WordPress.org

Ready to get started?Download WordPress

Forums

[resolved] How to hack user level? (7 posts)

  1. agapeincognito
    Member
    Posted 8 years ago #

    Does anyone know where exactly WP checks the user level for access? For example, when they are posting, etc.

    I am using the Multiply hack which is working great for my needs with only one exception: it says you can manage permissions differently on each blog/press, but that feature isn't working at all. Since the author has a separate table with press ID, I figured I could hack the main templates to check the Press ID and related User Level instead of the default User Level in the main table. I just don't know where to look!

    Thanks!

  2. MichaelH
    Member
    Posted 8 years ago #

  3. agapeincognito
    Member
    Posted 8 years ago #

    Thanks, Michael! That was very helpful, but I don't think it's exactly what I'm looking for. It does give me a much better starting point though :)

    I think (and let me stress "think") what I'm really looking for is some way to change the master variable right at the beginning. I'm not sure why I'm having such a hard time figuring out how to do it.

    It isn't that I want to change what the various levels do (I'm happy with the way WP has them defaulted). Rather, I want to have it look at the Multiply table for the user level instead of the WordPress table. At first, I thought I would need to change all the current WP variables to Multiply variables. But, I think I may be able to just set the value of WordPress user level variable to equal the Multipy user level value for the given press (blog).

    I have a sneaky notion that it's much easier than it looks and that I'm just a moron...

  4. agapeincognito
    Member
    Posted 8 years ago #

    Okay, I figured it out (I think)...

    For those who care and for reference sake, it appears that the Multiply plugin DOES correctly set the $user_level variable for a given press (non-default blog). However, in 1.5.x WordPress doesn't look at this variable when checking several (if not all) of the permissions (such as the user_can_create_post permission/function in functions-post.php). Instead, this function calls the get_userdata function found in pluggable-functions.php, which returns the "cached" user data level.

    Therefore, I added the following lines under the get_userdata function:

    if ( empty($press_cache[$mb_id]) && $userid != 0) {
    $presses = mb_authorized_presses();
    $cache_userdata[$userid]->user_level = $presses[$mb_id]->level;
    } else {
    $cache_userdata[$userid]->user_level = $press_cache[$mb_id]->level;
    }

    This uses the press cache if available (updates it for the given user if empty), then sets the WordPress cached user level equal to the current Multiply press user level for the current press.

    After doing this, everything Multiply was intended to do seems to work fine. I currently have users set at "0" in the User Management. Then, in the Presses management, I increase their levels as desired. After logging in as them, they have NO rights on the Default Press and the exact rights needed on the other presses.

    I don't yet know if there are any negative affects from this (such as in large environments or if I have somehow messed something else up). So far though, everything is working great!!!

  5. agapeincognito
    Member
    Posted 8 years ago #

    Additional info:

    You will want to add the following to the end of each IF line (before the end parenthesis):

    && $mb_id

    This ensures none of this new code is executed when the Default (original) blog/press is selected.

    You may also want to alter this slightly and use it as necessary for get_userdatabylogin, and both functions can be placed into the Multiply plugin so that you don't have to edit the original code. The plugin author has also reviewed the above and gave it a thumbs up.

    Let me know if you find any problems with it.

  6. agapeincognito
    Member
    Posted 8 years ago #

    Important FYI:

    I have discovered that you can't easily do the same kind of fix for get_userdatabylogin. So far, I have found this affects two areas:

    (1) Posting via client software (xmlrpc)
    (2) Level 10 user privileges are no longer assumed on additional presses (rights must be specifically granted)

    I am currently researching, but any help is appreciated.

  7. agapeincognito
    Member
    Posted 8 years ago #

    The author of the Multiply plugin has now polished off the fix I mentioned above and released a new version:

    http://rephrase.net/box/word/multiply/

Topic Closed

This topic has been closed to new replies.

About this Topic