Add role to multiple users, or update roles to fix error?

Members 7 posts 2 voices

  1. Hi Justin—

    We have two types of members on our site: Subscriber and Premium. Premium users have access to all content. Subscriber users have access to most content.

    I’ve created a role for each of the two member levels, and given them just one permission, which is the same as the subscriber WordPress user level (just “read”).

    But, I realize we’ve been making an incorrect assumption about how the roles work.

    We’ve been marking Content Permissions as just “Subscriber”, OR as “Subscriber” and “Premium”.

    The assumption was that all “Premium” members would see all content (no matter how it’s tagged), and “Subscriber” members would only see content marked as “Subscriber”.

    BUT, that’s not how it works. Premium members can’t see content that’s tagged only as Subscriber, which makes sense. (I’m not sure why I assumed they would see both; I guess I thought everyone would also have the subscriber role?) In any case, the result is that, right now, our Premium subscribers are not able to see non-premium content. They should be able to see all content.

    (FWIW, I upgraded from 0.25 to the current version about a month ago).

    So, I see two solutions, but would appreciate a poke in the right direction.

    1. We add the Subscriber role to all Premium members. They would have both roles and could access both types of content. But, is there a way to do this for users at once? We have about 250 users that would need to be updated.

    2. We somehow changed the Premium role to say that it has read access to all of the content that’s marked as for Subscribers.

    Hoping this makes sense. Thanks!

  2. The simplest method is to add a filter to your theme’s functions.php or a custom plugin file to override this behavior for the premium role:

    add_filter( 'members_can_user_view_post', 'th_premium_view_post', 10, 2 );
    
    function th_premium_view_post( $can_view, $user_id ) {
    
    	if ( members_user_has_role( 'premium' ) )
    		return true;
    
    	return $can_view;
    }

    That will allow users with the premium role to view any post, regardless of the permissions set in Content Permissions. We can change that up if necessary.

    The next best option would be to assign both roles to the user.

    By the way, I have plans on improving this system drastically in the next major release. Instead of relying on roles, you’ll be able to use a capability instead.

  3. Thanks Justin.

    I think there might still be one glitch. In testing, this is where I’m at:

    Users with subscriber role can see:
    – Content with the ‘Subscriber’ permissions

    Users with premium role can see:
    – Content with the ‘Subscriber’ permissions
    – Content with both ‘Subscriber’ and ‘Premium’ permissions

    But, users with premium role can’t see content tagged only with the Premium permissions.

    I’m wondering if there’s a conflict with another chunk of custom code that I have. You helped me develop it a couple of years ago (man, how time flies).

    Here’s the previous thread: http://themehybrid.com/board/topics/subscribers-cant-see-content-marked-for-subscribers

    And the other code is as follows.

    Thanks again. P.S., great news about the next release.

    // In conjunction with Members plugin, hide content from users without proper permissions
    
    add_action( 'pre_get_posts', 'my_pre_get_posts' );
    
    function my_pre_get_posts( $query ) {
    	
    	// Bail if current user can restrict content or edit other users' posts.
        if ( current_user_can( 'restrict_content' ) || current_user_can( 'edit_others_posts' ) )
            return;
            
        $meta_query = $query->get( 'meta_query' );
    
    	if ( is_user_logged_in() ) {
    
    		$user = new WP_User( get_current_user_id() );
    			
    		$meta_query = array(
    			array (
    				'relation' => 'OR',
    				array(
    					'key'     => '_members_access_role',
    					'compare' => 'NOT EXISTS',
    				),
    				array(
    					'key'     => '_members_access_role',
    					'value'   => $user->roles[0],
    					'compare' => '='
    				)
    			)
    		);
    		
    	} else {
    
    		$meta_query = array(
    			array(
    				'key'     => '_members_access_role',
    				'compare' => 'NOT EXISTS'
    			)
    		);
    	}
    	$query->set( 'meta_query', $meta_query );
    }
  4. Yeah, that custom code is going to be problematic unless you want to allow premium users access to everything.

    If that’s OK, you can change this line:

    if ( current_user_can( 'restrict_content' ) || current_user_can( 'edit_others_posts' ) )

    To this:

    if ( current_user_can( 'restrict_content' ) || current_user_can( 'edit_others_posts' ) || members_current_user_has_role( get_current_user_id(), 'premium' ) )
  5. Yeah, that custom code is going to be problematic unless you want to allow premium users access to everything.

    If that’s OK, you can change this line:

    if ( current_user_can( 'restrict_content' ) || current_user_can( 'edit_others_posts' ) )

    To this:

    if ( current_user_can( 'restrict_content' ) || current_user_can( 'edit_others_posts' ) || members_current_user_has_role( get_current_user_id(), 'premium' ) )
  6. Sorry, that code should be:

    if ( current_user_can( 'restrict_content' ) || current_user_can( 'edit_others_posts' ) || members_current_user_has_role( 'premium' ) )
  7. Ack! Should have thought of that. Will let you know how it goes!