Members Plugin Not Restricting Page Content

Members 5 posts 2 voices

  1. We are working on finalizing the Google Login with the Ring Customer Service Portal and facing some challenges in the role being properly mapped to the correct group that is assigned to the user. https://csportal.ring.com/

    We essentially have three roles and these are administered or controlled as groups with the Google admin.

    Agents – Regular user who can see support articles
    Managers – Can see support articles and also restricted content for managers only
    Admins – Can see all of above and also admin WordPress

    We are using using the “Members” plugin to control the ability for certain users to see or not see content.

    Members


    Admin for page: https://csportal.ring.com/wp-admin/post.php?post=272&action=edit
    See ss for the way we have the content permissions set for the page too. You can see that are giving access to only Managers and Admin, NOT Agents, but yet Agents can see the page and should see an error that they are not able to see this page.

    We have this issue:

    “Agents” can access this page, even with “Manager” page restrictions: Leadership Support Portal. Only Admin and Managers should be able to see this page. The logins are working properly but it seems like they are not being mapped to the correct user leve/restriction. We tested this end to end with normal logins and it works fine, the issue occurs when we have the google login used instead of a direct login.

    We are eager to get the site launched and this is holding us back from doing so. Thanks for any help you can offer.

  2. We made some test and the plugins works with page.php (default template) only.

  3. I’m going to assume your “mapping” is working correctly because that is outside the scope of Members. If it’s not, that’s something that needs to be corrected. I wouldn’t mind looking at it, but I can make no guarantees if that’s where the issue lies because it is a third-party plugin. But, let’s narrow down the possible culprits first.

    There’s a lot of possibilities, so I’ll just break them down:

    Who can see the content?

    Managers are only supposed to see this page. So, anyone else seeing it should only be able to see it under the following conditions:

    • The user has the restrict_content capability.
    • The user has permission to edit the post.

    If either of those are true, you can’t really block content to that user.

    Page template?

    You say it’s working with the default page.php template. What’s different about this page? Is it a custom template? If so, there’s a good chance you have an issue here. I’d need to see that particular template.

    Most likely issues:

    • The Content Permissions component literally only blocks the content (hence, the name). So, if we’re talking about “content” that’s outside of calling the_content(), you’ll need some custom code, which would be easy to do.
    • A custom query in a page template that’s not properly reset would muck things up.

    Other plugins

    If the two sections above are not fruitful, it’s time to deactivate all other plugins. Test to see if things work correctly with those plugins deactivated.

    If that fails, we need to test with one of the default Twenty* themes for WP to rule out a theme issue.

  4. Hi Justin,

    Thanks for your reply here. I also thought that maybe the Google Login plugin is the culprit, but I did a test with direct logins, not using the Google Login and have the same results that the agents can see restricted content that only managers and admin should be seeing.

    It’s odd that this was working at one point too and stopped working, not sure exactly when or what preceded the issues we are having.