Pods Access Rights – Admin only notice – ‘Pods single item’ block

  • Resolved rico34

    (@rico34)


    7 months, 3 weeks ago

    Hi,

    just trying out Pods for the first time and have some issues with the access rights.

    I just did a fresh installation of WordPress 6.4.3. without any other plugins installed. The theme ‘twenty twenty-four’ is activated without any additional configurations. So everything is fresh and vanilla.

    1. I create a new ‘Custom Settings Page’.
    2. I add a field of type ‘Plain text’. Besides the name, I don’t set any other options for this field.
    3. I create a simple template where I just put in my field from my created settings page: {@my_test}
    4. I save an publish that template.
    5. Now I go to ‘Pages’ create a new page and add a ‘Pods single item’. In the ‘Block’-options i set the pod name to my Custom Settings Page and under template I chose my Pods template.
    6. It shows the notice: ‘Pods Access Rights: Admin-only Notice’ -> The content below is not public and may… etc.
    7. So I look at the access rights. For the access rights I tried out every option. But basically it should work if I set the following (if I understood it correctly):
      – ‘Dynamic Features’ -> ‘Enable Dynamic Features including Pods Shortcodes, Blocks, and Widgets for this content type’
      – ‘Restrict Dynamic Features’ -> ‘Unrestricted – Do not check for access rights for embedded content (only use this if you trust ALL users who have access to create content)’

      Under Review Access Rights for Pods the following shows up for my Custom Settings Page:
      ‘Content Privacy’ is showing as ‘Public;
      ‘Allow Dynamic Features’ is ‘Enabled’;
      ‘Restricted Dynamic Features’ is ‘Unrestricted’;

      Under ‘Pods Admin’ > ‘Settings’:
      – ‘Dynamic Features’ is set to ‘Enable Dynamic Features including Pods Shortcodes, Blocks, and Widgets’
      – ‘Dynamic Features to Enable’ -> ‘Display’, ‘Form’ and ‘View’ are activated

    I am not able to get it to work and show my simple template. It just shows the ‘Pod Access Rights: Admin-only Notice’.

    Am I missing something in the procedure or is there a bug?

    For now I just tried it out with the standard WordPress Pages and Blocks. I am going to try it with Elementor now.

    Kind regards
    rico34

Viewing 2 replies - 1 through 2 (of 2 total)
  • Thread Starter rico34

    (@rico34)

    I just noticed something weird that makes the whole thing work with my previous created page and ‘Pods single item’-block.

    On the page where I inserted the ‘Pods single item’-block under this blocks options on the right panel, initially I left the ‘SLUG OR ID’ field empty. Now when I put in anything random like ‘asdf123’ the content shows up.

    Is this supposed to work like that? What’s the purpose of the block-options-field ‘SLUG OR ID’ if I can put any random stuff in there?

    Kind regards
    rico34

    Plugin Support Paul Clark

    (@pdclark)

    The missing detail is likely the note under the Access Rights tab on the Custom Settings Pod:

    Capabilities preview
    Below is a list of capabilities that a user will normally need for this content.

    Read capability: manage_options
    Edit capability: manage_options

    The challenge is that WordPress by default does not have read_options and write_options capabilities, but only manage_options, so to avoid security issues, Pods defaults to using manage_options to read a Setting in a Block context, which is accessible to non-administrators.

    This causes some disconnect, as some options should perhaps be readable to users who cannot write them, but WordPress / MySQL do not have row-level permissions at the database level like systems such as PostgreSQL, MS SQL, or Oracle. The consequence is that permission to read specific options is typically done per-use-case at the PHP level.

    The quickest workaround is to enable access to your desired option/setting via a shortcode, then enable shortcodes in Pods templates:

    define( 'PODS_SHORTCODE_ALLOW_EVALUATE_TAGS', true );

    …in wp-config.php

    Then, in a theme functions.php or plugin:

    <?php
add_shortcode(
    'foobarbaz',
    function( $attrs = [], $content = '', $tagname ) {
        return get_option( 'foo_bar', 'baz' );
    }
);

    …where the shortcode here would be [foobarbaz], the name of the Pods Setting Page is foo, and the name of the field on that settings page is bar.

    So the name of the option is the settings page name and the field name separated by an underscore.

    If the setting has no value, get_option() will return the second argument, in this case 'baz', but could also be an empty string, '' meaning display nothing if there is no value set.

    So in this example [foobarbaz] will output baz or whatever is input into the field bar on Settings Page foo.

    Variations on this approach within a Pods template context might include using a magic tag helper function, for example {@user.ID,fu_means_good_luck}, where fu_means_good_luck is the name of a function which takes the current user’s ID as an argument, then might return any value based on a global setting, that user’s profile, or a mixture of these, such as lucky number for Tuesday:

    function fu_means_good_luck( $user_id = 0 ) {
    return sprintf(
        'Your %s number for %s is %d.',
        get_option( 'foo_kind_of_number', 'lucky' ),
        date( 'l' ),
        intval( $user_id * 3.14 * rand( 112, 358 ) )
    );
}

    …where the above example would output “Your lucky number for Tuesday is X.”

    If nothing is set in field kind_of_number on settings page foo, or awesome instead of lucky if that is typed into the field.

    If the current day of the week is Tuesday, it will say that, and the lucky number X will be the user’s ID times 3.14 times a random number between 112 and 358.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Pods Access Rights – Admin only notice – ‘Pods single item’ block’ is closed to new replies.