34.78 MB (36471658 bytes)

database_size: 3.23 MB (3391488 bytes)

total_size: 98.95 MB (103756974 bytes)
wp-dropins (1)
advanced-cache.php: true
wp-active-theme
name: Hello Elementor Child (hello-theme-child)

version: 1.0.1

author: Elementor Team

author_website: https://elementor.com/

parent_theme: Hello Elementor (hello-elementor)

theme_features: menus, post-thumbnails, automatic-feed-links, title-tag, html5, custom-logo, editor-style, woocommerce, wc-product-gallery-zoom, wc-product-gallery-lightbox, wc-product-gallery-slider

theme_path: /nas/content/live/sylintisac/wp-content/themes/hello-theme-child
wp-parent-theme
name: Hello Elementor (hello-elementor)

version: 2.3.0

author: Elementor Team

author_website: https://elementor.com/?utm_source=wp-themes&utm_campaign=author-uri&utm_medium=wp-dash

theme_path: /nas/content/live/sylintisac/wp-content/themes/hello-elementor
wp-themes-inactive (4)
Twenty Nineteen: version: 1.5, author: the WordPress team

Twenty Seventeen: version: 2.3, author: the WordPress team

Twenty Sixteen: version: 2.1, author: the WordPress team

Twenty Twenty: version: 1.2, author: the WordPress team
wp-mu-plugins (4)
Force Strong Passwords - WPE Edition: version: 1.6.4, author: Jason Cosper

WP Engine Seamless Login Plugin: version: 1.5.3, author: WP Engine

WP Engine Security Auditor: version: 1.0.8, author: wpengine

WP Engine System: version: 4.0.0, author: WP Engine
wp-plugins-active (9)
Classic Editor: version: 1.5, author: WordPress Contributors

Elementor: version: 2.9.8, author: Elementor.com

Elementor Pro: version: 2.9.3, author: Elementor.com

Login or Logout Menu Item: version: 1.2.0, author: cartpauj

MainWP Child: version: 4.0.7, author: MainWP

Redirection: version: 4.7.1, author: John Godley

Restrict User Access: version: 1.3, author: Joachim Jensen

SEOPress: version: 3.8.5.1, author: SEOPress

WordPress Importer: version: 0.7, author: wordpressdotorg
wp-media
image_editor: WP_Image_Editor_Imagick

imagick_module_version: 1687

imagemagick_version: ImageMagick 6.9.7-4 Q16 x86_64 20170114 http://www.imagemagick.org

imagick_limits:

imagick::RESOURCETYPE_AREA: 38 MB

imagick::RESOURCETYPE_DISK: 1073741824

imagick::RESOURCETYPE_FILE: 6144

imagick::RESOURCETYPE_MAP: 512 MB

imagick::RESOURCETYPE_MEMORY: 256 MB

imagick::RESOURCETYPE_THREAD: 1

gd_version: 2.2.5

ghostscript_version: unknown
wp-server
server_architecture: Linux 4.15.0-1040-gcp x86_64

httpd_software: Apache

php_version: 7.3.16-1+ubuntu18.04.1+deb.sury.org+1 64bit

php_sapi: apache2handler

max_input_variables: 10000

time_limit: 3600

memory_limit: 512M

max_input_time: 3600

upload_max_size: 50M

php_post_max_size: 100M

curl_version: 7.58.0 OpenSSL/1.1.1d

suhosin: false

imagick_availability: true

htaccess_extra_rules: false
wp-database
extension: mysqli

server_version: 5.7.29-32-log

client_version: mysqlnd 5.0.12-dev - 20150407 - $Id: 7cc7cc96e675f6d72e5cf0f267f48e167c2abb23 $
wp-constants
WP_HOME: undefined

WP_SITEURL: undefined

WP_CONTENT_DIR: /nas/content/live/sylintisac/wp-content

WP_PLUGIN_DIR: /nas/content/live/sylintisac/wp-content/plugins

WP_MAX_MEMORY_LIMIT: 512M

WP_DEBUG: false

WP_DEBUG_DISPLAY: true

WP_DEBUG_LOG: false

SCRIPT_DEBUG: false

WP_CACHE: true

CONCATENATE_SCRIPTS: undefined

COMPRESS_SCRIPTS: undefined

COMPRESS_CSS: undefined

WP_LOCAL_DEV: undefined

DB_CHARSET: utf8

DB_COLLATE: utf8_unicode_ci
wp-filesystem
wordpress: writable

wp-content: writable

uploads: writable

plugins: writable

themes: writable

mu-plugins: writable

Hello,

First off, I wanted to say thank you for developing such a simple, but extremely effective addition for WordPress. It seems to be working just fine on the install I have it implemented on.

My inquiry lies with the redirect option: Is there a way to have the redirected page be the log-in page or a landing page which says you can’t access this content and asks you to login (if it detects that you are not signed in)? In addition, is there a way to simplify the redirected URL (EX: attempted_page/?redirect_to=https%3A%2F%2Fwww.domain.com/landing_page/)?

Warm Regards,
Joe G.

Hi Joachim,

I get this error when using rua_get_level_caps():

Fatal error: Uncaught Error: Class 'WPCAObjectManager' not found in /wp-content/plugins/restrict-user-access/level.php:219

Stack trace:
#0 /wp-content/plugins/restrict-user-access/level.php(206): RUA_Level_Manager->_init_metadata() 
#1 /wp-content/plugins/restrict-user-access/level.php(724): RUA_Level_Manager->metadata() 
#2 /wp-content/plugins/restrict-user-access/api/level.php(138): RUA_Level_Manager->get_levels_caps(Array) 
#3 /wp-content/plugins/view-admin-as/modules/class-restrict-user-access.php(551): rua_get_level_caps(495, true) 
#4 /wp-content/plugins/view-admin-as/modules/class-restrict-user-access.php(155): VAA_View_Admin_As_RUA->get_level_caps(495, true) 
#5 /wp-includes/ in /wp-content/plugins/restrict-user-access/level.php on line 219

It has to be a new error since I never encountered it before. It currently happens when I switch to an access level. View Admin As fetches the level caps to set the proper view.

Wordpress 4.1.1