Support » Plugin: Role Scoper » Role Scoper vs Search Engines BUG

  • Hi
    f.o.a. great plugin probably the best i found for wordpress letting the administrator take control of everything in the site.
    But i found a really big BUG, if a user use the search engine all the restricctions are not kept. so any idea how to solve it, i mean, avoiding users to read some post if they are not in the adequate group whether or not they are using the search engine?

Viewing 15 replies - 1 through 15 (of 16 total)
  • Plugin Author Kevin Behrens


    doiches indicated that this is a conflict with “Search Unleashed” and/or “Another Searcher”

    I am not familiar with those plugins, but have developed support for Relevanssi.

    Yes after trying relevanssii this problem is fixed.
    Now i am facing this:
    * 2 users admin and editor
    * The admin user can see post whith the category confidential and the other categories, so i restrict the access to its category just for the wp-administrator
    * others categories can be assigned to a post for both admin and editor, so in the other categories restriction both users are assigned.
    PROBLEM!!!::: editor can read the post marked as confidential (via category)
    WHYYYY??? it is supposed to be blocked cause there is one category which restricts.
    any help plz

    Plugin Author Kevin Behrens


    Role Scoper is designed to grant access if the user is unrestricted in *any* post category. The plugin has worked this way since its inception and will not be changed. You can define a custom taxonomy “Confidentiality” and use that to assign a “Confidential” term instead.

    FYI, the Press Permit plugin works on the “post is restricted if any category is restricted” model.

    SO the RS plugin has not the option to configure the categories in such way to block access restricting the post through the categories.
    I was trying to find the press permit but not found in the site just to try if it accomplish what i am looking for
    i am trying to find another solution so could you explain how does it work with the private postS???

    Plugin Author Kevin Behrens


    Yes, Role Scoper has the option to block access based on categories, but not in the way you are looking for.

    If you need “category 1 restricted” + “category 2 unrestricted” = “post restricted”, it will have to be with a different plugin.

    Tnx a lot,now peferct clear
    but the question is what plugin can do that (cat1 restricted + cat2 unrestricted = post restricted)??? Tryed to download the press permit but not found a demo even.
    if there was no one then possibilities i am trying, so if would be great if u give me your point of view
    1.- publish the post they should be restricted as private. would the RS restrict the access?
    2.- create a new role between admin and editorm kinda pseudo-admin, letting the user with this new role to view that kind of post. does the rs accomplish it?
    3.- the option i think the best, change the query in the query-interceptor.php, but not sure which php files are also involved in the restrictions even with the relevanssi search. So if you could list me the files to change the restrictions.
    Thanks for the help.

    BTW is not supposed when someone restrict a category and not the other ones in the post the post SHOULD be restricted? Answering your example : If you need “category 1 restricted” + “category 2 unrestricted” = “post restricted”, it will have to be with a different plugin.
    It is unlogical because it is really easy to understand and intuitive that if a category is restricted it should be over the allowed categories, that is the meaning nad purpose of restrict something isn’t it?
    if as u said, ur plugin does not follow that goal, then there is not much sense in letting administrator to work with restrcitions and roles dont you think?

    does anybody know which function is the one used by the metabox readers in the editing post to restrict access to post readers (just to restrict it to wveryone)?

    I mean is there any web where the functions the role scoper used are documentated kinda wordpress does??
    it is quite hard to read code and code without any help

    Is there any web where the functions the role scoper used are documentated kinda wordpress does??
    it is quite hard to read code and code without any help cause i am trying to “solve” the problem my site has with the read permissions, adding automatically by code in wp-admin/post.php file the reader restrictions if the desired category (the one which restricts) is selected.
    So i am looking for the functions the metaboxes, added by the role scoper when adding or editing a new post, uses to add there, but no luck.
    Help plz it is my fourth hour keeping searching just a call (just to automatically keep checked the restriction in the readers box and in the editing box, assigning just one author group.

    Plugin Author Kevin Behrens


    I’m not going to provide any free advice on hacking Role Scoper.

    As I said before, you have two options:

    • create a custom taxonomy and assign a restricted term in that taxonomy
    • use a different plugin, which is designed to work in the way which seems logical and intuitive to you

    Ok let me then explain some points i think you should consider if you are going to keep working on this plugin as u wrote in agapetry web site, the same where you sold the press permit:
    1.- It is suppose to be free source code, so it should be anywhere, as in any platform, ANY kinda documentation, at least a list of functions (name, goal of the function, parameters) It is typical in Java, php,… I think you even erase it in the source code, dont you? just this plugin keep crossing php and query calls through php files and several folders, being really easy to get lost. So i have clear it is impossible to keep in mind every call it is doing. Just read the terms the GPL LICENSE under your plugin is found, just the first line. It is allow to redistribute and modify it. And there it is more than suggest a documentation should appear.
    2.- The more we talk, the more i have the feeling that the purpose of this plugin is just to promote te press permit. If i do not bought your press permit, it is because i cannot check if the plugin does what i am looking for. Not even a try or demo. Believe me when i write that 40 bucks is nohing, I’d rather paying than keeping two weeks digging into source code. I do not know if you were looking for beneficts when you released this plugin (before “capitalism” come through).I think it is respectable, but unethical in open source code. I read yesterday again the promotional comment of your plugin and th huge expectation, making possible to deploy 7 or 8 plugins just with your one.
    3.- Going bakc to category grant access? So have you ever found the situation you related in any application, program, or just anything in real life? if a have 50 categories in the same level and two users, the first one has access only to 1 category and the second one to the 50 categories, BOTH have the same access because the user 1 has access to ONE category!!!???? So restriction should be wether all categories or noone then!!!! Are the restriction not considered??? Until you dont show me a real example, i keep in my mind, as i think most of people, restrictions are always over permissions. Keep reading please.
    4.- HACKING!!!!!?????? easy words to avoid any qualificated help besides the one of how to configure the plug. GPL license again. Let me remind you the problem. Do you really think it is hacking!!?????
    Problem: In a custom post type (there were NOT any difference if we were talking abaout post):
    – Two users with the role as contributor having permissions to be authors, so as you know in Restrictions->Categories the five levels are restricted for every single category.
    After that, in the Roles->Categories in the Author checkbox for each category the user with permission is selected.
    Then we have
    Cat1 (in the author Custom post type checkbox)
    Sub_cat1.1 ———- User1
    Sub_cat1.2 ———- User1 and User2
    Sub_cat1.3 ———- User1 and User2
    Sub_cat2.1 ———- User1 and User2
    Sub_cat2.2 ———- User1 and User2

    So as you know User 1 and User2 have access to the same posts!!!! even when only sub_cat1.1 is checked!!!!!!! UNLOGICAL whatever you said. i cannot believe you agree with it.

    5.- Solution:
    Mark each single post to be restricted, selecting the readers and the authors. So if the specific category is selected, readers should be restricted and none allowed to read. Besides authors should be restricted and only the User1 autorized. It can be done via admin and the metaboxes in the add/edit window. Now it is done automatically re-using YOUR function insert-role-restriction. My pain is the lack of documentation. Now to finish i am trying to remove the restrictions saved in the DB.

    i am not looking for any argue, just i try to understand why the most powerfurl plugin i am using has a black hole, and instead of keeping improving this, and all your plugins….

    Plugin Author Kevin Behrens



    I have a real world example for you which could be implemented with Role Scoper, such as it is. Imagine a website devoted to expert commentary on the benefits and perils of large-scale plugin development. Some of the categories are:

    • candle-both-ends
    • opportunity-cost
    • support-liability
    • thanks-but
    • freshmeat
    • corporate-loss-leader

    Due to the informative and candid nature of the writing, many readers contribute an annual fee commensurate with the value they derive from it. These payments make the project a self-funded, sustainable and ongoing development – to the benefit of all stakeholders. At registration, the new member may subscribe to any number of categories, with a monthly fee per category. Published posts are sometimes associated with more than one category. Whenever a post is published, the member can read it if any of his or her categories are assigned.

    This solution is implemented by restricting the Post Reader role by default for all categories. Members receive a Post Reader role assignment in the categories which they have subscribed to.

    Now imagine that guest developers are invited to contribute and review content, but only in certain categories. They are all given a WordPress role of Editor. candle-both-ends is unrestricted, meaning any editor can post to the category or edit existing posts in it. Since they all have something to say on this topic, they will retain the editing capability regardless of what other categories the post may be related to. But all editing roles are restricted for all other categories. Each developer will be assigned a role of Post Editor within the category which they are most passionate or concerned about.

    Plugin Author Kevin Behrens


    Is Role Scoper’s Category Restrictions functionality well documented? yes, in the Usage Guide which is linked from the plugin description.

    If I could go back to 2008, would I implement category restrictions the same way? no

    Is the current implementation still useful to thousands of sites? yes

    Would lots of those existing sites break if I suddenly changed the implementation now? yes

    Would that be a simple change in the RS code, which I am only withholding due to sinister profit motives? no

    Would lots of people get confused (or even angry) if I somehow hacked in the option to change how restrictions work? most certainly

    Given that my ambitious plugin projects over the last four years have left little time for consulting (and therefore little money for home acquisition, medical insurance or other “capitalistic” activities), would I nevertheless go back in time and pour even more time into those projects? no

    Am I just a slick self-promoter after all? obviously not

    Am I making an honest and forthright effort to continue supporting Role Scoper and Revisionary while pushing time and income in a physically and financially sustainable direction? yes

    Have I developed a new solution which builds on Role Scoper’s strengths while eliminating many shortcomings? yes

    Do my past activities with Role Scoper mean I am morally obligated to develop, distribute and support Press Permit without fee? no

    the example you described still not solving the question showed in the scene i showed you … Still talking only about restrictions (Restrictions->Categories) not the Roles->Categories “situation” and what about if you configured the access to a member just to candle-both-ends and another one just to freshmeat ; u make it so because u are interestd in keeping separated and blocked the access to earch other contents… you know both would have access (at least readable) to the same amount of post if those posts have both categories checked (as example, Categories of the new post candle-both-ends and freshmeat), making not possible to block both blocks of information to each other.
    So i beg you to test your sentence cause is trueWhenever a post is published, the member can read it if any of his or her categories are assigned but with the scene i am coming up with you are concious it is impossible to block contents and that is the key because is where all my prob was located. How to solve it, already found it and at the end of the post.
    But keep in the discussion (not argue plz kevin do not forget it). After checking the plug i understand it is really hard to change it, it is your idea and phylosopy, more than respectable because it WORKS and it is good, but as i said still not understand WHY if you are the only one who has total control the code you didnt give me a hand or even a CLUE just to solve the problem and save a couple of weeks of reading code.

Viewing 15 replies - 1 through 15 (of 16 total)
  • The topic ‘Role Scoper vs Search Engines BUG’ is closed to new replies.