Skip Navigation

[Resolved] Split: Limiting post visibility to own posts with Relevanssi searches

This support ticket is created 6 years, 9 months ago. There's a good chance that you are reading advice that it now obsolete.

This is the technical support forum for Toolset - a suite of plugins for developing WordPress sites without writing PHP.

Everyone can read this forum, but only Toolset clients can post in it. Toolset support works 6 days per week, 19 hours per day.

Sun Mon Tue Wed Thu Fri Sat
- 7:00 – 14:00 7:00 – 14:00 7:00 – 14:00 7:00 – 14:00 7:00 – 14:00 -
- 15:00 – 16:00 15:00 – 16:00 15:00 – 16:00 15:00 – 16:00 15:00 – 16:00 -

Supporter timezone: Europe/London (GMT+00:00)

This topic contains 12 replies, has 2 voices.

Last updated by rayG-2 6 years, 8 months ago.

Assisted by: Nigel.

Author
Posts
#623228

Hi Nigel,

That's OK, I do need some further advice please.

I don't think I am quite getting capabilities.

My site will have customers and subscribers. Customers can add/edit/delete 4 out of 8 custom post types and subscribers can add/edit/delete 8/8 custom post types. All these custom posts are visible to (or should be) visible to the individual author who created them.

I have a dashboard which allows each user to see and access their posts, with edit links added to the view of each post.

The problem is, in the dashboard, that when I have the edit capability on users can see their posts, but they can edit the layout of the page and search results come up for all users, not just the authors posts. When I have the edit capability turned off, users cannot see their posts in the dashboard but when they search it only searches their results.

I am using standard Woocommerce/Wordpress roles. I tried a custom role, but I got the same results.

I hope that makes sense.

Kind regards
Ray

#623235

Nigel
Supporter

Languages: English (English ) Spanish (Español )

Timezone: Europe/London (GMT+00:00)

Hi Ray

I'm not sure how you have set up your dashboard, but I created a simple test site to confirm it works, so let me outline what I did so that you can compare it to your own experience.

I have a site with a CPT "Things". I have Things posts created by the admin user and by a user with the subscriber role.

I edited the Relevanssi settings so that the index includes Things posts (and updated the index).

I brought the Things post type under Access control, and for the subscriber role gave them the ability to publish posts and to edit and delete their own posts, as well as read rights to be able to view any Things post.

For the "dashboard" I set up a View to display Things posts.

I added a Query Filter for the post author to only show posts authored by the currently logged-in user.

I added a text search field that searches title, body and custom fields, and a submit button.

I inserted this View on a page, my dashboard page.

I visited the page as admin and saw the Things published by the admin.

In another browser I logged in as the subscriber and visited the same page.

I saw the Things published by the subscriber. I searched for content that exists in their Things and the results updated as expected.

I searched for words that only occur in the admin's Thing posts, and go "no results found".

So my experience is that it works as expected.

Based upon the above can you clarify what you are doing differently?

#623878

Hi Nigel,

Thanks for going to so much effort. The support here is really good.

My setup is different and after reading this, I feel wrong in a few aspects. Talking with you has been very educational!

Each users posts are set to private. I thought this was the best way, until I learnt that you could add a filter based on logged in users. I need to change the posts to published.

I didn't know about setting up a custom search, so I will try this as well.

Let me have a go at trying the way you have got it working and I will give you more feedback.

Kind regards
Ray

#626900

Hi Nigel,

I tried to set it up similar to what you described and it works! Thank you for that.

I have one related issue. At the bottom of each form I have the Submit button, which is a good thing and I have an Edit button on the right hand side. This is a bad thing as it allows the user to edit the layout. How can I stop this being displayed?

Ray

#626961

Nigel
Supporter

Languages: English (English ) Spanish (Español )

Timezone: Europe/London (GMT+00:00)

Hi Ray

I'm glad you got it working.

For this last point, what exactly is the issue?

You have a dashboard page that lists users own content and allows them to edit that content, but the problem is that the users can edit the dashboard page itself, is that right? Or is it something else?

#627087
Screen Shot 2018-03-22 at 06.21.57.png

That is correct, they can edit the dashboard page.

The Edit button has this link hidden link domain.com/wp-admin/post.php?post=666&action=edit

#627286

Nigel
Supporter

Languages: English (English ) Spanish (Español )

Timezone: Europe/London (GMT+00:00)

That looks like it is added by the theme and is added because your users have rights to edit pages.

If you go to Toolset > Access Control and check the pages section, is that controlled by Access? Is the role assigned to your users given permission to edit any page?

#627596

Hi Nigel,

I checked Access Control - Pages and it was not controlled by Access Control. I then turned Access Control on to control pages and I got the same result, with the added 'edit' button.

Within access control - pages users had editing turned off.

I hope that helps. I still think I am not grasping the roles and permissions correctly.
Look forward to hearing from you.
Ray

#627704

Nigel
Supporter

Languages: English (English ) Spanish (Español )

Timezone: Europe/London (GMT+00:00)

I think now would be a good point for me to get access to your site so that I can confirm where that button is coming from and whether and how Toolset can influence its visibility.

I will mark your next reply as private so that I can get log-in credentials from you—you may want to create a temporary admin user for me to use that you can later delete. And be sure to have a current backup of your site, even though I don't intend to make any changes.

What is the URL for the dashboard page?

What role do the users have?

Can you, in the private reply, also give me credentials for such a user I can use for testing.

#628362

Nigel
Supporter

Languages: English (English ) Spanish (Español )

Timezone: Europe/London (GMT+00:00)

Hi Ray

The queue is extremely busy at the moment and I am getting through tickets as fast as I can. I'll get back to you as quickly as possible. Sorry for the wait.

#628512

That's OK.
Thanks for letting me know.
Ray

#628770

Nigel
Supporter

Languages: English (English ) Spanish (Español )

Timezone: Europe/London (GMT+00:00)

Hi Ray

I took a look and, yes, the Edit button is added by the theme (twentyseventeen) automatically.

You have the edit forms inserted inside an unassigned Layout (as per our directions), which means when they are rendered they are rendered using the theme's single.php template file. Layouts just replaces the_content() part of the template, the rest of it will still be displayed.

The theme doesn't provide a way to disable the edit button. It is not shown when the user doesn't have rights to edit the post, but—of course—your user needs rights to edit the post.

So the only way to remove it is to use a child theme (https://developer.wordpress.org/themes/advanced-topics/child-themes/) and to duplicate the parent theme file twentyseventeen/template-parts/post/content.php and remove this part from the end:

	<?php
	if ( is_single() ) {
		twentyseventeen_entry_footer();
	}
	?>
#630238

Hi Nigel,
Thank you.
I had been toying with the idea of a different theme, so it seems like the time to try that, bearing in mind the pointers you gave me re: 'is_single'
You have been extremely helpful and have educated me in the process, much appreciated.
Is it possible to reopen the original thread as I still need some support getting the search working with multiple fields.
Kind regards
Ray