Skip Navigation

[Resolved] A user can edit fields that they shouldn't be able to edit based on my settings

This support ticket is created 8 years, 5 months ago. There's a good chance that you are reading advice that it now obsolete.

This is the technical support forum for Toolset - a suite of plugins for developing WordPress sites without writing PHP.

Everyone can read this forum, but only Toolset clients can post in it. Toolset support works 6 days per week, 19 hours per day.

Sun Mon Tue Wed Thu Fri Sat
- 10:00 – 13:00 10:00 – 13:00 10:00 – 13:00 10:00 – 13:00 10:00 – 13:00 -
- 14:00 – 18:00 14:00 – 18:00 14:00 – 18:00 14:00 – 18:00 14:00 – 18:00 -

Supporter timezone: Asia/Kolkata (GMT+05:30)

This topic contains 6 replies, has 3 voices.

Last updated by peterv-5 8 years, 4 months ago.

Assisted by: Minesh.

Author
Posts
#342904

I am trying to:
Limit a users ability to edit a certain set of custom user fields.

I visited this URL:
hidden link (a page where I have a CRED form)

I expected to see:
the "Station" and "Accidents" fields visible, but not editable for this "subscriber" (this user is not an admin).

***
Let me know if you want admin access to the website.

#342906
Screen Shot 2015-10-27 at 4.39.31 PM.png
Screen Shot 2015-10-27 at 4.34.59 PM.png

Forgot to attach the screen shot...

#342930

Waqas
Supporter

Languages: English (English )

Timezone: Asia/Karachi (GMT+05:00)

Can you please confirm that if you see the access restrictions working fine in WP-Admin (for these particular fields)?

On the other hand, you can apply CRED's native Conditional Display Logics for these fields. You can test for certain user roles to enable the input, or, can simply print the values if user does not belongs to a particular role. Please see https://toolset.com/documentation/user-guides/conditional-display-for-form-inputs/ for more information.

Please let me know if I can help you with anything related.

#343448
backend-view of custom CARE fields.png

I can confirm that in the admin panel they can't change the numbers (which is what I want) but on the front end that same user can edit the values.

I've attached a screenshot of the backend showing that they can't change the values that the can change on the front end.

Let me know if you want admin access to the website.

Thank you.

#343499

Minesh
Supporter

Languages: English (English )

Timezone: Asia/Kolkata (GMT+05:30)

Unfortunately Waqas is on holiday. This is Minesh here and I'll take care of this ticket and will try help you further. Hope this is OK.

*** Please make a FULL BACKUP of your database and website.***
I would also eventually need to request temporary access (WP-Admin and FTP) to your site. Preferably to a test site where the problem has been replicated if possible in order to be of better help and check if some configurations might need to be changed.

I would additionally need your permission to de- and re-activate Plugins and the Theme, and to change configurations on the site. This is also a reason the backup is really important. If you agree to this, please use the form fields I have enabled below to provide temporary access details (wp-admin and FTP).

I have set the next reply to private which means only you and I have access to it.

#345250

Minesh
Supporter

Languages: English (English )

Timezone: Asia/Kolkata (GMT+05:30)

Could you please try to implement following code:

#1:
[toolset_access role="administrator" operator="allow"]
[cred_field field="book-number-of-pages" post="book" value=""  urlparam=""]
[/toolset_access]

#2:
[toolset_access role="Editor,Author,Contributor,Guest" operator="allow"]
[cred_field field="book-number-of-pages" post="book" readonly="true" value=""  urlparam=""]
[/toolset_access]

So what this code will do is, for administrator role (#1) it will allow the field to be edited and for all other roles (#2) it will add "readonly" attribute to your field so that your field will not be available for editing purpose.

Hope this fix your issue.

#346325

That worked.
Thanks.

This ticket is now closed. If you're a WPML client and need related help, please open a new support ticket.