[Resolved] Access control limiting user meta fields works for built-in profile editing only

[Author]

Posts

[cantonB]

I've added a group of custom fields for the users called "Certification Fields", which contains fields like:

Is this person credentialed to teach? [yes][no]

Only admins should be able to change this value.

I used Toolset Access to configure User Meta Fields Access : Certification Fields so that users can't modify their own certification fields.

This works fine as expected when the user visit their wp-admin/profile.php page. They can see their certification status, but they can't change it.

However, I don't want to use the built-in wordpress profile editing page, so I've created a Toolset User Form which lets people edit their account.

If I include the "Is this person credentialed to teach?" field on the Toolset-powered User Form, then the user CAN edit their own status, even though I specified in Toolset Access that users shouldn't be able to edit their own certification meta fields.

I do see that I can simply click the trashcan icon to remove those fields altogether from the Toolset User Form.

How do I instead SHOW the value, without letting them CHANGE the value?

[Christian Cox]

Hi, do you want to show the field value, or a disabled input with the field value set in it?

If you want to just show the field value, i.e. "certified", instead of a radio input field, you can use the standard Types field shortcodes to display the current User's field value. Drag an "HTML content" element into the Form builder from the "Extra elements" panel, then place the Types field shortcode using the syntax described in the field shortcode documentation here: https://toolset.com/documentation/customizing-sites-using-php/functions/#radio
Click the "+More" button for examples. Here is an example showing the current User's field value:

Level 1: [types usermeta="your-field-slug" user_current="true"][/types]<br />

You would replace your-field-slug with the slug of the custom field you want to display.

If you want to show the normal input field in the Form but make it uneditable, you can switch to "Expert mode" in the Form builder and add readonly='true' to the cred_field shortcode corresponding to this specific field. The radio button would be displayed on the front-end, but disabled. Example:

[cred_field field='your-field-slug' force_type='field' class='form-control' output='bootstrap' readonly='true']

Let me know if you have questions about that.

[cantonB]

Perfect, thanks! The shortcode solution was great. I don't recommend the "read-only" method because someone could simply save the HTML file to their desktop, remove the read-only flag, load it up, submit it, and give themselves credentials!