[Closed] Users report seeing content that should be restricted

[Author]

Posts

[thomasB-12]

I'm using toolset access to restrict access to content based on roles.

I have reports from 2 users telling me that they were able to see content that should have been restricted to them.

The problem is experienced on this page: hidden link

I have this page set up to deliver content based on the logged in user's role. The layout has three sections. Access to the content of each section is controlled by the following shortcodes in this order:

[toolset_access role="administrator" operator="allow"] admin content [/toolset_access]

<p>[toolset_access role="property_owner" operator="allow"][wpv-view name="property-owner-admin-view" cached="off"][/toolset_access]</p>

[toolset_access role="renter" operator="allow"]
[wpv-view name="rental-application-view"]
[/toolset_access]

I am concerned that there is a bug allowing restricted content to be viewed, despite measures to control access to it. But it could also be that I have it set up wrong. At any rate, can you help me figure this out? Thanks.

[Nigel Supporter Languages: English (English ) Spanish (Español ) Timezone: Europe/London (GMT+01:00)]

Do you have more specific details about the users, what their roles are and what content they saw that they shouldn't have?

Taking your first example:

[toolset_access role="administrator" operator="allow"] admin content [/toolset_access]

This means that only users with the role of administrator will see the inner content "admin content".

I took a quick look at the source code of the plugin to double-check that that really is how it works, and it is.

So you are doing it correctly as far as I can see, and we'd need some specific examples of how it is failing to be able to investigate further.