Community Support Forums

OK I dont know what happened but a new user to my site Linkamotion.com claims he can see all the posts other users are adding.

My test user is not seeing this but I used his password and user name and there are everyones articles.

I need help as to how I can block this. I am using a capabilities manager but this was never an issue before.

I also update WP with the latest update today

Not sure why my tester user cant see it and he can. I did manually add this guy...but would that have anything to do with it?

Thanks
Vince

Hi Vince.

What role did you set this user to? Is that the same role your test account has? Did you edit that role's capabilities?

same as the test account they are a s2member level1

So I was able to ask the users to sign up using the normal process and he can still see all the posts from other users but my test user can not have the same results produced.

Hmm... I got what you say, but they have to be different in some way, otherwise the access would be the same.

Have you tried creating a new test account and see how that one's access is?

Please post here a screenshot of your WP Admin -> s2Member -> Restriction Options page with all the panels expanded.

Are you using s2Member's custom capabilities to restrict access?

Hey Christian,

Thanks for the reply. OK so I added a new user using the backend options and BAM there are all those posts that users should not see.

In the capabilities manager I am using I have only ADD POSTS, EDIT POSTS, DELETE POSTS, AND READ.

All these capabilities need to be active in order for users to add content and view their own posts.

I did look at the S2member capabilities manage and here is what I see

Posts That Require Level #0 Or Higher:

Post IDs in comma-delimited format. Example: 1,2,3,34,8,21 — or you can type: all.
Posts That Require Level #1 Or Higher:

THIS IS AT ALL SETTING

Post IDs in comma-delimited format. Example: 1,2,3,34,8,21 — or you can type: all.
Posts That Require Level #2 Or Higher:

This is at ALL setting

Post IDs in comma-delimited format. Example: 1,2,3,34,8,21 — or you can type: all.
Posts That Require Level #3 Or Higher:

Post IDs in comma-delimited format. Example: 1,2,3,34,8,21 — or you can type: all.
Posts That Require Highest Level #4:

Post IDs in comma-delimited format. Example: 1,2,3,34,8,21 — or you can type: all.


I tried changing the settings in the Capabilities manager but it is still the same result. I will take a guess and say that many people can see posts that are not there own.

Any ideas....I think we can run off the idea that everyone can see the posts that are added so what can I do to remove this view but leave the ability for users to add posts in the standard WP back area?

Hey

Just wanted to let you know...users cant access the posts in the post list. It just shows the user and article title and article status.

I still want to remove this view so users can only see their posts and not everyone elses. I am wondering if it is related to a recent WP update?

Talk to you soon
Vince

Thanks for the follow-up.

Sorry, but this really goes outside of s2Member's intended functionality. I've seen several site owners make attempts at using s2Member for back-end permissions with some success, but we really don't support that functionality.

That being said, this sounds like the way it's always been to me, as far as I can remember. You might try removing the delete_posts Capability. It's one of those extra Capabilities that you've assigned which is causing WordPress to display everyone's posts in the list. I say 'display', because I believe it's NOT possible for them to actually edit others posts unless they have the Capability: edit_others_posts

Reference article:
http://codex.wordpress.org/Roles_and_Capabilities

I have tested the same thing and noticed that every user can see others post titles and also may click to display them if there is no other plugin installed. Moreover, nobody can edit others posts. It seems that you should somehow hide the links that refer to show all posts link in the back-end.

Of course, I am also intressted if there are other ways to solve this issue, just to prevent it to be too crowded for each user in the back-end. My site is public with a few restricted pages.

My problem, in the otherthand, is how to allow sebscribers in level 1 or above to add/edit their own posts. In my installation, when a member is registered through s2Member registration form has no access to add/edit posts. However, I selected to redirect Members away from the Default Profile Panel to have a theme look in the backend. Unfortunately, it seems I get another problem to deal with

My question is if there is any feature in s2Member that allows assignment of each user level to any of the wordpress default roles? This could be a pactical feature if implemented.

Appreciate if you share your experience.

My question is if there is any feature in s2Member that allows assignment of each user level to any of the wordpress default roles? This could be a pactical feature if implemented.

s2Member Roles ( aka: Levels ) are associated with Capabilities:

access_s2member_level0
access_s2member_level1
access_s2member_level2
access_s2member_level3
access_s2member_level4

and so on, up to the number of Levels you've configured.

In cases where you want to hack other Roles and grant them permissions normally assigned by s2Member, I recommend this plugin: http://wordpress.org/extend/plugins/user-role-editor/