Support » Plugin: Video Gallery - YouTube Gallery » Only admins can post with plugin active

  • Resolved gresakg

    (@gresakg)


    Users with editor privileges complained to me, that they can’t post after I have installed the plugin.
    During troubleshooting I indeed noticed, that if I disable the plugin. Editors can normaly post.
    I think this is a bug.

Viewing 15 replies - 1 through 15 (of 18 total)
  • Plugin Author totalsoft

    (@totalsoft)

    Hello Dear gresakg.

    Thank You for contacting with us and for telling us about the problem.

    Please can you give us a link where we could look at the problem or can tell from which plugins comes this problem?

    Thank You.

    The problem is in the administration area and I can’t give you any access. But I can list you the plugins installed, so you can try to recreate the problem in your own environement.

    | admin-post-navigation | active | none | 2.1 |
    | akismet | active | none | 4.1 |
    | classic-editor | active | none | 1.3 |
    | cloudflare | active | none | 3.3.2 |
    | contact-form-7 | active | none | 5.1.1 |
    | gallery-videos | active | none | 1.3.7 |
    | health-check | inactive | none | 1.2.4 |
    | nginx-helper | active | none | 2.0.1 |
    | onepress-plus | active | none | 2.1.4 |
    | post-type-switcher | active | none | 3.1.0 |
    | save-contact-form-7 | active | none | 2.0 |
    | simple-lightbox | active | none | 2.7.0 |
    | svg-support | active | none | 2.3.15 |
    | tinymce-advanced | active | none | 5.0.0 |
    | w3-total-cache | active | none | 0.9.7 |
    | widget-options | active | none | 3.7.2 |
    | wordfence | active | none | 7.1.20 |
    | wp-mail-smtp | active | none | 1.4.1 |
    | wordpress-seo | active | none | 9.4 |

    The theme I use is OnePress
    https://wordpress.org/themes/onepress/

    Thanks for your help and best regards.
    Greg

    Plugin Author totalsoft

    (@totalsoft)

    Dear gresakg.

    You do not need to give us access. And we do not have the right to do so. We just wanted a link where we could see our plugin. To see the problem. Thank you for telling us what plugins are you using. Our team will take a look and will tell you soon. Please wait for our reply.

    Thank You.

    Plugin Author totalsoft

    (@totalsoft)

    Dear gresakg.

    To solve your problem, please edit the index.php file of our plugin. Please find this code:

    echo $context;

    There, change and write like this

    if(current_user_can(‘manage_options’))
    {
    echo $context;
    }

    Please try this version and tell us know, does it work or not? If yes, We will add this function in the next version.

    Thank You.

    Hi,
    the plugin is on this page
    http://zasrce.si
    And it’s activated. Please let me know as soon as you finish analyzing the situation, because I need to deactivate it or else the editor can’t post or edit.
    Thanks for your help, G.

    Hi,
    I just applied your patch but it doesn’t work. The button for inserting the gallery disappears, but the editor remains unaccessible.
    If I disable the classic editor plugin, i get access denied on the entire edit page.

    Plugin Author totalsoft

    (@totalsoft)

    Dear gresakg.

    Did you try to change what we told you?

    You can leave a message. But users cannot, did We understand you correctly, yes?

    Thank You.

    • This reply was modified 1 year, 9 months ago by totalsoft.

    I as administrator have no problems at all.
    But if I log in as an editor, and try to add a new post or edit one, the post opens but the editor (Classic Editor plugin) is without the toolbar (tinymce) and the textarea is unaccessible (the tab swich between text-mode and the rich content mode is also unaccessible).
    If I disable the plugin Classic Editor the whole page returns Access Denied.

    Screenshots
    https://i.imgur.com/AcPOoiP.png
    https://i.imgur.com/WEyaDuW.png

    Thanks!

    P.S. The patch was applied, please see two posts above. Thanks!

    Plugin Author totalsoft

    (@totalsoft)

    Dear gresakg.

    Please , can you take a screenshot and send it to us? I want to see where do you made the changes and do you correctly put the code there that I have sent you.

    Pretty sure I have. I am a dev myself 🙂

    https://i.imgur.com/VWOekh0.png

    Regards, G.

    Plugin Author totalsoft

    (@totalsoft)

    Dear gresakg.

    Please edit the Total-Soft-Gallery-Video-New.php file of our plugin. Please find this code:

    if(!current_user_can(‘manage_options’))
    {
    die(‘Access Denied’);
    }

    And delete that code

    Please try this version and tell us know, does it work or not?

    Thank You.

    I commented it out. Sorry to say it didn’t work. The behavior didn’t change a bit. However, I did this to help you a bit. It looks like your script loves to die 😉

    $ grep -r Denied .
    ./Includes/Total-Soft-Pricing.php:		die('Access Denied');
    ./Includes/Total-Soft-Gallery-Video-Install.php:	// 	die('Access Denied');
    ./Includes/Total-Soft-Products.php:		die('Access Denied');
    ./Includes/Total-Soft-Gallery-Video-Settings.php:		die('Access Denied');
    ./Includes/Total-Soft-Gallery-Video-New.php:		die('Access Denied');
    ./Includes/Total-Soft-Gallery-Video-Media.php:		die('Access Denied');

    Thanks for your patience. G.

    Plugin Author totalsoft

    (@totalsoft)

    Dear gresakg.

    Please, can you also delete the code from this file Total-Soft-Gallery-Video-Media.php?

    if(!current_user_can(‘manage_options’))
    {
    die(‘Access Denied’);
    }

    Thank You.

    Happy to say you nailed it this time 🙂

    I suggest that you review the way you are managing acl in this plugin and make it a bit more sophisticated. You could actually use the function current_user_can() to check if the user is allowed to use the gallery, and this should be true for any user that can handle media, not just for people allowed to manage options, which are typically only admins.

    Also, plugins should never die. You can’t just abort the whole wordpress, because your plugin doesn’t like something. You should find a way to abort only your plugins functionality in such cases, and give the user an appropriate feedback.

    Anyway, thank you for your help and happy coding.
    Greg

Viewing 15 replies - 1 through 15 (of 18 total)
  • The topic ‘Only admins can post with plugin active’ is closed to new replies.