Community Support Forums

[gvdsleen]

HI all, am struggling a bit. Have a community where registered users (level 0) can access specific content. They should be able to update their profile but should not be able to view members directory. Members directoryaccessible from level 1 and up.

Have added:
URI restriction level 1
/groups
/activity
/forums
/friends

This works fine.

Adding for level 1 also works:
/members/%%current_user_login%%/friends/
/members/%%current_user_login%%/activity/friends/
/members/%%current_user_login%%/activity/groups/
/members/%%current_user_login%%/groups/
/members/%%current_user_login%%/messages/

/community/members (access to member directory from webpage, also works fine)

HOWEVER:
If somebody would guess the buddypress members directory page at www.mysite.com/members this is open to all!

adding /members to level 0 prevents open access
adding /members to level 1 makes the profile page not accessible for level 0 (has members in the URI).

What am I doing wrong, how2solve??

[nhsatomom]

I have an interest in this as well...

[gvdsleen]

Answer from pcwriter over at BuddyPress: http://buddypress.org/community/groups/how-to-and-troubleshooting/forum/topic/how-to-make-pages-like-groups-forums-members-and-updates-only-accessible-to-members/?topic_page=2&num=15

Once BP1.3 is released, this issue should be resolved as it will use WP pages for components. You will then be able to use s2member’s page access restrictions for components like Members. In the meantime, you can protect any component directory from unauthorized member levels by editing its index.php template.

Add the following just after the opening <div class="padder"> tag:

<?php if (current_user_can("access_s2member_level1")){ ?>

Then add this just before the corresponding closing </div> tag:

<?php } else { ?>
You could add a message here for users who do not have the right access level.
<?php } ?>

See the “s2member” > “API/Scripting” section for more examples of how to customize the restriction or display of specific content.

For me, this file was in: mytheme/members/ and the tag was not padder. But hey, it worked fine.

[nhsatomom]

Hey there, @gvdsleen - thanks for this, looks promising. I'm not sure what file I'm supposed to be putting that code in, though. I have no members folder in my theme folder (am not using a BP theme). Any idea?

[nhsatomom]

Well, I finally found a /members/ folder in GenesisConnect, a plugin created to make Genesis themes compatible with BuddyPress. But when I added this code, it didn't prevent my test user (my dog) from viewing other members in her group (the group is for level1 subscribers):

<?php if (current_user_can("access_s2member_level4")){ ?>
<?php } else { ?>Sorry, this is unavailable to you.
<?php } ?>

Hmm. Anyone have any ideas?

[gvdsleen]

You did put the second part (lines 2+3) at the end of the page code? The part you want to hide must be in between the first line and the other 2.

Second, what do you mean by viewin members in her group? How does the test user have access to the members? I blocked the members listing page totally from level 0 users.