Minimum Roles not working

WordPress prefers using capabilities for strict checking of who can do what. But roles are a lot friendlier. However, sometimes there can be a gap in between how you have your users’ capabilities defined and who can actually see what menu item.

Does your level 2 user have a level 1 capability? The plugin will check current_user_can( "level-2" ). Again that’s not as clear cut as current_user_can( "manage_options" ). But because we’re checking the role name, NMR has no way to know that Level 2 is an extension of Level 1 unless you give Level 2 an explicit capability named the same as the level 1 role. (I think that’s true anyway!)

The plugin is s2member pro. (membership plugin)

It sets membership levels from 1-4 (can actually go up to 100 if you want but only using the default 4).

Level 4 is the highest level. They can access 1,2,3, or 4.
Level 3 can access 1,2,3, but not 4.
Etc.

So we prompt for upgrades when attempting to access higher levels.

There are also shortcodes you can use to show specific content to someone on a specific level.

It has a bunch of shortcodes like “current_user_can

The best example I can show you is here:

https://s2member.com/kb-article/s2if-simple-shortcode-conditionals/

So right now, level 4 (highest level) is not seeing menu items that are set for level 2.

That membership plugin is new to me. Does it create global roles? (I’m assuming yes since it sounds like they appear in the menu UI?)

For other membership plugins, I have had to build a bridge plugin… for example:
https://github.com/helgatheviking/nav-menu-roles-woocommerce-memberships

This gives a lot more control as it allows us to use the Membership plugin’s own logic for deciding who can see items.

I don’t think their shortcode logic is well-suited there, but hopefully if those shortcodes resolve to some template tags in the background… those might work.

• This reply was modified 4 years ago by HelgaTheViking.

The thing is it worked for years. I installed both plugins 4 or 5 years ago. We adandoned the project and have just revived it.

At least on my side, the “how” NMR determines who can/cannot see menu items hasn’t changed in 3 years. current_user_can( $role ) may go all the way back to the initial release.

Anything changed on the membership side? Are you using any caching?

Nothing change. Yes, I use cache.

this may or may not be anything, but I am looking at a user role plugin. Below are the roles show in your plugin menu settings.

Administrator
Editor
Author
Contributor
Subscriber
Classifieds Moderator
Store Locator Manager
Follow-Up Emails Manager
Customer
Shop manager
Student
Instructor
s2Member Level 1
s2Member Level 2
s2Member Level 3
s2Member Level 4`

A plugin called User Role Editor does NOT show “Subscriber”. Subcriber is replaced by s2Member Level 1.

Can that be anything?

If you use caching, that’s almost assuredly the explanation. The site is serving a cached version of the page and so the user setting on the menu item is out of date. I’ve never been able to figure out a way to make the menu update from behind caching.

The User Role subscriber issue is probably unrelated.

I disabled the cache. Didn’t help.

Unfortunately this no longer works for us. I’ll just have to show all the menu items and let s2member protect the content.

It makes no sense that Level3 or Level 4 cannot see menus set for Level1

Thanks anyway.

Well unfortunately, I’m stumped. The capability check I run hasn’t changed. I’m not at all familiar with that plugin… has anything possibly changed about how the capabilities are assigned to each role?

Nothing has changed.

Level 1-4 equates to something like

Bronze / Silver / Gold / Platinum

The pages have a level of protection by s2member. Maybe there’s a conflict somewhere. Above my pay grade.

I took the liberty of installing s2 member. I could not explain why it used to work, but it does very clearly look like the level 1 “role” is not given as a level 2 capability. Now there’s a capability in common…. called access_s2member_level1. Remember I said that capabilities are way more reliable, so for memberships this makes sense. But Nav Menu Roles is checking the role. The roles are s2member_level1 and s2member_level2, etc. These are the default roles I got when I installed.

So while I could propose some commissioned work to produce some capability code, I think you may be able to resolve it by using a Role Editor plugin (I use Members) to add s2member_level1 as a custom capability to the s2member_level2 role… and so on and so forth for all the roles.

Effectively you will introduce a capability that has the same name as the role and that should be more compatible with NMR.

See this screenshot where I’ve added the level 1 role as a capability for level 2: https://share.getcloudapp.com/L1uNjbAr

There should be very little impact outside of the menu as the caps won’t be used anywhere else.

Hope that works!

“I took the liberty of installing s2 member.”

You didn’t need my permission ??

Perhaps s2member works differenly. Normally, users that can access level 2 have no problem asscessing content for level 1. However it’s done with shortcodes.

Since you installed it, you can look at s2member / api scripting

or take a look here

https://s2member.com/kb-article/s2if-simple-shortcode-conditionals/

s2member does have it’s own alternate view protection for members. Your plugin adds some more flexibility.

So I guess I’ll just stick with s2member’s own protection rather than play around with it’s core.

I appreciate the support anyway.

• This reply was modified 4 years ago by pwizard.

The shortcode is listed as

[s2If current_user_can(access_s2member_level1)]

I am going to guess that resolves to current_user_can('access_s2member_level1') . access_s2member_level1 is the capability shared by level 1 and level 2 roles. A level 2 member s2member_level2 has the access_s2member_level1 capability so current_user_can('access_s2member_level1') will be true and they will get the level 1 content access from the s2 plugin.

But NMR saves the role names which is different from the capability name. so when NMR checks current_user_can($role) it can’t know about any shared capabilities because it’s only looking at the role name.

For Level 1 members NMR will look for: current_user_can('s2member_level1')…. a condition that will be false for a level 2 member since s2member_level1 is a role name, not yet a capability. That is why I am encouraging you to use a role editor plugin and add the lower role names as capabilities for the higher level roles.

I have a plugin called USER ROLE EDITOR

I am looking at the core. I click s2member level 1

Boxes are checked for access to level 1 and level 0

If I click level 3, it shows levels 0 through 3.

I may be talking above my knowledge, but it looks like it’s already there.

access_s2member_level1 and s2member_level1 are not the same. The capability for each role appears to be prefixed with access_. This is a critical distinction for NMR because NMR is checking roles and has absolutely no idea which capabilities you’ve assigned.

Like you, I also see User Role Editor showing Level 2 has capabilities for
access_s2member_level0
access_s2member_level1
access_s2member_level2

https://share.getcloudapp.com/qGuXmm5k

That’s what I’d expect given how the s2 plugin appears to operate. But since NMR is checking if current_user_can('s2member_level1') (note the lack of access_ prefix because that’s the role name) and s2member_level1 is not listed in the screenshot as a capability for that role… NMR doesn’t know the user has access.

Please try to add a custom capability:
https://share.getcloudapp.com/xQunXXjO

For the level 2 user shown in the screenshot, the custom capability will be s2member_level1. You’ll need to repeat the pattern of adding the role names as custom capabilities for the other roles.

Alternatively, now that we know there appears to be a pattern to how s2 prefixes it’s capabilities, we can write a custom snippet that will take the role NMR is checking for and instead check for the relevant capability. I only did a very quick test, but this does seem to work, and it would mean you don’t have to manipulate the roles.

You can add this plugin as a site-specific plugin or as a code snippet via the Code Snippets plugin:

/**
 * s2 Member plugin prefix capabilities with <code>access_</code>
 * s2 member roles are "s2member_level1" but their related capability is "access_s2member_level1"
 *
 * @param bool $visible
 * @param object $item The menu item object. Nav Menu Roles adds its info to $item->roles
 * @return boolean
 */
function kia_s2_nav_menu_roles_item_visibility( $visible, $item ) {

  if( ! $visible && isset( $item->roles ) && is_array( $item->roles ) ) {

        // Only need to look through the selected roles.
        foreach( $item->roles as $role ) {

            // Test if the current user has the specific plan capability.
            if ( current_user_can( 'access_' . $role ) ) {
                $visible = true;
                break;
            }
            
        }

    }

    return $visible;

}
add_filter( 'nav_menu_roles_item_visibility', 'kia_s2_nav_menu_roles_item_visibility', 10, 2 );

`

Please test thoroughly before using in production.

• This reply was modified 4 years ago by HelgaTheViking.