• Resolved Atdhe Boshnjaku

    (@atdheboshnjaku)


    Hi there,

    I have read a previous topic where @nlmosler explains that he does use Elementor and ACF with Client Portal. I was able to also do this based on his advise by first enabling Private pages to be edited with Elementor and then I created a template that is specifically for Private pages only.

    But my issue is that, while it all works just fine and each user can see their own content which is created for them, I am also able to view other clients info created using the ACF plugin so for example if I am assigned this url:

    https://website.com/private-page/john

    and when I visit this page, I can see all the ACF fields that were assigned to John (their project name ex: weby1) however if while I am logged in or not for that matter if I simply visit another private page assigned to someone else like:

    https://website.com/private-page/doe

    I can then see their assigned ACF fields (their project name ex: appy1), does anyone have any idea how I can prevent these ACF fields from being visible to only logged in users and only show fields that are related to that logged in user. Thank you.

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author Georgian Cocora

    (@raster02)

    Hello @atdheboshnjaku,

    I think this doesn’t work because we only restrict what the user sees using the standard WP filter the_content.

    In your case, your content is probably not outputted through this filter so it is not restricted.

    Since you don’t write a PHP template, I guess the best approach would be to redirect users from someone else’s private page.

    You can use the WordPress template_redirect action to achieve this. Get the global post, check that it’s a private page, check that the user is logged in and redirect him away if he is not the author of that post.

    Regards.

    Thread Starter Atdhe Boshnjaku

    (@atdheboshnjaku)

    Hello @raster02,

    So I am trying your suggestion to the best of my knowledge and this is what I am placing in the functions.php of my child theme:

    add_action( 'template_redirect', 'redirect_non_permitted_users' );
    
    function redirect_non_permitted_users () {
        
    	if ( is_singular( 'private-page' ) || is_post_type_archive( 'private-page' ) ) {
    		
            $userID = get_current_user_id();
    		global $post;
    		$authorID = absint($post->post_author);
    
    		if( $userID !== $authorID && ! is_user_logged_in() ){
    			wp_redirect('https://website.com/dashboard/');
    			exit;
    		}
                
        }
    	
    }

    But it has no effect, any chance that I am missing something, thank you for your help.

    • This reply was modified 2 years, 6 months ago by Atdhe Boshnjaku. Reason: didnt make the code part an actual code
    Plugin Author Georgian Cocora

    (@raster02)

    @atdheboshnjaku

    This should work, admins bypass the redirect:

    add_action( 'template_redirect', 'redirect_non_permitted_users' );
    function redirect_non_permitted_users () {
        
        if( current_user_can( 'manage_options' ) )
            return;
    
        global $post;
    
        if( !empty( $post->post_type ) && $post->post_type == 'private-page' ){
    
            if( is_user_logged_in() && !empty( $post->post_author ) && get_current_user_id() == $post->post_author )
                return;
    
            wp_redirect('https://website.com/dashboard/');
            exit;
    
        }
    	
    }

    We are also going to add a setting to enable such a redirect in the future.

    Regards.

    Thread Starter Atdhe Boshnjaku

    (@atdheboshnjaku)

    @raster02 Thank you, this works like a charm. You saved me from having to use a plugin to achieve this 🙌

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Client Portal with Elementor and ACF’ is closed to new replies.