search

aamplugin / advanced-access-manager

WordPress Advanced Access Manager Plugin
Other
31 stars 14 forks source link

Edge-Case: Incorrectly determined post visibility #277

Closed aamplugin closed 1 year ago

aamplugin commented 1 year ago

Feedback from user:

Basically, we have the following setup:

User A: role_a
User B: role_b
User C: role_a and role_b

Page 1: cat-a page-category restricted by default, allowed for role_a
Page 2: cat-b page-category restricted by default, allowed for role_b
Page 3: cat-a, cat-b page-category restricted by default, allowed for role_a and role_b

On these pages we see the desired behavior, and this works with the following settings:

User A: can access page 1, page 3
User B: can access page 2, page 3
User C: can access page 1, 2, 3

Settings:
; Manage access preference to the Backend Menu
core.settings.menu.merge.preference = "deny"
; Manage access preference to the Top Admin Toolbar
core.settings.toolbar.merge.preference = "deny"
; Manage access preference to the Metaboxes & Widgets
core.settings.metabox.merge.preference = "allow"
; Manage access preference to posts, pages, media and any custom post type
core.settings.post.merge.preference = "allow"
; Manage access preference to hierarchical terms (categories)
core.settings.term.merge.preference = "allow"
; Manage access preference to any post type like Posts, Pages, Products etc
core.settings.type.merge.preference = "allow"
; Manage access preference to any taxonomy object
core.settings.taxonomy.merge.preference = "allow"
; Manage access preference to URI Access
core.settings.uri.merge.preference = "allow"

But categories within Posts, are not working in the same way.

Post 1: cat-a post-category restricted by default, allowed for role_a
Post 2: cat-b post-category restricted by default, allowed for role_b
Post 3: cat-a, cat-b post-category restricted by default, allowed for role_a and role_b

User A: can access post 1 only, but not post 3, here we expect post 3 as well
User B: can access post 2, but not post 3, here we expect post 3 as well
User C: can access only post 3, but not 1 and 2, here we expect all posts

Because we use categories, we expected the same behavior, but categories within posts are different. Is there a ConfigPress setting to make them behave the same? If we setup the access rights directly on the individual post, we get the expected behavior.