When trying to display a menu, with toolset access enabled, it checks to see if the content for a menu item is readable by the current user.
This check is done in Access_helper::toolset_access_api_get_post_permissions_process()
It reaches this part of the code
//If settings set and post type managed by Access
if ( isset($types_settings[$post_type]) && $types_settings[$post_type]['mode'] == 'permissions' && isset($types_settings[$post_type]['permissions'][$option_name]['roles']) ){
if ( in_array($role, $types_settings[$post_type]['permissions'][$option_name]['roles']) !== FALSE ){
return true;
}else{
return false;
}
}
//If settings set and post not type managed by Access
elseif ( (isset($types_settings[$post_type]) && $types_settings[$post_type]['mode'] != 'permissions' && isset($types_settings['post']) && $types_settings[$post_type]['mode'] == 'permissions') ||
( !isset($types_settings[$post_type]) && isset($types_settings['post']) && $types_settings['post']['mode'] == 'permissions' ) ){
if ( isset($types_settings['post']['permissions'][$option_name]['roles']) && in_array($role, $types_settings['post']['permissions'][$option_name]['roles']) !== FALSE ){
return true;
}else{
return false;
}
}
//Use role capabilities
else{ /* It ends up HERE */
if ( $role == 'guest' ){
if ( $option_name == 'read' ){
return true;
}else{
return false;
}
}
$role_caps = $wp_roles->roles;
if ( isset( $role_caps[$role]['capabilities'][$converted_caps[$option_name]] ) ){
return true;
}else{
return false;
}
}
and ends up in the last 'else' (I added the comment with 'It ends up HERE) and $option_name == 'read'. For people logged in is ends up checking $role_caps, but 'read' is a standard WP capability for reading the dashboard (not content).
It seems to me the last part of the code should read
else{
if ( $option_name == 'read' ){
return true;
}
if ( $role == 'guest' ){
return false;
}
$role_caps = $wp_roles->roles;
if ( isset( $role_caps[$role]['capabilities'][$converted_caps[$option_name]] ) ){
return true;
}else{
return false;
}
}
I have got around the issue by enabling types access for the pages content type.
Dear Steve,
I assume we are talking about the PHP source code of Access plugin, file \types-access\includes\Helper.php, line 634~640:
if ( $role == 'guest' ){
if ( $option_name == 'read' ){
return true;
}else{
return false;
}
}
And you are right, the 'read' is a standard WP capability for reading the dashboard (not content).
https://codex.wordpress.org/Roles_and_Capabilities#read
Could you describe detail steps to duplicate same problem?
What is the issue you have got around?
Are we talking about the problem: some specific posts/pages should be display in the wordpress menus for guest users? how do you setup the access settings in the post/page?
Yes, this about menu items. The menu has some items to reference pages and also other items.
The menu displays correctly for people logged in and people who are administrators.
It was not displaying correctly to other people logged in, the menu items for pages were not displaying. Initially I was not using types access to control access to the page content type and none of the pages in question have individual access controls.
So initially these users were falling through to the 'else' clause and the code used the $role_caps to check for read access which failed since these people do not have access to the dashboard.
At this point I have enabled types access control for the page content type and set it so these users can read the content. This resolves the issue since now these users no longer fall through to the 'else' clause.
I still need detail steps to duplicate same problem, I just tested below steps in my localhost, but can not duplicate same problem, please correct me if there is anything missing:
1) Install Access plugin 2.3.1 in a fresh wordpress installation
2) Dashboard-> Toolset-> Access Control-> Post Types
Enable option "Managed by Access" for post type "Page"
3) Create a page, and add it into main menu
4) Test it in front-end with an "subscriber" user, it works fine, and does display the page in the menu
5) Dashboard-> Toolset-> Access Control-> Post Types
Disable option "Managed by Access" for post type "Page", it works fine too.
