Support » Plugin: Advanced Access Manager » Plus Package > Allow by term

  • Resolved wittich

    (@wittich)


    Hi Vasyl,

    I have an issue with the Plus Package ability to set statements for a specific term. Basically, I restrict to list and edit any post and set then the resource to allow, which works perfect for the listing option but fails for the edit capability of the user.

    {
        "Statement": [
            {
                "Action": "List",
                "Condition": {
                    "Equals": {
                        "(*boolean)${CALLBACK.is_admin}": true
                    }
                },
                "Effect": "deny",
                "Resource": "PostType:post:posts"
            },
            {
                "Effect": "deny",
                "Resource": [
                    "PostType:post:posts:Edit",
                    "PostType:post:posts:Delete",
                    "PostType:post:posts:Publish"
                ]
            },
            {
                "Action": "List",
                "Effect": "allow",
                "Resource": "PostType:post:term:department:test:posts"
            },
            {
                "Effect": "allow",
                "Resource": [
                    "PostType:post:term:department:test:posts:Edit",
                    "PostType:post:term:department:test:posts:Delete",
                    "PostType:post:term:department:test:posts:Publish"
                ]
            }
        ]
    }

    The part which doesn’t work is:

            {
                "Effect": "allow",
                "Resource": [
                    "PostType:post:term:department:test:posts:Edit",
                    "PostType:post:term:department:test:posts:Delete",
                    "PostType:post:term:department:test:posts:Publish"
                ]
            }

    It seems like it has no effect.

    Is this a bug or am I doing something wrong?

    Best regards,
    Valentin

    • This topic was modified 9 months, 3 weeks ago by wittich.
    • This topic was modified 9 months, 3 weeks ago by wittich.
Viewing 4 replies - 1 through 4 (of 4 total)
  • i want to do same for my dental health blog. i don’t know how to do this. please help!

    Plugin Author Vasyl Martyniuk

    (@vasyltech)

    Hi @wittich,

    There are two fundamental problems with your setup that less likely you would be aware of.

    So, PostType:post:term:department:test:posts:Edit is NOT a fully supported AAM resource is because technically speaking, “term” or even a “taxonomy” lives independently from “post type”. That is why, the complex inheritance mechanism that AAM has, does not consider this path as valid path. I really do not want to overwhelm you with all the technical constrains and why things are this way. So for future, if you need to target posts that are attached to certain term, then use resource like Term:department:test:posts:Edit instead.

    The second fundamental problem is with posts belonging to multiple terms. My best guess is that ALL the posts that belong to the custom terms (with “Department” taxonomy) ALSO belong to at least “Uncategorized” term OR, possible even more terms. AAM, by default, when tries to resolve the access settings merging conflicts, will honor “denied” preference. Because, you’ve defined default access settings for all posts with resources like PostType:post:posts:Edit, ALL the terms and taxonomies that are associated with the post type “Post”, will inherit these settings. That is why, EVEN IF you explicitly allow certain actions for “Department” terms, because your posts may belong to multiple other terms, AAM will honor the “denied” preference. To override this behavior, go to AAM Settings page and on the ConfigPress tab enter the following configuration:

    
    [aam]
    core.settings.term.merge.preference = "allow"
    

    This configuration tells AAM to explicitly allowed actions if AT LEAST one term states so.

    Give a shot. It should work as I’ve just tested in on my local setup and it did the magic.

    Regards,
    Vasyl

    Plugin Author Vasyl Martyniuk

    (@vasyltech)

    @wittich, actually, you may discard the first “fundamental problem”. I’ve rushed to explain the reason without checking the latest state of the implementation.

    You may keep the policy as is and ONLY update your ConfigPress with mentioned above configuration. That should do the difference.

    Thread Starter wittich

    (@wittich)

    Hello @vasyltech ,

    thanks for advices and testing, it works like a charm! The ConfigPress setting did the magic, but also the basic background of the hierarchy of post types and terms helped!

    Keep up the good work, regards
    Valentin

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Plus Package > Allow by term’ is closed to new replies.