Skip Navigation

[Resolved] Front-end Forms User field access controls

This thread is resolved. Here is a description of the problem and solution.

Problem: I have applied Access Controls to User Field Groups, but the restrictions do not seem to be applied in front-end User Forms.

Solution: Access Control for User fields only applies in wp-admin. If you'd like to restrict access to specific content based on User roles, you can use Access Control shortcodes.

So to display different Forms to different User roles, you could do something like this:

[toolset_access role="role1" operator="allow"][cred_user_form form='edit-user-role1'][/toolset_access]
[toolset_access role="role2" operator="allow"][cred_user_form form='edit-user-role2'][/toolset_access]

You could do something similar directly inside the Form to show or hide input fields if you prefer to use one Form. You must use Expert Mode to edit the Form shortcodes. This example only shows these two fields to users in the role "role1":

[toolset_access role="role1" operator="allow"]
    <div class="form-group">
        <label>[cred_i18n name='user-birthdate-label']user birthdate[/cred_i18n]</label>
        [cred_field field='user-birthdate' force_type='field' class='form-control' output='bootstrap']
    </div>
    <div class="form-group">
        <label>[cred_i18n name='user-image-1-label']user image 1[/cred_i18n]</label>
        [cred_field field='user-image-1' force_type='field' class='form-control' output='bootstrap' previewsize='thumbnail']
    </div>
[/toolset_access]
This support ticket is created 3 years, 10 months ago. There's a good chance that you are reading advice that it now obsolete.

This is the technical support forum for Toolset - a suite of plugins for developing WordPress sites without writing PHP.

Everyone can read this forum, but only Toolset clients can post in it. Toolset support works 6 days per week, 19 hours per day.

Sun Mon Tue Wed Thu Fri Sat
8:00 – 12:00 8:00 – 12:00 8:00 – 12:00 8:00 – 12:00 8:00 – 12:00 - -
13:00 – 17:00 13:00 – 17:00 13:00 – 17:00 13:00 – 17:00 13:00 – 17:00 - -

Supporter timezone: America/New_York (GMT-04:00)

Author
Posts
#1930247
1930081-Screenshot_2021_02_02_at_18.12.00.png

Tell us what you are trying to do?
I'm trying to create a registration form with some custom fields dedicated to property owners.
I created a conditional field and if the user clicks it he can fill other custom fields that are reserved to a specific user group.

I created a user group called PROPRIETARI and I set in your access plugin that only they can see and edit custom fields in their profile, but if I register a subscriber user and I don't fill any custom fields I can see and edit these fields too (see the attachment).

Thank you for your help.

Is there any documentation that you are following?
Yes your documentation for real estate directories

Is there a similar example that we can see?
I don't know

What is the link to your site?
hidden link

#1930301

I created a user group called PROPRIETARI and I set in your access plugin that only they can see and edit custom fields in their profile, but if I register a subscriber user and I don't fill any custom fields I can see and edit these fields too (see the attachment).
Hello, can you provide a bit more information? Is the problem that the Subscriber User can see these custom fields in a front-end User Form, or is the problem that a Subscriber User can see these custom fields in wp-admin when they edit their own User Profile?

#1930775

Hi Christian,
I try to explain better my issue. Users can choose to register as simple subscribers or as property owners.

If they choose subscribers they put username, email, and password.
If they choose owners they put other information I added with custom fields and that they see thanks to a conditional field.

So if a user registers as a subscriber when he goes to edit his profile he shouldn't see these fields. I restricted these fields to the profile page and to the edit profile of the group PROPRIETARI. But it doesn't work fine. I see them also on my profile page when I am a subscriber.

I hope now it's clearer.

Thank you for your help,
Anna,

#1931881

Okay thanks for the additional information, it's more clear now. However, I'm not seeing the same results when I run a quick test in my local environment, so I must be missing something. May I log into your site's wp-admin area to see what's going on?

Please provide admin login in the private reply fields here, and also add information for logins for a Subscriber and a Proprietari User as well so I can test from those User perspectives. I'll take a quick look and give you some feedback.

Please let me know if it's okay to temporarily switch to a default theme like Twenty Twenty One and deactivate plugins during testing. I'll restore the site to its current state when I'm done testing.

#1933643

I get an error when logging in using these admin credentials - perhaps you did not save the new generated password? Please confirm these credentials and provide an update if necessary. The subscriber and proprietario user logins seem to be working well, just the admin User is failing.

#1933799
proprietario-profile-3.png
proprietario-profile-2.png
proprietario-profile-1.png
subscriber-profile-3.png
subscriber-profile-2.png
subscriber-profile-1.png

So if a user registers as a subscriber when he goes to edit his profile he shouldn't see these fields. I restricted these fields to the profile page and to the edit profile of the group PROPRIETARI. But it doesn't work fine.
When I log in as the User "subscriber", I do not see the Proprietari User Field Group in my wp-admin profile. When I log in as the User "proprietario", I see the fields as expected in my wp-admin profile. I don't see the problem in wp-admin. I'm attaching screenshots here showing what I see in the wp-admin profile page when logged in as subscriber and when logged in as proprietario.

Sorry but I must not understand the problem, can you explain the problem a bit more, and include some screenshots for me?

#1933969

Did you try from the frontend?
Users don't use the backend.

hidden link -> area riservata -> modifica il tuo profilo

Thanks

#1933971
Screenshot 2021-02-04 at 17.34.53.png

Sorry, I forgot the screenshot.

#1934145

Okay I understand, the problem is not in wp-admin, the problem is the fields are displayed in a front-end Form. The Access Control Types Field tab does not apply to front-end forms, only to the wp-admin editing interface. If you'd like to restrict these fields in the Edit User Form, you can either use conditionals in the Form, or you can create two Forms and display different Forms to each User role.

Which would you prefer? I can show you options either way.

#1934541

Why should users use wp-admin on a website?
It's a bit strange, isn't it?

Anyway, if you can show me both options, I can decide which is best for me.

Thank you.

Anna.

#1936811

In either case, you'll use an Access Control shortcode to restrict access to specific content. You can either insert the Access Control shortcode in the "modifica il tuo profilo" page, to display different Forms to different User roles, or you can use Expert Mode in the Edit User Form builder to insert the Access Control shortcode directly inside the Form and display the Proprietari input fields to only Proprietari Users.

The format for an Access Control shortcode looks like this:

[toolset_access role="custom-role-slug" operator="allow"]this content will ONLY be displayed to users with role 'custom-role-slug'[/toolset_access]
[toolset_access role="custom-role-slug" operator="deny"]this content will NOT be displayed to users with role 'custom-role-slug'[/toolset_access]

So to display different Forms to different User roles, you could do something like this:

[toolset_access role="role1" operator="allow"][cred_user_form form='edit-user-role1'][/toolset_access]
[toolset_access role="role2" operator="allow"][cred_user_form form='edit-user-role2'][/toolset_access]

You could do something similar directly inside the Form to show or hide input fields if you prefer to use one Form. You must use Expert Mode to edit the Form shortcodes. This example only shows these two fields to users in the role "role1":

[toolset_access role="role1" operator="allow"]
	<div class="form-group">
		<label>[cred_i18n name='user-birthdate-label']user birthdate[/cred_i18n]</label>
		[cred_field field='user-birthdate' force_type='field' class='form-control' output='bootstrap']
	</div>
	<div class="form-group">
		<label>[cred_i18n name='user-image-1-label']user image 1[/cred_i18n]</label>
		[cred_field field='user-image-1' force_type='field' class='form-control' output='bootstrap' previewsize='thumbnail']
	</div>
[/toolset_access]

Let me know if you need more information about either approach and I can give more guidance.

#1937913

Thank you,
I'll try your solution.

Great support.

Best,
Anna.

#1937915

My issue is resolved now. Thank you!