Thank you for your kind words.
It is correct that this is not possible, but it is an interesting idea, and while I think it is too “niche” to implement in core, I do see it as an extension to the plugin.
Should the temporary links be time constrained/somehow expire?
Can you tell me more about your use case, so I can understand how you were thinking of using a system like this.
Thread Starter
maero
(@maero)
My idea would be for these links to somehow overrule the access levels. In other words, each level has access to some post category, requiring the users to be registered.
Sometimes it would be useful for me to share a single post with someone, without the need to register. Additionally, these links should expire after X days (just like Dropbox does).
Did I explained myself clearly?
Thank you very much
Yes it makes sense. I have not used Dropbox for a while though.
There is already a filter in the plugin you can use to “override” restrictions. Currently the filter is used to make administrators have access to everything regardless of Access Levels.
So what needs to be done is:
1. Add a generator that creates a token with an expiration date for the page.
2. When visiting the special link, check if that token is present and valid.
Step 2 would be something like this:
add_filter('rua/user/global-access', function($has_access,$user){
$token = isset($_GET["token"]) ? $_GET["token"] : null;
if($token) {
$has_access = is_token_valid($token,get_the_ID());
}
return $has_access;
});
A drawback is that this would not work for archive pages.
Thread Starter
maero
(@maero)
I’ve been busy taking care of all the rest so I didn’t get to try this earlier.
The aim is to only use this for posts, so not a problem of not working with archive pages.
I was getting “Missing argument 2 for RUA_Level_Manager::{closure}()” so I removed $user of the header. This is ok, right?
It seems to be working, but I’ll test it more.
Thanks a lot!
Great that you have a solution. If you want to share it and see if it can be part of the plugin, you can make a pull request at https://github.com/intoxstudio/restrict-user-access (or just paste the code here).
You can safely remove the $user argument if you don’t need it. The error is that in the example I forgot to tell the filter that it takes 2 arguments instead of 1.
add_filter('rua/user/global-access', function($has_access,$user){
...
},10,2);
Thread Starter
maero
(@maero)
Hi,
Currently I’m not working on the plugin, as I’m now finishing the website. WP_List_Table inside a metabox have been giving me problems (I’ve already overridden the display_tablenav() but there are more issues), so right now I’m using a ugly fix. I’ll look into your code, as you also use this class.
After finishing the website, I’ll make this code better, with comments, remove deprecated stuff, prettier as this is the first time I’m coding in PHP.
https://github.com/miguel-r/wp-temporary-link
I’ll give you updates later.
Thanks a lot!
Thread Starter
maero
(@maero)
One more question. Is it possible to make this but instead of giving global access (like admins), giving the same privileges as an access level? Let’s say that in a post I have:
[restrict level="some-group"]Lorem ipsum dolor[/restrict]
[restrict role="administrator"]text only for admins[/restrict]
With the current solution, someone using the token will have access to both, correct? I would like them only to have access to what “some-group” has.
Thanks,
Awesome, I will keep an eye on the project.
A note about coding for WordPress is that it is mostly procedural and doesn’t really follow a MV* pattern. I try to use OOP as much as possible in my own projects, but mostly use classes for encapsulation and scaffolding.
For your other question, yes, with the current solution the content in both of those shortcodes will be displayed. To avoid this, the token could be generated as a hash of a value that contains a role, a level etc. Or, in your table of tokens, for each of them you could add “metadata” that could be a level, a role etc.
Of course both solutions will add some complexity.
Thread Starter
maero
(@maero)
Hi,
Thanks for the advice, I was using OOP until I had the issue with the WP List Table, then it started to turn ugly with lots of code being copied, etc.
Your idea was the same as I had, but it is feasibly with only this filter? In that function, I can check which is the user (and check if it is admin or not), but how to check what level/role is on the shortcode tag that is issuing the function call?
Thanks,
I think you are right that that filter is not enough for that use case. I will think about how to make the shortcode more flexible, if you have any suggestions, please let me know.
