Skip Navigation
Acheter

Accueil Toolset Professional Support [Résolu] Users that have no rights can connect posts

[Résolu] Users that have no rights can connect posts

Ce fil est résolu. Voici une description du problème et la solution proposée.

Problem:
Users that have no rights to create Post Type A can still do so when connecting a Post Type A to a Post Type B

Solution:
Update to types 3.1

This support ticket is created Il y a 6 années et 4 mois. There's a good chance that you are reading advice that it now obsolete.

This is the technical support forum for Toolset - a suite of plugins for developing WordPress sites without writing PHP.

Everyone can read this forum, but only Toolset clients can post in it. Toolset support works 6 days per week, 19 hours per day.

Aucun de nos assistants n'est disponible aujourd'hui sur le forum Jeu d'outils. Veuillez créer un ticket, et nous nous le traiterons dès notre prochaine connexion. Merci de votre compréhension.

Sun Mon Tue Wed Thu Fri Sat
- - 14:00 – 20:00 14:00 – 20:00 14:00 – 20:00 14:00 – 20:00 14:00 – 20:00
- - - - - - -

Supporter timezone: Asia/Ho_Chi_Minh (GMT+07:00)

Marqué : 

Ce sujet contient 3 réponses, a 2 voix.

Dernière mise à jour par Beda Il y a 6 années et 3 mois.

Assisté par: Beda.

Auteur
Publications
#1073369

henryH

It would be great if you can give suggestion.
In my application there are two custom post "Obituaries" and "Services" and two type of users "Admin" and "Family".
I have created a Relationship between Obituaries and Services(One to Many).
Right now Family can add "obituaries" and "Services" but I want to apply restriction, Family can add only "Obituaries" Detail and Admin can add "Services" only.
Can I apply this type of functionality?

#1073411

Beda

To control who can do what on WordPress you can use Toolset Access.

You would head to Toolset > Access after installing the plugin and find the post type you want to control
There, you would set the user roles to have certain capabilities or not.
Then, that would apply to those roles.
https://toolset.com/documentation/user-guides/#access

This will make it impossible for Role A to add or do anything else you do not intend to with the certain post type.

The problem is, when you allow to add or edit one post type in a relationship, you can very well deny access to the other, and that will take effect in the WordPress Admin, but NOT in the Post Relationship meta box when you add or edit an actual "parent" post for example.

Let me explain

1. User Role A can add/edit parent type (only)
2. User Role B can add/edit child type (only)

This correctly removes all tools to edit/create any post they are not supposed to in the WordPress Admin.

But if they add or edit a post they are allowed to, then they can actually add and edit as well the posts (related) that they are not supposed to manipulate.

This is obviously wrong, I reported it and we will work on this.

So for now, this is possible but with a risk:
The user can still add/edit related posts in the Metabox made for it.

#1077148

henryH

yes

#1091124

Beda

This will be fixed with the next release 3.1.

Known issues and solutions

Frequently asked support questions

Support tickets archive

Get help from experienced contractors

Meet Toolset support team

Toolset Customer Support Policy

Need to tell us something about the quality of support

How to remove personal information from your database for support