Viewing 15 replies - 1 through 15 (of 23 total)
  • Thread Starter ldeschenes

    (@ldeschenes)

    @champsupertramp

    @nikitasinelnikov

    Could one of you revisit that problem. Thanks.

    Plugin Author Mykyta Synelnikov

    (@nsinelnikov)

    Hi @ldeschenes

    The hook will be added in 2.6.0 please use it with caution on your own.
    It’s ‘um_extend_editable_roles’.

    Best Regards!

    Thread Starter ldeschenes

    (@ldeschenes)

    @nsinelnikov

    Thanks for the new hook.

    I cannot find it at https://docs.ultimatemember.com/article/1324-hooks-list

    Could you please give me an example of how to use it.

    missveronica

    (@missveronicatv)

    @ldeschenes

    /**
     * UM hook
     *
     * @type filter
     * @title um_extend_editable_roles
     * @description Extend Editable User Roles
     * @input_vars
     * [{"var":"$editable_roles","type":"array","desc":"Editable Roles Keys"}]
     * @change_log
     * ["Since: 2.6.0"]
     * @usage add_filter( 'um_extend_editable_roles', 'function_name', 10, 1 );
     * @example
     * <?php
     * add_filter( 'um_extend_editable_roles', 'my_um_extend_editable_roles', 10, 1 );
     * function my_um_extend_editable_roles( $editable_roles ) {
     *     // your code here
     *     return $editable_roles;
     * }
     * ?>
     */
    Thread Starter ldeschenes

    (@ldeschenes)

    @missveronicatv

    Thanks for the code snippet.

    I will test it and report back.

    Thread Starter ldeschenes

    (@ldeschenes)

    @missveronicatv

    Since I am still junior in PHP, I want to make sure I do understand before testing.

    Does “your code here” should be replaced by :

    $editable_roles = array(“um_coproprietaire”,”um_locataire”,”um_resident”);

    Would the following code be better:

    $editable_roles = [‘um_coproprietaire’, ‘um_locataire’, ‘um_resident’];

    Thanks.

    missveronica

    (@missveronicatv)

    @ldeschenes

    Yes, if these roles are those required both examples are OK but the first one most used.

    $editable_roles = array( 'um_coproprietaire', 'um_locataire', 'um_resident' );

    If you want to add your roles to the default editable UM Roles:

    $editable_roles = array_merge( $editable_roles, array( 'um_coproprietaire', 'um_locataire', 'um_resident' ));

    https://www.php.net/manual/en/function.array-merge.php

    Thread Starter ldeschenes

    (@ldeschenes)

    @missveronicatv

    Thanks for confirming that quickly! I do understand both use case.

    But what are the “default editable UM Roles” ? How are they set ? Where could I see what they are ?

    missveronica

    (@missveronicatv)

    @ldeschenes

    Enable PHP debug logging, read this guide: “How to enable debug logging”

    https://docs.ultimatemember.com/article/1751-enable-debug-logging

    Add this code line to your function, which will write to /wp-content/debug.log your editable roles ie the content of the parameter $editable_roles when calling your function.

    error_log( 'editable roles: ' . implode( ', ', $editable_roles ));

    https://www.php.net/manual/en/function.error-log.php

    Thread Starter ldeschenes

    (@ldeschenes)

    @missveronicatv @nsinelnikov

    I did apply the code snippet but this did not resolved my problem.

    Just to be clear, let me explain in details my problem :

    1. I use a profile form that uses the pre-defined field ‘Role (dropdown)’
    2. The field ‘Can user edit this field?’ is NOT checked as I don’t want users to edit their own roles
    3. The role field is visible and not editable when the user is editing their own profile (as you would expect)
    4. Editing the users profile page as Admin, the role field is editable. (as you would expect)
    5. When changing the users role and saving the profile, the role reverts to its original value. (not helpful)

    If I check the ‘Can user edit this field?’ checkbox:
    The result is that both user and admin can change the role. (but this is not the behaviour that I want).

    BTW, the describe behavior is the same when using or not using the hook.

    missveronica

    (@missveronicatv)

    @ldeschenes

    I did apply the code snippet but this did not resolved my problem.

    Did your code snippet get executed ie the error_log function did write the Role IDs to /wp-content/debug.log?

    Thread Starter ldeschenes

    (@ldeschenes)

    @missveronicatv

    I did not enable PHP debug logging… but as I said “the describe behavior is the same when using or not using the hook (disabling the snippet)

    It looks like the secury pack that was done at the time to resolve this issue (https://www.wordfence.com/blog/2020/11/critical-privilege-escalation-vulnerabilities-affect-100k-sites-using-ultimate-member-plugin/) affected diiferent bahaviors. The hook might have resolved some but not the one I described in my last message. BTW that was working prior to the security patch.

    Thread Starter ldeschenes

    (@ldeschenes)

    @missveronicatv

    (My last post has been held for moderation… I believe because I included an outside URL. So here is the text without the url.)

    I did not enable PHP debug logging… but as I said “the describe behavior is the same when using or not using the hook (disabling the snippet)

    It looks like the secury pack that was done at the time to resolve this issue (removed url) affected diiferent bahaviors. The hook might have resolved some but not the one I described in my last message. BTW that was working prior to the security patch.

    You can see the removed WordFence URL in the first post of this thread.

    • This reply was modified 12 months ago by ldeschenes.
    missveronica

    (@missveronicatv)

    @ldeschenes

    I suspect that your code snippet never executes and that’s why I asked about the error_log.

    Thread Starter ldeschenes

    (@ldeschenes)

    @missveronicatv @nsinelnikov

    Just to make sure I enabled the log. Here is the result :

    [03-Apr-2023 11:59:32 UTC] editable roles: um_coproprietaire, um_locataire, um_resident
    [03-Apr-2023 11:59:40 UTC] editable roles: um_coproprietaire, um_locataire, um_resident

    The problem is still present. The hook might have resolved some problems but not this one :

    1. I use a profile form that uses the pre-defined field ‘Role (dropdown)’
    2. The field ‘Can user edit this field?’ is NOT checked as I don’t want users to edit their own roles
    3. The role field is visible and not editable when the user is editing their own profile (as you would expect)
    4. Editing the users profile page as Admin, the role field is editable. (as you would expect)
    5. When changing the users role and saving the profile, the role reverts to its original value. (not helpful)

    If I check the ‘Can user edit this field?’ checkbox:
    The result is that both user and admin can change the role. (but this is not the behaviour that I want).

    BTW that was working prior to the security patch.

Viewing 15 replies - 1 through 15 (of 23 total)
  • The topic ‘Bug : Role change in profile form by administrator’ is closed to new replies.