This thread is resolved. Here is a description of the problem and solution.
Problem:
Access Control for WordPress media files and custom taxonomies.
Solution:
You can follow our document to setup the access control.
Relevant Documentation:
This is the technical support forum for Toolset - a suite of plugins for developing WordPress sites without writing PHP.
Everyone can read this forum, but only Toolset clients can post in it. Toolset support works 6 days per week, 19 hours per day.
| Sun | Mon | Tue | Wed | Thu | Fri | Sat |
|---|---|---|---|---|---|---|
| - | 9:00 – 13:00 | 9:00 – 13:00 | 9:00 – 13:00 | 9:00 – 13:00 | 9:00 – 13:00 | - |
| - | 14:00 – 18:00 | 14:00 – 18:00 | 14:00 – 18:00 | 14:00 – 18:00 | 14:00 – 18:00 | - |
Supporter timezone: Asia/Hong_Kong (GMT+08:00)
This topic contains 4 replies, has 2 voices.
Last updated by 3 years, 10 months ago.
Assisted by: Luo Yang.
I am trying to: make a SEA group for externs' users, that can login to edit three landing pages of Page type.
Link to a page where the issue can be seen: hidden link
user : william.palandre
pwd : 6a1e&w%P#$G0GgiyWQW2Mq18
Then go to one of these landing pages : hidden link
OPEN firefox or Chrome console and check all these api calls for media/taxonomies that get 403, break js promises, and make the whole interface instable/hang... (tested under chrome and firefox)
Note that if you add media/edit-all acl to the "Contributeurs Externes" group (feel free to edit it just beware of breaking the front please) you remove 403 errors from the console (that make sense as media are uploaded by another user). But taxonomies... Can't archieve to remove it even giving taxonomy/edit-all to the same group :/ that's weird.
i give you admin access on the site access part ofr my submission.
I guess the request/promises from the WordPress core js lead to the hang but i have no way to resolve taxonomies edit api call.
I expected to see: gutenberg working edition of these pages
Instead, I got: errors on console with api calls that get 403, JS interface that hang leading to blocking situation.
Thanks for the details.
Please check these:
1) Edit the media file:
hidden link
It's owner is user "contact@ateliers-moder***.fr"
2) In Access settings:
Dashboard-> Toolset-> Access Control-> Post Types
hidden link
You will need enable option for post type "Media", and enable options "Edit any" for "Preview any" for user role "test-group"
See my screenshot: media.JPG
Login as user "test", edit the sample page again, it works fine
Hi,
Yes as mentioned in my first post, changing "edit any" on media type, remove the 403 on api media call as you noticed too in the fresh install.
Let's get on step deeper, with the site i have more 403 of this type : if you check the site archive i sent you trough google drive, install it (change user/pwd/database and base url) and follow the process i gave you login with william.palandre and edit the page i mentionned.
You'll also notice taxonomies api call that get also 403. if i give "edit any" on taxonomies, They-re still there.
And no way to remove these 403.
Thanks
