[Resolved] Access control where user is replicated as post with relationship to post types

This is the technical support forum for Toolset - a suite of plugins for developing WordPress sites without writing PHP.

Everyone can read this forum, but only Toolset clients can post in it. Toolset support works 6 days per week, 19 hours per day.

This topic contains 9 replies, has 2 voices.

Last updated by Luo Yang 1 month ago.

Assigned support staff: Luo Yang.

Author
Posts
#1631375

I have a WordPress with woocoommerce setup. I have replicated my "customer" (woocommerce user) with post type customer having the same author.

Every author has videos, lessons, and questionnaires assigned to the customer post type using the toolset relationship.

Videos Relationship -> Many to Many
Lessons -> Many to Many
Questionnaires -> One to One

Everything works fine when the Access control for these post types (customer, video, lessons, and questionnaire) are set as "Use the WordPress Default Read Permission". I want to use the toolset access control.

When I start managing the post types using toolset, the view which renders these post types doesn't render anything.
I have the access to edit form and single page, but the view doesn't render anything.
The way I have set the view is.

One view checks and finds the customer post from the currently logged in user. This view then calls another view which finds related post in that particular relationship for the customer post.
This renders nothing.

On the contrary, I have another setup. where, one view checks for the custoemr post from the currently logged in user : hidden link. And the other view renders through an intermediary field set as . hidden link.
This renders correctly.

The acess controls setup is set as.

Customer post type
Customer user has the power to edit delete and preview own post.

Lesson post type
Customer user has the power to edit delete and preview own post.
[I think this is where the problem occurs, as it is related to through a relationship]

How can I solve this ?

I have one more post type "Zoom Meeting" which I wish to use through access. Although this is controlled through custom code, but when using acess it blocks from returning any result to my wp_query.

I have already created a new test server to play with this, please allow me to share that credentials if you wish. You can tell me the answers directly as well.

Thanks a lot.

#1631541

Luo Yang
Supporter

Languages: English (English ) Chinese (Simplified) (简体中文 )

Timezone: Asia/Hong_Kong (GMT+08:00)

Hello,

Please backup your website first, then provide your website credentials in below private message box, also point out the problem page URL and view URLs, I need a live website to test and debug, thanks

#1632773

Luo Yang
Supporter

Languages: English (English ) Chinese (Simplified) (简体中文 )

Timezone: Asia/Hong_Kong (GMT+08:00)

I have tried it in your website with below steps:
1) Login as user "bhanutest", open URL:
hidden link
In section "Your Workout Videos", I can see there are two items in view's result, see screenshot: Your-Workout-Videos.JPG

It works fine, and outputs the correct result, just same as what you setup in bhanutest "custom" post:
hidden link

2) I have checked your view's settings, in this case, you don't need the custom shortcode [current_user] at all.
I have done below modifications in your website:
a) Edit post view "Lessons of customers on dashboard"
hidden link
Change the filter to:
Select posts with the author the same as the current logged in user.

b) Edit post view "Customers Videos on dashboard":
hidden link
Change the filter to:
Select posts in a Customers Videos relationship that are a related to the current post in the loop.

It should do the same result without any custom codes, please test again, check if it is what you want. thanks

More help:
https://toolset.com/documentation/user-guides/views/filtering-views-query-by-author/

#1634439

Okay.. There is some issue.

As I already mentioned, you must have been redirected to the original website.

++++++++++++++++++++++++++++++++++
[Please remember that once you login.. it will redirect you to the original site, this is an active issue. You can come back to the main website and navigate to the dashboard. We are trying to find the issue for this.]
++++++++++++++++++++++++++++++++++

I think that you changed the code for "hidden link" and checked on "hidden link". Thanks why you have shared the original website link.

If you login "hidden link" with test user credentials, you can see that the video section is unavailable.
I have attached the screenshot.

The real issue is as soon as I control the post type using "toolset access" it starts to not appear on the frontend.

I made changed to the two views:

1. hidden link
2. hidden link

Which is rendered here :
hidden link

You can see toolset access for video post type is set to be managed by toolset plugin.
hidden link

I want the view to be visible with these access settings as well.

#1636915

Luo Yang
Supporter

Languages: English (English ) Chinese (Simplified) (简体中文 )

Timezone: Asia/Hong_Kong (GMT+08:00)

Thanks for the details, I can see the problem as you mentioned above, and am trying to make the database dump file from your website, and test it in my localhost, will update here if there is anything found

#1639503

Luo Yang
Supporter

Languages: English (English ) Chinese (Simplified) (简体中文 )

Timezone: Asia/Hong_Kong (GMT+08:00)

I can duplicate the same problem with your database dump file, the user role "customer" is created with Woocommerce plugin. So it might be a compatibility issue, according to our workflow, we need to duplicate the issue in fresh WordPress installation.

So I have tried the same setting in a fresh WP installation + The latest version of Toolset plugins + Woocommerce plugin.
It works fine, here are detail steps, please correct me if there is anything missing:

1) Install the The latest version of Toolset plugins + Woocommerce plugin in a fresh WP installation

2) Create a custom post types:
- Customer
- Video

3) Setup many-to-many relationship between post type "Customer" and "Video"

4) Create a user "Customer1" in role "Customer"

5) Create a new "Customer" post, setup the post author as user "Customer1"

6) Create a page with nested views:
- Parent view query "Customer" post, filter by post author filter, in view's loop, display below child view
- Child view query "Video" posts, filter by post type relationship, in view's loop, display Video informatin.

7) In Toolset Access setting page, control both post types: "Customer" and "Video"

8) Login as user "Customer1", test above page of step 6).
It works fine, I can see the related "Video" posts without any problem.

Do you have any clue to reproduce the same problem in a fresh WP installation?

#1646141

Hey Luo,

I also tried reproducing the problem, but it was unable to allot author to the customer post type. I couldn't find list of my cusotmer user. i.e. I couldn't do step 5, into the test.
I am attaching my fresh install test files here. hidden link

#1647149

Luo Yang
Supporter

Languages: English (English ) Chinese (Simplified) (简体中文 )

Timezone: Asia/Hong_Kong (GMT+08:00)

The Woocommerce customer user can not publish post by default, you can use Toolset form plugin to setup a post form for creating new "Customer" post, then login as user "Customer1", fill and submit the post form, then you will get a "Customer" post, which author is user "Customer1".

#1647465

I can confirm that it works on a fresh installation of WordPress. The only thing different from in those two setup is that the customers "post" created here is created through a cred post form but in my original setup when-ever someone creates a new customer account a code creates the post for them.

add_action('cred_save_data', 'save_customer_data_as_post', 5, 2);

function save_customer_data_as_post($user_id, $form_data)
{
    if ($form_data['id'] == 1733) {
      
        $user = get_userdata( $user_id );
      
        // User First Name
        $firstname =  $user->first_name;
        // User Email ID
        $emailId =  $user->user_email;       
		// User Contact Number
		$contactNumber="";
		if(isset($_POST['wpcf-customer-contact'])){
		$contactNumber = $_POST['wpcf-customer-contact'];
		}
        // User Date of Birth
        $dob = "";
		if(isset($_POST['customer-date-of-birth'])){
		$dob = $_POST['customer-date-of-birth'];
		}
      	$postTitle = $firstname . " ( " . $emailId . " - ". $contactNumber ." ) ";
        $my_post = array(
            'post_title' => $postTitle,
			'post_content' => '',
            'post_status' => 'publish',
            'post_author' => $user_id,
            'post_type' => 'customer',
        );
		
      wp_insert_post($my_post); 
						
	}
wp_reset_postdata();
}

can this be the reason for it to not work in my case.
If not, then what is it that is creating the issue. ?

Thanks!

#1648441

Luo Yang
Supporter

Languages: English (English ) Chinese (Simplified) (简体中文 )

Timezone: Asia/Hong_Kong (GMT+08:00)

I don't think above custom codes will conduct the problem, those codes can only create a new "customer" post and set the post author.

The problem should be in user "bhanutest" and role "customer" in your website, I have tried these with your website database dump file in my localhost:
Dashboard-> Users, find and edit user "bhanutest", in option "Role", click link "I want to add more roles to this user", enable option "Contributor", save and test again.

It works fine in my localhost, it seems the "customer" user role is missing specific some privilege in your website, but we can not duplicate the same problem in a fresh WP installation, it might be an exception of your website, unless there are detail steps to reproduce the problem in fresh WP installation.