RocketGeek

Home of WP-Members, The Original WordPress Membership Plugin

Home » Actions » Restrict content by user level

Restrict content by user level

· ·

I have written code snippets before on how to restrict content by user level, but that particular code snippet is based on using categories as the user levels, with higher level users still being able to access lower level content. For example, Silver, Gold, and Platinum level users having access or not to categories of the same name.

But what if you have content that you need to block by level that is not necessarily in a category?  Or what if you are using pages that need the same level of restriction.

Here is a code snippet that will allow you to assign a “level” to any content – post or page, and then assign a user level for the users.  This example provides a working code snippet for applying a series of progressive levels (higher level users have access to lower level content).  The example begins with three generically named levels, these can be renamed and expanded or contracted as needed.

This article is only available to WP-Members Support Subscribers. If you have an existing subscription, please login below. If you do not have a current support subscription, you can purchase a support subscription here.

Already a Member? Log In Here
   
Forgot password? Click here to reset

To gain full access to WP-Members premium content, a current support subscription is required. You can purchase an annual support subscription for as little as $59, which provides you with access to priority support, a customer support forum, access to code snippets, and more.

Why wait? Choose your subscription option here.

[Why join?]

Welcome to RocketGeek Interactive Forums Restrict content by user level

Viewing 18 reply threads
  • Author
    Posts
    • May 16, 2014 at 2:09 pm #4891
      Chad Butler
      Keymaster

      I have written code snippets before on how to restrict content by user level, but that particular code snippet is based on restricting specific catego
      [See the full post at: Restrict content by user level]

    • June 12, 2014 at 3:03 pm #5102
      dougbrandt
      Participant

      Does this snippet only allow, then, for two levels of access? If we want three, I can obviously add those levels in the drop-down registration menu, but would I simply add those options under lines 9 and 10 above? And then would I copy and insert additional instances of lines 48-51 for each level of access?

      • June 13, 2014 at 12:55 am #5106
        Chad Butler
        Keymaster

        Yes – with the exception that in 48-51 you would need to change the code logic from a ternary operator so that you don’t return there. Basically, that should probably become a switch or if statement.

        I should probably re-work the code snippet so it’s a little more dynamic and can be extended to unlimited levels – that would make it easier and more extensible.

        • June 13, 2014 at 2:53 pm #5110
          Chad Butler
          Keymaster

          Hi Doug – on your suggestion, I have made this code and example a little more generic and flexible. Now all of the settings are handled in the settings array, so you can add/subtract levels accordingly (as well as rename them) – as long as that matches what you do with the user level setting field that you create as well.

          I’ve updated the post content to reflect this information. Hopefully, this will be (1) clear, and (2) useful/useable.

    • June 17, 2014 at 1:14 pm #5171
      debbiemez
      Participant

      I’ve installed the code and its not working as described.

      I have three levels when I assign a user to level 3 (highest) and then restrict the page to Level 2 it tells me that I don’t have access. It appears that its blocking on a 1-to-1 match. That my level can only access pages that match my level of access. The page says that I should be as a level 3 user be able to access level 2 and level 1 restricted content.

      • June 17, 2014 at 2:27 pm #5176
        Chad Butler
        Keymaster

        Hi Debbie,

        In reviewing the code trying to figure out how that would be possible, it occurred to me that there was one important element of setting up the array in my_post_access_levels() that I don’t think I was quite clear on, so this could be it.

        Both the user and post access “levels” arrays should be in order from lowest level to highest. If they are highest to lowest, or in random order, the behavior will be different.

    • June 17, 2014 at 6:48 pm #5178
      debbiemez
      Participant

      Chad here’s what I have

      function my_post_access_levels(){
	return array(
		'levels'  => array(
			/**  metavalue => label **/
			'family' => 'Family',
			'investors' => 'Investors',
			'directors' => 'Directors',
		),
		'default' => 'family',
		'user_field' => 'user_level',
		'post_field' => 'post_access',
		'error_msg'  => 'Your account does not have access to this page.'
	);
}

      The accounts are in order with family having the least amount of access, followed by investors and then directors.

      I set up the extra fields like this.

      <---- Select One ---->|,
Family|family,
Investors|investors,
Directors|directors

      I believe I have it setup correctly.

      I copied the code from above into the functions.php Was there something else I needed to do?

    • June 17, 2014 at 6:58 pm #5179
      debbiemez
      Participant

      Did some more testing.

      If I set my account as Director I can’t get to investor information but can get to Director.
      If I set my account as investor I can both areas.

      It appears that the middle level is acting as top level.

      • June 18, 2014 at 2:59 am #5180
        Chad Butler
        Keymaster

        Hi Debbie – I’ll do some testing using your setup and figure out what the issue is.

        • June 18, 2014 at 8:10 am #5183
          debbiemez
          Participant

          Thank you I appreciate the quick response.

          • June 18, 2014 at 11:40 am #5185
            Chad Butler
            Keymaster

            Hi Debbie – I figured it out. I have a flaw in the user level vs post level comparison logic. It’s a very easy fix.

            If you look at line 55 of the original code snippet, it looks like:

            return ( $user_level < $post_access ) ? $error_msg : $content;

            That should have been this:

            return ( $x < $i ) ? $error_msg : $content;

          • June 18, 2014 at 11:53 am #5186
            debbiemez
            Participant

            Chad that fixed the issue. I tested it a few times. Thank you for the quick update. You ROCK!

    • June 18, 2014 at 12:10 pm #5187
      dougbrandt
      Participant

      Your blog entry is updated with all the current code then, correct? So I will scrap what I did and just start from fresh! Thank you so much, to both you and Debbie, for all of this! 🙂

      • June 18, 2014 at 2:33 pm #5189
        Chad Butler
        Keymaster

        You can scrap what you have and start fresh – OR… – it is a very minor edit. It should be clear what you have to change from this post.

    • June 18, 2014 at 12:52 pm #5188
      dougbrandt
      Participant

      Ha… great — new question. How can this be applied to bbPress forums? :-/

      • June 18, 2014 at 2:37 pm #5190
        Chad Butler
        Keymaster

        Unfortunately, at this point, that’s difficult. bbPress has a lot of available hooks and data, but not a lot of actual documentation to go with it (yet). So working with bbPress on customizing things is a lot of testing and hit-or-miss ideas.

        There is an action in bbPress for loading a forum (can’t recall exactly what that action is), but that may be a point it could be done but I’m not certain.

    • June 20, 2014 at 1:48 pm #5204
      starlight5
      Blocked

      I’m added the code snippet to my functions.php file in a custom template created with a program called Artisteer. I simply inserted it at the bottom of the file, but when attempting to log in to WordPress, I’m receiving the following error:

      Parse error: syntax error, unexpected ‘}’ in /home/starprev/public_html/wp-content/themes/lmyc5/functions.php on line 1

      This is fairly new to me, any help would be appreciated.

      Thanks!
      Sandy

      • June 26, 2014 at 9:39 am #5241
        Chad Butler
        Keymaster

        Hi Sandy – sorry this question slipped past me. Did you work it out?

        If all that you added was at the bottom of the file, I’m not sure what went wrong for you since the error you indicated is at the beginning of the file.

        If you contact me via the contact form on the site, we can open an email support thread so that you can send me your functions.php. It probably is a fairly simple fix.

    • July 17, 2014 at 1:25 pm #5377
      Omarben
      Participant

      This short code should work on a page right?

      [wp-members status=”level1″]

      Restricted content

      [/wp-members]

      • July 17, 2014 at 2:08 pm #5380
        Chad Butler
        Keymaster

        Actually no. If you want a shortcode that displays content based on a custom element such as level, you would need to write a custom shortcode for that. The “status” argument only accepts the values “in”/”out” (logged in or not logged in) and “sub” for subscription content.

    • August 7, 2014 at 2:40 pm #5575
      Shillos
      Blocked

      Hi! I setup everything in this tutorial, I even created 5 user levels in the fields area and added the levels like this:

      function my_post_access_levels(){
	return array(
		'levels'  => array(
			/**  metavalue => label **/
			'level1' => 'Level 1',
			'level2' => 'Level 2',
			'level3' => 'Level 3',
			'level4' => 'Level 4',
			'level5' => 'Level 5',
		),
		'default' => 'level1',
		'user_field' => 'user_level',
		'post_field' => 'post_access',
		'error_msg'  => 'Your account does not have access to this page.'
	);
}

      I hope i’m doing it correct, cos when I set a level in my pages i get a message that i’m restricted and I don’t have access. I’m I doing something wrong?

      Another thing I would like to know if it is possible to set user levels by user role. On my website I have user roles as member, dj, author, moderator and admin and I would like to restrict access to the pages so lower level access can’t see those higher ones, but by using user roles to give my user roles the different level access needed. Like in example member gets the level 1, dj gets level 2, author gets level 3, moderator gets level 4 and admin gets level 5.

      I’m puzzled how to get this done, if this is possible!

      Thanks in advance!
      Nicholas

      • August 7, 2014 at 5:29 pm #5577
        Chad Butler
        Keymaster

        I hope i’m doing it correct, cos when I set a level in my pages i get a message that i’m restricted and I don’t have access. I’m I doing something wrong?

        Verify that you’ve assigned a level to your profile – even for the admin.

        Could you restrict levels based on the user’s role? Yes. However, I’m going to need to think about (and probably test) how you might accomplish that in the scope of this particular code snippet.

        • August 8, 2014 at 1:30 am #5594
          Shillos
          Blocked

          Oh sorry i must have missed that one on your documentation somewhere. I got it fixed on my profile. If there is something with user levels and user roles that would be great! Thanks for the tip!

          • August 8, 2014 at 1:57 pm #5604
            Chad Butler
            Keymaster

            I think that moving from “levels” to “roles” could be done with most of the same code. I believe that making some modifications to the logic in the wpmem_securify filter as follows would do it:

            /** Sets up access restriction by User ID and access level */
add_filter( 'wpmem_securify', 'check_user_access' );
function check_user_access( $content )
{
	// is this content supposed to be blocked
	// and is the user logged in?
	if( is_user_logged_in() && wpmem_block() == true) {

		// get settings
		extract( my_post_access_levels() );

		// we need the user's ID and the $post object
		global $user_ID, $post;

		// get the user's access level
		//$user_level = get_user_meta( $user_ID, $user_field, true );

		// get the post access level
		$post_access = get_post_meta( $post->ID, $post_field, true );

		// evaluate level heirarchy
		$i = array_search( $post_access, array_keys( $levels ) );

		//member gets the level 1, dj gets level 2, author gets level 3, moderator gets level 4 and admin gets level 5.
		// do you have a "member" role? should it be "subscriber"?
		$user_levels = array(
			'level1' => 'subscriber',  
			'level2' => 'dj',
			'level3' => 'author',
			'level4' => 'moderator',
			'level5' => 'administrator'
		);
		
		$user = new WP_User( $user_ID );
		
		$has_access = false;
		if ( !empty( $user->roles ) && is_array( $user->roles ) ) {
			foreach ( $user->roles as $role ) {
				//echo $role;
				$x = array_search( $role,  array_keys( $user_levels ) );
				$has_access = ( $x < $i ) ? $has_access : true;
				if( $has_access ) {
					return $content;
					exit();
				}
			}
		}		

		// if we end up here, the user must not have access
		return $error_msg;
	}

	// return unfiltered content for all other cases
	return $content;
}

            Some notes on this:

            This just replaces the function check_user_access given in the example. You still need most of the other parts of the snippet; although I think you can also get rid of the wpmem_post_register_data action call to set_default_level along with the function set_default_level, since the level is determined by the user role.

            The primary difference is the addition of an array that maps the levels to roles. That way, similar to before, we can do a comparison of where the user falls in the hierarchy and determine access.

            This also changes the comparison logic a little because a user may have more than one role assigned (maybe not in your specific case, but it is a WP possibility). So we need to do comparison for each possible role the user has. If at any time while looping through roles valid access is determined, it returns content and exits. If it loops through and never gets a valid result, an error (no access) message will result.

            Also, you said the lowest role was “member” but I wasn’t sure if you meant “subscriber” (since other than “dj” all the other roles you gave were WP defaults). So I called it “subscriber” but if you really did mean “member” then update the role array ($user_levels) accordingly.

            Lastly, I did not have a chance to set up a test of this, so you’ll need to be the guinea pig, so-to-speak 😉

          • August 10, 2014 at 9:32 am #5612
            Shillos
            Blocked

            Wow! Great thanks for this! Yeah I changed the subscriber to member sounded better and I changed some things inside my role settings to reflect to the site. I will test this on my localhost with ampps its much easier to play around with ampps than with the live site. I’m pretty sure it might work out here and if I do have something to include I will let you know about this! I’m very pleased and hopefully it will work on my side. BIG Thanks! 🙂

    • August 12, 2014 at 3:54 pm #5637
      Jenn
      Participant

      Chad,

      First, love the plugins!

      I’m not to good with code. I have taken your snippet and added up to level 5. When I load the snippet into the functions.php file (paste it after the last line of code) and upload it, it blanks out my site. What am I doing wrong?

      • August 12, 2014 at 4:15 pm #5640
        Chad Butler
        Keymaster

        What you posted looked fine – I didn’t see any glaring issues.

        When you add it to your functions.php… does your functions.php have a closing php delimiter at the end of it? (i.e. “?>”)

        Also, when it blanks things out, do you get a php error message?

        • August 12, 2014 at 4:25 pm #5641
          Jenn
          Participant

          I noticed the original does not have a closing php delimiter. I will add that and see what happens.

          And no error message…it just is a blank white page.

          This is my site: http://www.mhpack11.org/

          • August 12, 2014 at 4:39 pm #5643
            Jenn
            Participant

            No luck! Added the closing php delimiter and it still “whites” out the site.

          • August 12, 2014 at 4:49 pm #5644
            Chad Butler
            Keymaster

            Sorry – I wasn’t suggesting adding the closing delimiter. In fact, there’s really no need for one. But sometimes people end up putting code snippets *after* that (if their functions.php has one) which of course would break things. But – that doesn’t appear to be the issue here anyway.

            I tested out the code you posted as-is on my test site and things worked out fine. So there’s something else going on here – just gotta figure out what it is.

            If you are able to set me up with some login credentials, contact me via the contact form (https://rocketgeek.com/contact) and I’ll take a look at things on the back end. If possible, it would be better if you could also include FTP access so I can back out of things.

    • October 7, 2014 at 5:15 pm #6055
      velock12
      Participant

      Hey Chad,

      Like many other ppl here, I’m not a developer/coder. I’m pretty sure I will have issues with the code however, I don’t even see the functions.php file. Is this supposed to be in the WP-Members Plugin Editor area? O_o

      Lost… Is it renamed in an upgraded version?

      • October 7, 2014 at 10:46 pm #6058
        Chad Butler
        Keymaster

        No problem – that’s not an unusual question at all. The functions.php file is a file you will find in your theme folder.

        • October 8, 2014 at 8:02 am #6061
          Omarben
          Participant

          My functions.php has 2000+ lines of code and my sites would stop dead if I lost this code.
          You will have to save out your functions.php file and update it whenever you update your theme. Consider something like this:

          https://wordpress.org/plugins/functionality/

          https://wordpress.org/support/topic/update-without-losing-design-changes

          I also have a child theme which I recommend too.

          BACKUP your work before trying.

          • October 8, 2014 at 9:37 am #6062
            Chad Butler
            Keymaster

            I also have a child theme which I recommend too.

            BACKUP your work before trying.

            Absolutely! Excellent advice.

            I always recommend working with a child theme for customizations. That allows you to keep things neat and hopefully organized.

            I should also recommend reviewing this post of best practices to velock12 (and anyone else).

            Also, I like to keep things segmented for organization. So I usually keep all of my custom functions specific to WP-Members in a separate functions file and then add a single “include” in the main functions.php. I usually name this “functions-wp-members.php” so (1) I know what it is, and (2) putting “functions” first it ends up next to the functions.php file when viewing the folder.

            Then in functions.php, I add a line like this:

            include_once( 'functions-wp-members.php' );

            I actually do this for other functions as well, so I usually end up with a couple of extra files. But then I have everything logically grouped so I can find it easily later.

            (I do a similar process with stylesheets, too.)

    • November 11, 2014 at 1:22 pm #6384
      andiconti
      Participant

      Hi Chad,

      I also posted on the category one, but this is more of what I’m looking for.
      I’d like to do what I did here: (clientsfirst-tx.com/resources/video-portal)
      I’m using a theme called Kriesi Enfold and they have portfolio elements.

      Only problem is, when I implemented your code, the admin meta block does not display on the portfolio editing section.

      Any help would be greatly appreciated!!

      Thank you,

    • April 29, 2016 at 12:58 pm #10011
      anthonyrusso
      Participant

      How would this work with the code snippet used from this page?

      https://gist.github.com/butlerblog/fb7a11d4695ed4186dc2/

      I have two distinct groups that view content separate from each other, setup using the snippet above

    • September 16, 2016 at 2:30 pm #11329
      bkeller49
      Participant

      I put the code snippet into a core functionality plugin, but when I try to activate the plugin I get this error:

      Parse error: syntax error, unexpected ‘=’, expecting ‘)’ in /home/bobkpxtx/public_html/testbed/wp-content/plugins/core-functionality.php on line 29

      I’ve also tried putting the code directly in my functions.php file and it breaks the site.

      Any Ideas?

      • September 16, 2016 at 3:31 pm #11330
        Chad Butler
        Keymaster

        I’m not seeing where it might break that way as displayed. Did you use it exactly as written or did you apply changes (obviously changes are need to for at least the category slugs). Could you post what you are using with any changes applied?

    • September 16, 2016 at 4:01 pm #11331
      bkeller49
      Participant

      I created user levels in the fields that are the same as the demo “Level 1, Level 2, Level 3” so I didn’t change anything.

      Here’s the whole functionality plugin:

      <?php
/**
 * Plugin Name: Core Functionality
 * Plugin URI: https://github.com/billerickson/Core-Functionality
 * Description: This contains all your site's core functionality so that it is theme independent.
 * Version: 2.0.0
 * Author: Bill Erickson
 * Author URI: http://www.billerickson.net
 *
 * This program is free software; you can redistribute it and/or modify it under the terms of the GNU 
 * General Public License version 2, as published by the Free Software Foundation.  You may NOT assume 
 * that you can use any other version of the GPL.
 *
 * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without 
 * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
 *
 */

/**
 * A simple function to create a settings array
 * for access levels and information.
 */
function my_post_access_levels() {
    return array(
        'levels'  => array(
            /**
             * Set array values as:
             * metavalue => label,
             */
            'level1' => 'Level 1',
            'level2' => 'Level 2',
            'level3' => 'Level 3',
        ),        'default' => 'level1',
        'user_field' => 'user_level',
        'post_field' => 'post_access',
        'error_msg'  => 'Your account does not have access to this page.'
    );
}
 
// No need to change anything after this line.
 
/** 
 * Set the user to the default at registration. 
 */
add_action( 'wpmem_post_register_data', 'set_default_level' );
function set_default_level( $fields ){
    extract( my_post_access_levels() );
    update_user_meta( $fields['ID'], $user_field, $default );
}
 
/** 
 * Sets up access restriction by User ID and access level 
 */
add_filter( 'wpmem_securify', 'check_user_access' );
function check_user_access( $content ) {
 
    // Is the content to be blocked and is the user logged in?
    if ( is_user_logged_in() && wpmem_block() == true ) {
 
        // Get settings.
        extract( my_post_access_levels() );
 
        // We need the user's ID and the $post object.
        global $user_ID, $post;
 
        // Get the user's access level.
        $user_level = get_user_meta( $user_ID, $user_field, true );
 
        // Get the post access level.
        $post_access = get_post_meta( $post->ID, $post_field, true );
 
        // Evaluate level hierarchy.
        $i = array_search( $post_access, array_keys( $levels ) );
        $x = array_search( $user_level,  array_keys( $levels ) );
 
        // If the user level is less than post level, return
        // error message. otherwise return $content.
        return ( $x < $i ) ? $error_msg : $content;
    }
 
    // Return unfiltered content for all other cases.
    return $content;
}
 
/** Admin panel elements */
 
/** 
 * Add dropdown to post and page meta box for marking level.
 */
add_action( 'wpmem_admin_after_block_meta', 'my_add_post_level', 10, 2 );
function my_add_post_level( $post, $block ) {
 
    // Get the settings.
    extract( my_post_access_levels() );
 
    // Get the current access setting, if any.
    $post_access = get_post_meta( $post->ID, $post_field, true );
 
    // Create dropdown selector of users for access.
    echo '<label>Limit access to: </label>
        <select name="post_access">
            <option value="">Select User Level</option>';
    foreach ( $levels as $meta => $label ) {
        $selected = ( $meta == $post_access ) ? 'selected' : '';
        echo "<option value=\"$meta\" $selected>$label</option>";
    }
    echo '</select>';
}
 
/** 
 * Save custom post meta for user ID access.
 */
add_action('wpmem_admin_block_meta_save','my_add_post_level_save',10,3);
function my_add_post_level_save( $post, $block, $unblock ) {
 
    extract( my_post_access_levels() );
    if ( isset( $_POST[$post_field] ) ) {
        // If a user ID is passed to limit access, save it.
        update_post_meta( $post->ID, $post_field, $_POST[$post_field] );
    } else {
        // If no user ID is passed to limit access, delete any meta.
        delete_post_meta( $post->ID, $post_field );
    }
}
      • September 16, 2016 at 4:25 pm #11332
        Chad Butler
        Keymaster

        What you have there is actually fine. I dropped it into my IDE and it doesn’t show any errors.

        I saved it to my dev site and it activated just fine.

        It could be an issue with encoding after FTP transfer (assuming you’re using FTP to load it to the site). But whatever it is, it doesn’t appear to be an issue with the code (at least as you have it pasted here)

        The line number you indicated as an error (29) is the area of this comment:

        /**
  * Set array values as:
  * metavalue => label,
  */

        So perhaps just take that out. Maybe something is getting messed up when it’s transferred and the comment block is getting mishandled. Since it’s just a comment, you could take it out.

    • September 17, 2016 at 9:28 am #11333
      bkeller49
      Participant

      Well this is bizarre. I’ve used FTP to transfer the file, I’ve created a blank file and copied and pasted the code into it through cpanel, I’ve tried it on another test site that’s locally hosted, all with the same results. I’ve tried it with and without the comment.

      I’ve tried code from other tutorials here, and they work. I’m not sure what to try next, but I will probably try another approach to creating multiple access levels, like by user group or category. They seem to work fine.

      Thanks for your help.

      • September 17, 2016 at 11:07 am #11334
        Chad Butler
        Keymaster

        Sorry I don’t have a better answer. It is somewhat boggling since as I mentioned, I loaded exactly what you have there and things worked a-ok.

        The error message displayed does not appear to be anything that would be something in conflict either. It’s a straight syntax error – and that’s what’s strange – I don’t see any syntax problems in the code (nor does the IDE I dropped it into). Syntax checks out. Also the encoding looks to be OK.

        So I’m equally perplexed.

        When you tried it without the comment, did you get exactly the same syntax error?

    • September 17, 2016 at 5:20 pm #11335
      bkeller49
      Participant

      I was using Sublime Text, which is fairly new to me, for editing. So on a wild guess I pasted the code in this thread into Coda and then copied it to the file on the site. Now it works.

      • September 17, 2016 at 6:25 pm #11336
        Chad Butler
        Keymaster

        Ahhh… it must have been text encoding then. Glad you got it working.

    • August 18, 2019 at 3:29 pm #19215
      shmuel grinshtein
      Member

      Not working for me

      🙁

  • Author
    Posts
Viewing 18 reply threads
  • You must be logged in to reply to this topic.

Ready to get started?

Join Today!