hube2 / acf-user-role-field-setting Goto Github PK

Add an update value check on all fields to prevent users that should not be able to edit a field from making modifications to a field by modifying the html/form on a page.

Look into what would be needed to add tab field support where removing a tab would remove all fields in that tab. I'm not sure that this is even possible due to the way that ACF creates tabs and I'm pretty sure that the $_POST input checking of fields in tabs will be impossible. But I want to look into it and see what I can do.

I'm not sure if I'm not reading the capability of the plugin correctly so this may not actually be an issue at all...

I have set a field within a group to be visible to Administrators only. This is working well.

However, I would like the value to be output via the theme regardless of user role. Does this plugin allow this?

I keep seeing the following error in my logs:

Trying to access array offset on value of type bool
plugins/user-role-field-setting-for-acf/acf-user-role-field-setting.php:47

Is it possible to extend this plugin to make certain fields Read Only for certain user roles? I only want Admin to edit them, but other roles should be at least be able to view them.

Sub fields are not updated correctly when they cannot be edited. If the order of sub fields is altered then values are not updated correctly. Rows retains previous value for the row.

I'm not at all sure I can correct this, at least no easily.

Reported here: https://support.advancedcustomfields.com/forums/topic/acf-user-role-field-value-not-moving-with-row/

Version 2.1.1 of your plugin, v5.5.3 of ACF
Your nag box appears, but I cannot find the new field setting user role for all field types.

Reported here https://wordpress.org/support/topic/v-2-1-10-bug/

ACF adds a filter that let's you remove fields, see this page https://www.advancedcustomfields.com/resources/adding-custom-settings-fields/

Using this will be a cleaner way to remove the fields than the current filter that I'm using.

Needs to be updated when 5.5 is released.

@Hube2
I modeled a custom field for statuses based off your field. Works halfway and was wondering if you wouldn't mind having a looksy?

https://github.com/elliotcondon/acf/issues/755

Something to think about. Setting to say to convert field value to a message field instead of removing it.
https://wordpress.org/support/topic/allow-to-view-but-can-not-edit/

On the following line:

Instead of using the /(\[[^\]]+\])/ rule, it should instead use the /(\[[^\]]+\])$/ rule (see the $ added at the end of the rule), since we want to catch the last part of the key.

This is why it's not possible to delete a repeater row when a condition based on the user role is set, but not met, for any field inside the repeater. Actually, the issue is probably happening with any kind of fields that can be nested, as I was able to trigger it with repeater fields, group fields, flexible content fields...

Currently, if a field in a repeater or group has the following name for example: acf[field_5a8c41e66619b][field_5b15bcb222e40] . With the current rule, it'll use [field_5a8c41e66619b] (which is the key for the repeater/group field) when creating the hidden acf_deleted input. Which means the whole repeater/group will be fetched when saving the post, and any deleted field in the repeater/group will be overridden with the value we've just deleted.

However, if we use the rule I'm suggesting, the match will instead be [field_5b15bcb222e40], which is the right key to use when calling the get_removed method.

Try it:

1. With the plugin activated, create a group field.
2. Inside that group, create a repeater.
3. Then in the repeater, add a file field.
4. Then, add a second field to the group (or the repeater), and apply a user role condition. Choose a condition that you won't be able to met (ex: you must be editor but you're author), or else the issue won't happen.
5. Now, go edit the post to which the fields you've just created are mapped. Create 3 or 4 rows and add files to each rows. Then, save.
6. Once the post has been saved, try to delete one of the row, and then save again. If a condition wasn't met for any field inside the group or repeater, then the row won't be deleted since its value will be overridden by the get_removed method.

Now, do the same with the rule I've suggested. It should work!

Hope it helps!

could be coool ;)

Reported here https://wordpress.org/support/topic/not-working-in-acf-5-6-0/

Role options not appearing

Invalid argument supplied for foreach() in .../acf-user-role-field-setting/acf-user-role-field-setting.php on line 146

probably caused by repeater with not subfields

When this plugin is active, the user is unable to delete the last row of a repeater field.

Lastest version of PRO ACF installed.

Yes, checked with vanilla setup … no other plugins except ACF PRO and Twenty Seventeen theme. Same result.

Thank you for your attention.

I noticed this issue today where some hidden fields were corrupted when saving the post. These fields are text fields that included double quotes in them. For example:

<rect x="13.2695" y="1397.12732" width="101.28678" height="140.37125"/>

This was cropped to <rect x=" when a user that had this field hidden saved the post. In addition, they'd see this:

Looks like double quotes within a hidden field are not being escaped correctly, or something along those lines.

This is on WP version 5.5.3, ACF Pro version 5.9.3 , ACF User Role Field Setting 3.0.2.

If a field is required and the user has no access rights for this field, the validation will show an error, that an update is required on this field when you try to publish.

Example: User role is "Contributor", while the field has only access for e.g. Administrator will fire this message

ACF User Role Field Setting Version 3.0.1
Advanced Custom Fields PRO Version 5.8.3