[Resolved] Restrict Media Library Access

[Author]

Posts

[michaelO-8]

Tell us what you are trying to do?

Hi, I am trying to restrict users' library media access. I want users to only be able to view files in the media library that they have uploaded, but it seems like they are able to view other users' uploads. Is there any way to do this?

I looked into doing this via Toolset Access for post types and custom role permissions and could not figure out how to do this.

What is the link to your site?
hidden link

[michaelO-8]

Also, I just found this post here that has the same issue: https://toolset.com/forums/topic/restrict-access-to-media-library-while-user-upload-photo/

However, for me, "Use any Media Library file when adding files to front-end Post Forms" is unchecked for all roles other than Admin and Editor and the issue is persisting.

[Luo Yang]

Hello,

Please try these:
1) Dashboard-> Toolset-> Access Control-> Post Types
find and click "Media", enable option "Managed by Access", and disable "Read" permissions for those specific user roles.

2) Disable option "Use any Media Library file when adding files to front-end Post Forms" for those specific user roles.
And test again.

[michaelO-8]

Hi,

Thank you for your help. I have done steps 1 and 2, but the issue is persisting.

Also, I noticed that when editing a post and uploading files, users get the error "Sorry, you are not allowed to attach files to this post." This error happens regardless of whether media is controlled by access permissions or WordPress permissions.

I checked error log and debug log but do not see anything related.

[Luo Yang]

I have tried above settings in my localhost(fresh WP installation + the latest version of Toolset plugins), it works fine, so the problem you mentioned above is abnormal, please check these:

1) Make sure you are using the latest version of Toolset plugins, you can download them here:
https://toolset.com/account/downloads/

2) In case it is a compatibility problem, please deactivate all other plugins, and switch to wordpress default theme 2020, and test again

3) Also check if there is any PHP/JS error in your website:
https://toolset.com/documentation/programmer-reference/debugging-sites-built-with-toolset/

4) If the problem still persists, please provide database dump file(ZIP file) of your website, you can put the package files in your own google drive disk, share the link only, also point out the problem page URL and form URL, I need to test and debug it in my localhost, thanks
https://toolset.com/faq/provide-supporters-copy-site/

[michaelO-8]

Thank you, I will test this out and get back to you soon. If I still have issues, I will let you know.

[Luo Yang]

I have marked this thread as "Waiting for Feedback" status, please update here when you need more assistance, thanks

[michaelO-8]

Hi Luo,

Thank you for waiting. I have done various tests and this is what I found:

Test:

The following happens when creating a post type called “booth” or editing this post.

1. If you go to Dashboard-> Toolset-> Access Control-> Post Types
find and click "Media", enable option "Managed by Access", and disable "Read" permissions for those specific user roles, when trying to upload a media file in the create booth form or edit booth form:

The user gets the error message “You have no access to upload files”.

Ability to See Other Users' Media: The user can still see all media library items, even those from other users even though the option "Use any Media Library file when adding files to front-end Post Forms" is disabled

2. If you go to Dashboard-> Toolset-> Access Control-> Post Types
find and click "Media", enable option "Managed by Access", and enable "Read", “Edit”, and “Publish”, permissions:

Upload Media in Edit Form: When using the edit booth form, the error message changes and says “Sorry, you are not allowed to attach files to this post.”

Upload Media in Create Form:When using the create booth form, the user IS successfully able to upload media.

Ability to See Other Users' Media: The user can still see all media library items, even those from other users even though the option "Use any Media Library file when adding files to front-end Post Forms" is disabled

Also, I noticed that the roles with this issue do not have the following permissions in custom roles->access The following permission is not checked:

Allows access to Administration Panel: Media (Add New).

Not sure if this is needed currently, but I haven’t needed it previously.

I tried the following and it did not fix the issue:

1. Updating Toolset

2. Switching to a standard WordPress Theme

3. Disabling all plugins but Toolset

I have created a package for the site. Would you be able to take a look? Thank you!

[Luo Yang]

Please provide a copy of your website in below private message box, you can put the package files in your own google drive disk, share the link only, also point out the problem page URL and form URL, I need to test and debug it in my localhost, thanks
https://toolset.com/faq/provide-supporters-copy-site/

[Luo Yang]

The package files you provided above is about 3G size, it will take time to download it.

I assume you have already checked the compatibility issues in your website
https://toolset.com/forums/topic/restrict-media-library-access/#post-1735351

you can provide the database package file, and share the link:
hidden link

Private message enabled again.

[Luo Yang]

The database dump file is not valid, I get 404 error.

So I have to download the 3G size file, will update here if there is anything found

[Luo Yang]

I do have issue with the duplicator file size, after one hour, I get error: Failed - Forbidden
See screenshot gdrive-error.JPG, please provide your database dump file in your own google drive disk, private message box enabled again, thanks

[Luo Yang]

Thanks for the details, I can download the files, will update here if find anything

[Luo Yang]

I can see the problem with your duplicator package, and the problem persists in the button "Add media" under field "Organization Description", it does not respect the setting of "Use any Media Library file when adding files to front-end Post Forms".

It is a known issue of Toolset Forms plugin, our developers are working on it, currently, you can try to add below codes into your theme file functions.php:

add_filter( 'ajax_query_attachments_args', 'wpb_show_current_user_attachments' );
function wpb_show_current_user_attachments( $query ) {
	$user_id = get_current_user_id();
	if ( $user_id && !current_user_can('activate_plugins') && !current_user_can('edit_others_posts
	') ) {
		$query['author'] = $user_id;
	}
	return $query;
}

And the "Upload or select image" button of field "Company Logo/Image" does respect the settings without any problem by below settings:

Please try these:
1) Dashboard-> Toolset-> Access Control-> Post Types
Find post type "Media", enable option "Publish" + "Edit own" + "Read" for user role "Wayne State Employer"

2) Dashboard-> Toolset-> Access Control-> Toolset Forms,
Disable option "Use any Media Library file when adding files to front-end Post Forms" for user role "Wayne State Employer"

Can you confirm it? thanks

[michaelO-8]

Hi,

Thank you for your help. Yes, this code does limit the WordPress only media to files the user has uploaded, which is great.

However, when using the edit form, the user still gets the error "Sorry, you are not allowed to attach files to this post."

I have set the permissions as you have suggested to

1) Dashboard-> Toolset-> Access Control-> Post Types
Find post type "Media", enable option "Publish" + "Edit own" + "Read" for user role "Wayne State Employer"

2) Dashboard-> Toolset-> Access Control-> Toolset Forms,
Disable option "Use any Media Library file when adding files to front-end Post Forms" for user role "Wayne State Employer"

Can you replicate this as well?