Skip Navigation

[Resolved] Access control for archive templates.

This support ticket is created 3 years, 1 month ago. There's a good chance that you are reading advice that it now obsolete.

This is the technical support forum for Toolset - a suite of plugins for developing WordPress sites without writing PHP.

Everyone can read this forum, but only Toolset clients can post in it. Toolset support works 6 days per week, 19 hours per day.

Sun Mon Tue Wed Thu Fri Sat
- 9:00 – 13:00 9:00 – 13:00 9:00 – 13:00 9:00 – 13:00 9:00 – 13:00 -
- 14:00 – 18:00 14:00 – 18:00 14:00 – 18:00 14:00 – 18:00 14:00 – 18:00 -

Supporter timezone: Asia/Karachi (GMT+05:00)

Author
Posts
#1950179

I created the following archive pages:

- hidden link
- hidden link

Where in Toolset access control can I set who can / cannot view the archive pages?

Now, properties (hidden link) and projects (hidden link) are only displayed for looged-in users. And we would like to display them for guests as well.

#1951187

Waqar
Supporter

Languages: English (English )

Timezone: Asia/Karachi (GMT+05:00)

Hi,

Thank you for contacting us and I'd be happy to assist.

There are no separate access control settings for the posts in the archive pages, and this is how the post type and post group based Access restriction affects them:

1. If you've restricted a post type's access for a user role from WP Admin -> Toolset -> Access Control -> Post Types, then the user which has no read rights for that post type will not see them in the archive pages too.

2. However, if you've restricted access to some posts using only the post groups ( WP Admin -> Toolset -> Access Control -> Post Groups ), then that restriction will only apply to the single post pages. In the archive pages, those posts will still show.

Since you'd like the "eigendom" and "project" type posts to be shown to guest users too in the archive pages, you can go to WP Admin -> Toolset -> Access Control -> Post Types and make sure that the "Guest" is allowed read access to these post types.
( example screenshot: hidden link )

regards,
Waqar

#1951489

I don't see any "events" tab in WP Admin -> Toolset -> Access Control -> Post Types?

#1951721

Waqar
Supporter

Languages: English (English )

Timezone: Asia/Karachi (GMT+05:00)

I've used the screenshot from my test website as an example.

On your website, you'll see the tabs for the "Eigendom" and "Project" post types.

#1951775

Guests should first login/register an account.
That's why we redirect them to the login/register page (WP Admin -> Toolset -> Access Control -> Post Type > Eigendommen)
The same goes for Vakexperts > Projecten

If I understand it well this access restriction also affects the archive page hidden link, thus guests will require to login/register an account first in order to view the archive page?

We've setup the above archive pages for search engines to crawl properties / projects. With the above restriction search engines will not be able to crawl the archive pages?

#1953859

Waqar
Supporter

Languages: English (English )

Timezone: Asia/Karachi (GMT+05:00)

Your understanding is correct.

If you'd like the "Eigendom" and "Project" posts to be available for the search engines and guest users for the archive pages, you'll need to remove the post type restriction from these post types, as I suggested in my reply earlier.
( ref: https://toolset.com/forums/topic/access-control-for-archive-templates/#post-1951187 )

As for the single post pages of these posts, you can use the Access post group settings or the conditional blocks to show their content only to the logged-in users and login/registration form, to non-logged-in visitors.

If you could share a screenshot of how the templates for these single post pages are set up, I'll be able to suggest something in more detail.

#1953865

You can have a look in admin.

#1953901

Waqar
Supporter

Languages: English (English )

Timezone: Asia/Karachi (GMT+05:00)

I've set your next reply as private so that you can share temporary admin login details.

Note: Although no changes will be made on your website, please make a complete backup copy, before sharing the access details.

#1954245

Waqar
Supporter

Languages: English (English )

Timezone: Asia/Karachi (GMT+05:00)

Thank you for sharing the admin access.

Reviewing the setup, this is what I'll recommend:

1. As suggested earlier, please go to WP Admin -> Toolset -> Access Control -> Post Types and make sure that the "Guest" is allowed read access to these "Eigendom" and "Project" post types.

As a result, when the guests will visit the archive pages for these post types, they'll see the posts, which is what you want.

The downside of this would be that when guests will visit the single post pages of these post types, they'll be able to see the actual content and not the login form ( through the template: Template with the login form ), which is not what you want. This will be taken care of in the next step:

2. Using the "wpv_filter_force_template" hook, you can force the single post pages of "Eigendom" and "Project" post types to show the "Template with the login form" when a guest user visits them:
( ref: https://toolset.com/documentation/programmer-reference/views-filters/#wpv_filter_force_template )


add_filter( 'wpv_filter_force_template', 'dynamic_template_override_login', 99, 3 );
function dynamic_template_override_login( $template_selected, $id, $kind ) {
	// if the user is not logged in and is trying to view the single post page for the specific post types
	if ( !is_user_logged_in() && is_singular( array( 'eigendom', 'project' ) ) ) { 
		// force use of the content template with the login form
		$template_selected = 721;
	}
	return $template_selected;
}

The above code snippet can be included through either Toolset's custom code feature ( ref: https://toolset.com/documentation/adding-custom-code/using-toolset-to-add-custom-code/ ) or through the active theme's "functions.php" file.

As a result, when the guests will visit the single post pages from these post types they'll still see the login form and not the actual content.

#1954415

Hi

So my understanding of this solution is:

- a "guest" who will try to see the detailed pages of "eigendommen" (example: hidden link) or "vakexperten" (example: hidden link) will see the login/registration form, BUT the archive pages "eigendommen" and "vakexperten" will be fully searchable for search engines, right?

---> If I am right, could you please add the above code snippet? We are not familiar doing that. Thanks!

-----------------------------------------------------------------------

Second of all I would like to merge this ticket with another ticket which is being handled by a collegue of yours who does not seem to be able to suggest a proper solution: https://toolset.com/forums/topic/single-item-content-template-does-not-show/.

1. For hidden link (post type "eigendommen")

- If the user is a "guest" then he should be redirected to the login / registration page (see the above --- OK)
- If the user is an "author" or a "new subscriber" then he should be redirected to the single item content template

2. For hidden link (post type "vakexperts")

- If the user is a "guest" then he should be redirected to the login / registration page (see the above --- OK)
- If the user is an "author" or a "new subscriber" then he should be redirected to the single item content template as well

If you visit:
hidden link
hidden link

You are redirected to the login / registration page --- so that's OK.
But,

If you login with _testaccount_2, password: MzLTpoatq1@DBiZglKPMLCTh:

This user has the role of "author" and "new subscriber" so he should be redirected to the single item content template
But,

If you visit hidden link and click "meer informatie" of one of the properties. The user is not redirected to the single item content template, instead he is redirected to the detailed property page

And if you visit hidden link and click "meer informatie" of one of the vakexperts. The user is not redirected to the single item content template, instead he is redirected to the detailed vakexpert page

---> I hope you can help us out here with a solution.

-------------------------------------------------------------------------------

Last but not least, we face the following issue:

For example we have added this vakexpert: hidden link.
Obviously this vakexpert should appear here: hidden link but he doesn't.
We investigated everything (limitations set, ...) but to no avail.

---> Can you tell what the issue is here?

-------------------------------------------------------------------------------

I realy hope you can help to solve these remaining issues, tomorrow we are going live.

Thanks a lot!

#1955969

Waqar
Supporter

Languages: English (English )

Timezone: Asia/Karachi (GMT+05:00)

As for the original issue, your understanding is correct.

I'm afraid, we can't add PHP code changes on the client websites, but, adding a custom code snippet is a very straight forward process, as explained here:
https://toolset.com/documentation/adding-custom-code/using-toolset-to-add-custom-code/

Here is a screenshot example from my test website:
hidden link

I've checked the page with the view ( hidden link ) and the post "Architect, Brussel" is showing.
( screenshot: hidden link )

Maybe it was a temporary cache issue?

As for the other ticket with Jamal, I'll follow-up on it shortly, to see what I can find.

#1956025

I allowed the "Guest" read access to the "Eigendom", "Vakexpert" and "Project" post types.
The pages: hidden link, hidden link hidden link are visible for guest which is good.

Then I added below code snippet to Toolset's custom code feature in order to force the single post pages of "Eigendom", "Vakexpert" and "Project" post types to show the "Template with the login form" when a guest user tries to visit them by clicking "Meer informatie".

I adjusted the code snippet slightly so that both the post types "Eigendom", "Vakexpert" and "Project" are included.

add_filter( 'wpv_filter_force_template', 'dynamic_template_override_login', 99, 3 );
function dynamic_template_override_login( $template_selected, $id, $kind ) {
// if the user is not logged in and is trying to view the single post page for the specific post types
if ( !is_user_logged_in() && is_singular( array( 'eigendom', 'vakexpert', 'project' ) ) ) {
// force use of the content template with the login form
$template_selected = 721;
}
return $template_selected;
}

I get this message:

Unfortunately, this snippet cannot be edited directly. Check file permissions and wp-config.php constants DISALLOW_FILE_EDIT and DISALLOW_FILE_MODS. Alternatively, you can edit the file manually.

#1957697

Waqar
Supporter

Languages: English (English )

Timezone: Asia/Karachi (GMT+05:00)

This warning means that your host or some security plugin has set the constants "DISALLOW_FILE_EDIT" and/or "DISALLOW_FILE_MODS" to "true", which blocks the ability to make changes to files through the WordPress admin area.
( there is a note about that in the link: https://toolset.com/documentation/adding-custom-code/using-toolset-to-add-custom-code/ )

To add this and any other similar customization snippets in the future, you have these choices:

1. If you'd like to use the Toolset's custom feature, you can check your website's "wp-config.php" file and look for the lines with the "DISALLOW_FILE_EDIT" and/or "DISALLOW_FILE_MODS" constants and set them to "false":
( ref: https://wordpress.org/support/article/editing-wp-config-php/ )

You can get in touch with your host's support team to help you with that too.

OR

2. If you'd prefer not to allow PHP code changes to be added through the WordPress admin area, then you'll need to add the custom code snippet(s) into your child theme's "functions.php" file, as explained here:
hidden link
hidden link

#1958263

I contacted the host and they didn't set the constants "DISALLOW_FILE_EDIT" and/or "DISALLOW_FILE_MODS" to "true". So they cannot help.

As we are no developers we cannot either add the custom code snippet(s) into our child theme's "functions.php" file.

Could you please investigate which security plugin blocks the ability to make changes to files through the WordPress admin area?

#1958439

Here is the host's answer:

In this specific case it is not the file permissions or the content of the wp-config.php file, but probably the way iThemes security is configured on the website.

This ticket is now closed. If you're a WPML client and need related help, please open a new support ticket.