Community Support Forums

[Liz Ness]

BACKGROUND: I require level 1 access for a category called Premium. And, when a non-member or Level 0 tries to access the category they can't and are redirected to the Membership Options page -- just as I expect.

ISSUE: If a Level 0 knows my posts have multiple categories and tries other categories -- categories without Level 1 restrictions, they can access the Premium post -- even though they are not Level 1. Likewise, if they were to select the category from a post that was a Level 0 post to see all of the posts in that category, they'd see my Premium (Level 1) content, too.

EXAMPLE: Let's say there's a post called 10 Minute Design TV and it has two categories: Premium and video. Because there is a Level 1 category listed (e.g., Premium), I'd expect the Level 0 (or less) user to be redirected to the Membership Options page -- whether or not they reached the post via the following example URLS:
-localhost/category/premium -- restricted
-localhost/category/video -- not restricted

I can work around this, but I suspect this isn't the intended behavior of the feature and thought you'd like to know about it...

Thanks for everything you've already done -- I LOVE your software/plug-in!

[Jason Caldwell]

Hi Liz. Thanks for the excellent question.
~ and for the kudos!

Actually, this is the intended behavior. However, I completely understand your frustration over this. We will continue to work toward improving this. One such improvement that is currently in an experimental phase, is the new Alternative View Protection, under s2Member -> General Options ( v3.2.4+ ).

Alternative View Protection: s2Member protects Categories, Tags, Posts, Pages, Files, URIs & more. BUT, even with all of those security restrictions, it's still possible for protected content excerpts to be seen through XML feeds, in search results generated by WordPress®; and/or ( depending on your theme ), possibly in other Archive views; which might include: Posts by Author, Posts by Date, a list of featured items formulated by your theme, OR even through other widgets/plugins adding functionality to your site. ~ We refer to all of these collectively, as "Alternative Views".

Now, let me try to clarify the issue, and provide you with some alternatives.

The issue that you're seeing, is actually related to Alternative Views. If a Post is assigned to multiple Categories ( some protected, some not ), then here is what happens:

In this example, we'll assume that Category ( premium ) requires Level #1 access.
- and Category ( free ), only requires Level #0 access ( i.e. available to Free Subscribers ).

• So if you navigate to the category ( premium ) as a Level #0 Member,
  you are denied access to the archive and to all Posts in that archive - good.
  ( this automatically includes all sub-Categories as well; also good )
  
• If you navigate to the category ( free ) as a Level #0 Member,
  you are granted access to that archive, and to all Posts in that archive - good.
  
• If you navigate to the category ( free ) as a Level #0 Member, and there are Posts in that Category that are ALSO in the ( premium ) category, then a Level #0 Member will see excerpts of them in the archive view because they DO have access to the ( free ) category. However, the actual Permalink ( i.e. the full content ) IS still protected, because the Post itself is also in a protected category they do NOT have access to ( i.e. the premium category )
  - good, but not ideal under certain circumstances.

So on this last point, the important thing to realize here is that the problem is actually larger that just the category itself. This actually has to do with the way in which WordPress® pulls excerpts into various archive views, featured lists , etc ( depending on your theme ).
Collectively referred to as "Alternative Views".

Based on feedback, we've found that most site owners prefer this behavior, because they like to have "teasers" displayed throughout their site, and so long as the Permalinks are always protected correctly, then all is good in the world. However, in some cases ( such as yours ), this behavior is not desirable.

So here some possible solutions that I can offer you at present ( v3.2.4 )

1. Modify the structure of your site so that protected content is only assigned to one category, or at least to one set of categories that is being protected at a specific Level. ~ In other words, don't assign multiple protected categories ( protected at different Levels ) to one Post.

----- OR -------------------------------------------------

2. Enable s2Member's Alternative View Protection, at the highest setting:
Set it to: Yes ( filter ALL ) This will give you the desired effect. However, it will also prevent excerpts of protected content from being visible anywhere on your site.

----- OR -------------------------------------------------

3. Integrate s2Member's Query Conditionals into your theme.
You will find full documentation on these in your Dashboard, under:
s2Member -> API Scripting -> Advanced Query Conditionals

Code: Select all

while(have_posts(): the_post();
    if(is_permitted_by_s2member (get_the_ID(), "singular"))
       // display
    else continue; // bypass
endwhile;
 

This gives you complete control, when/where it is required in your theme.

----- OR -------------------------------------------------

4. Integrate s2Member's Query Filters into your theme. ( on-demand )
You will find full documentation on these in your Dashboard, under:
s2Member -> API Scripting -> Advanced Query Conditionals

Code: Select all


global $query_string;
attach_s2member_query_filters();
/* Now re-query -> */ query_posts($query_string);

while (have_posts()): the_post();
     ... something, something
endwhile;

wp_reset_query();
detach_s2member_query_filters();
  

Also gives you complete control, when/where it is required in your theme.

[Liz Ness]

This is awesome! Thanks so much for your GREAT reply. I'm still learning and I love the detail. Helps so much!

Just as an FYI (might be useful for others), I've utilized the restriction feature in an interesting way...
I've restricted a tag called premium (and, of course, the Alternative View option set to YES) and restricted the category via a URI (e.g., localhost.../category/premium-2 and premium-2 to cover all the bases), leaving Category Access Restrictions out of it all together. It's working great -- a perfect solution. And now, I understand why.

YOU TOTALLY ROCK Jason!

Thanks again for clarifying how it all works and for this amazing tool. I can't believe how much this tool has helped -- on so many levels: AWESOME support, AWESOME documentation, AWESOME logic, AWESOME all the way around!

Liz

[Jason Caldwell]

You too Liz! ~ Thanks for your review of s2Member.
~ Much appreciated.