I am trying to restrict my users (in this case Contributors) to be able to manage only their one personal NextGEN gallery. I do not want them to be faced with options that they do not need to bother with.
Part of this is to change the standard Admin>Gallery>Manage Gallery link so that it links directly to the user's Gallery view rather than going to the Galleries view where the user finds and clicks their gallery to go to the single Gallery view. In other words, I want to cut out the middle man and all the unnecessary options (Bulk actions, Add new gallery) on the Galleries view.
I have had a go at changing the link found in nextgen-gallery/admin/admin.php:
add_submenu_page( NGGFOLDER , __('Manage Gallery', 'nggallery'), __('Manage Gallery', 'nggallery'), 'NextGEN Manage gallery', 'nggallery-manage-gallery', array (&$this, 'show_menu'));
by adapting the link in manage-galleries.php:
<a href="<?php echo wp_nonce_url( $ngg->manage_page->base_page . '&mode=edit&gid=' . $gid, 'ngg_editgallery')?>" class='edit' title="<?php _e('Edit'); ?>" >
and come up with this:
if (!current_user_can('publish_posts') ) {
global $current_user, $wpdb;
get_currentuserinfo();
$user_gallery = $wpdb->get_var( $wpdb->prepare( "SELECT gid FROM wp_ngg_gallery WHERE name = %s", $current_user->user_login ) );
add_submenu_page( NGGFOLDER , __('Manage Gallery', 'nggallery'), __('Manage Gallery', 'nggallery'), 'NextGEN Manage gallery', wp_nonce_url( 'nggallery-manage-gallery&mode=edit&gid=' . $user_gallery, 'ngg_editgallery'), array (&$this, 'show_menu'));
}
I have obviously added a conditional to serve the link only to Contributors and a database query to add the relevant gallery id.
But it does not work when I test it as a Contributor. Although the URL it generates <em>looks</em> about right (eg .../wp-admin/admin.php?page=nggallery-manage-gallery&mode=edit&gid=2&_wpnonce=3f4a3b0ef4), it gives a "You do not have sufficient permissions to access this page." message.
I can paste that URL in when logged in as an Administrator and it works, but not as a Contributor.
How can it be done?
Dbranes answers:
You could try to add the 'NextGEN Manage others gallery' capability or/and the 'NextGEN Manage gallery' capability
to the 'contributor' role, via
add_action('generate_rewrite_rules','change_contributor_cap');
function change_contributor_cap(){
$role = get_role('contributor');
$role->add_cap( 'NextGEN Manage gallery');
$role->add_cap( 'NextGEN Manage others gallery');
}
(i.e. I'm using the 'generate_rewrite_rules' action, so you only have to run the code when you save permalinks)
ps: In the file
/admin/admin.php
you got this
add_submenu_page( NGGFOLDER , __('Manage Gallery', 'nggallery'), __('Manage Gallery', 'nggallery'), 'NextGEN Manage gallery', 'nggallery-manage-gallery', array (&$this, 'show_menu'));
so the contributor needs the capability 'NextGEN Manage gallery' to view it
In the files
/admin/manage-galleries.php
/admin/manage-images.php
you got few code lines that include
if (nggAdmin::can_manage_this_gallery($gallery->author)) {
and this function is defined in
/admin/function.php
as
function can_manage_this_gallery($check_ID) {
global $user_ID, $wp_roles;
if ( !current_user_can('NextGEN Manage others gallery') ) {
// get the current user ID
get_currentuserinfo();
if ( $user_ID != $check_ID)
return false;
}
return true;
}
so you need the 'NextGEN Manage others gallery' capability there.
houfton comments:
I tried adding your change_contributor_cap function to my functions.php but it did not help.
I think I understand what you are saying about the can_manage_this_gallery function but it seems to me that it does allow a user without the 'NextGEN Manage others gallery' capability so long as the user ID ($user_ID) and gallery author id ($check_ID) are the same, which they should be, eg:
in wp_users, ID = 8
in wp_ngg_gallery, gid=49, author = 8.
In any case I have tried changing the NextGEN Gallery Roles to allow Contributors to 'Manage others gallery' but it does not help either.
Dbranes comments:
this seems to be working on my setup, I log in as a contributor and can edit the gallery.
Looks like this:
http://i.imgur.com/RuhSA.jpg
you could try this action instead
add_action('init','change_contributor_cap');
and reload twice and then remove it.
Dbranes comments:
When I display the capabilities of the contributor role
$role = get_role('contributor');
echo "<pre>";
print_r($role);
echo "</pre>";
I get this
WP_Role Object
(
[name] => contributor
[capabilities] => Array
(
[edit_posts] => 1
[read] => 1
[level_1] => 1
[level_0] => 1
[delete_posts] => 1
[NextGEN Manage gallery] => 1
[NextGEN Manage others gallery] => 1
)
)
are your capabilities maybe different?
houfton comments:
I used your script, thanks for that, but the Roles are the same:
`WP_Role Object
(
[name] => contributor
[capabilities] => Array
(
[edit_posts] => 1
[read] => 1
[level_1] => 1
[level_0] => 1
[delete_posts] => 1
[NextGEN Manage gallery] => 1
[NextGEN Manage others gallery] => 1
)
)`
I did have `[NextGEN Upload images] => 1` as well, but turning it off did not help.
To be clear, did you get to the screen you show in http://i.imgur.com/RuhSA.jpg in one click from the Gallery menu (Gallery>Manage Gallery>Citigo gallery) or two (Gallery>Manage Gallery>Citigo gallery title>Citigo gallery)?
Dbranes comments:
yes in two clicks from the gallery menu.
Here is how it works on my install (wp 3.4.2 + ngg 1.9.6) for different nextgen-capabilites for the contributor user.
a) <em>No nextgen-capabilites:</em>
I can't access
/wp-admin/admin.php?page=nggallery-manage-gallery
I get the message
You do not have sufficient permissions to access this page.
Can't access
/wp-admin/admin.php?page=nggallery-manage-gallery&mode=edit&gid=1&_wpnonce=316a56bf7b
I get the message
You do not have sufficient permissions to access this page.
b) <em>Only 'NextGEN Manage gallery' nextgen-capability and gallery is owned by contributor:</em>
I can access:
/wp-admin/admin.php?page=nggallery-manage-gallery
I can access
/wp-admin/admin.php?page=nggallery-manage-gallery&mode=edit&gid=1&_wpnonce=316a56bf7b
where gid=1 is owned by the contributor.
c) <em>only 'NextGEN Manage gallery' nextgen-capability and gallery is NOT owned by contributor:</em>
I can access:
/wp-admin/admin.php?page=nggallery-manage-gallery
but the gallery name has no edit link .
I can't access
/wp-admin/admin.php?page=nggallery-manage-gallery&mode=edit&gid=1&_wpnonce=316a56bf7b
I get this message:
Sorry, you have no access here
d)<em> Both 'NextGEN Manage gallery' and 'NextGEN Manage others gallery' nextgen-capabilities.</em>
I can access:
/wp-admin/admin.php?page=nggallery-manage-gallery
I can access and edit
/wp-admin/admin.php?page=nggallery-manage-gallery&mode=edit&gid=1&_wpnonce=316a56bf7b
where gid=1 is NOT owned by the contributor.
ps: I use this to add/remove capabilties:
add_action('init','change_contributor_cap');
function change_contributor_cap(){
$role = get_role('contributor');
$role->remove_cap( 'NextGEN Manage gallery');
$role->remove_cap( 'NextGEN Manage others gallery');
$role->remove_cap( 'NextGEN Edit album');
//$role->add_cap( 'NextGEN Manage gallery');
//$role->add_cap( 'NextGEN Manage others gallery');
//$role->add_cap( 'NextGEN Edit album');
}
houfton comments:
The whole point of my question is to get there in <strong>one</strong> click from the Gallery menu not <strong>two</strong>.
So, when in admin, in the Gallery menu, clicking Manage Gallery goes direct to the single gallery view.
I believe the roles / capabilities are right.
As a test, I have tried changing the can_manage_this_gallery function to:
`function can_manage_this_gallery($check_ID) {
return true;
}`
But it still does not work.
Dbranes comments:
yes I know ;-)
but my idea was to tackle this problem first:
<blockquote>But it does not work when I test it as a Contributor. Although the URL it generates looks about right (eg .../wp-admin/admin.php?page=nggallery-manage-gallery&mode=edit&gid=2&_wpnonce=3f4a3b0ef4), it gives a "You do not have sufficient permissions to access this page." message.
</blockquote>
by adding the correct role to the contributor.
The link you provide works directly on my install with the added 'NextGEN Manage gallery' role.
Are you using some role plugins?
Have you tested this on another wp install?
houfton comments:
As I said to Arnav the pasting-link-test works for me too if there is no link hack in place. The problem seems to be only when the link hack is being used.
Did you try using Martin or my hack to admin.php to enable one click access to the single gallery view?
I am using a pretty clean test install of WP without any other role plugins but will try a fresh install...
Note to self: I must learn to use the correct code blocks on this site, not back ticks!
Dbranes comments:
this works for me:
(I just add a new submenupage here named "Manage Gallery test" to test)
add_action( 'admin_menu', 'add_menu_extra',99);
function add_menu_extra(){
global $current_user, $wpdb;
get_currentuserinfo();
$user_gallery = $wpdb->get_var( $wpdb->prepare( "SELECT gid FROM tfl_ngg_gallery WHERE author = %d", $current_user->ID ) );
add_submenu_page( NGGFOLDER , __('Manage Gallery test', 'nggallery'), __('Manage Gallery test', 'nggallery'), 'NextGEN Manage gallery', 'nggallery-manage-gallery&mode=edit&gid=' . $user_gallery,'show_menu');
}
i.e. one click away from the contributor's gallery edit page.
houfton comments:
That works!
It is much better than hacking the admin.php file. I just need to serve the new test menu item to Contributors only and get rid of the old one.
Thank you.
Dbranes comments:
Here is a method that works for me:
I just use a redirect when the current user has a role as a contributor and clicks on this link
/wp-admin/admin.php?page=nggallery-manage-gallery
and redirct to
/wp-admin/admin.php?page=nggallery-manage-gallery&mode=edit&gid=1
where gid=1 is the contributor's gallery
so this way I don't need to modify the submenu.
add_action( 'admin_menu', 'add_menu_extra',99);
function add_menu_extra(){
global $current_user, $wpdb;
get_currentuserinfo();
// only for current users that have the "contributor" role
if( array_shift($current_user->roles) == "contributor"){
$user_gallery = $wpdb->get_var( $wpdb->prepare( "SELECT gid FROM tfl_ngg_gallery WHERE author = %d", $current_user->ID ) );
// redirect to the contributor's gallery edit page when the url is
// /wp-admin/admin.php?page=nggallery-manage-gallery
if(isset($_GET['page']) && $_GET['page']=="nggallery-manage-gallery" && !isset($_GET['mode']) ){
$redirect_url = get_admin_url()."admin.php?page=nggallery-manage-gallery&mode=edit&gid=" . $user_gallery;
wp_redirect( $redirect_url, 301);
exit();
}
}
}
Dbranes comments:
ps:
you just have to replace tfl_ngg_gallery with wp_ngg_gallery ;-)
(or adjust to the db prefix you have)
houfton comments:
That is an even better solution. I was having trouble hiding the original link from Contributors. I have used a separate getext() function to change the new link label to "Manage Images" which makes more sense.
I did spot the tfl_ngg_gallery issue, thanks!
Dbranes comments:
ok, great ;-)
Martin Pham answers:
For only Contributor use
More roles: [[LINK href="http://codex.wordpress.org/Roles_and_Capabilities"]]http://codex.wordpress.org/Roles_and_Capabilities[[/LINK]]
if (!current_user_can('delete_published_posts') && current_user_can('edit_posts') ) {
global $current_user, $wpdb;
get_currentuserinfo();
$user_gallery = $wpdb->get_var( $wpdb->prepare( "SELECT gid FROM wp_ngg_gallery WHERE name = %s", $current_user->user_login ) );
add_submenu_page( NGGFOLDER , __('Manage Gallery', 'nggallery'), __('Manage Gallery', 'nggallery'), 'NextGEN Manage gallery', wp_nonce_url( 'nggallery-manage-gallery&mode=edit&gid=' . $user_gallery, 'ngg_editgallery'), array (&$this, 'show_menu'));
Martin Pham comments:
if you continue to have problems,
or try the code below, I have used
remove_submenu_page (NGGFOLDER, 'nggallery-manage-gallery');
to remove submenu NGG added from the previous.
if (!current_user_can('delete_published_posts') && current_user_can('edit_posts') ) {
global $current_user, $wpdb;
get_currentuserinfo();
$user_gallery = $wpdb->get_var( $wpdb->prepare( "SELECT gid FROM wp_ngg_gallery WHERE name = %s", $current_user->user_login ) );
// remove current sub menu
remove_submenu_page(NGGFOLDER, 'nggallery-manage-gallery');
add_submenu_page( NGGFOLDER , __('Manage Gallery', 'nggallery'), __('Manage Gallery', 'nggallery'), 'NextGEN Manage gallery', 'nggallery-manage-gallery&mode=edit&gid=' . $user_gallery', array (&$this, 'show_menu'));
houfton comments:
I am not concerned about how to limit it to Contributors - that is not too hard. I am interested in making the <strong>link</strong> itself work as a link.
Martin Pham comments:
Please try this
if (!current_user_can('delete_published_posts') && current_user_can('edit_posts') ) {
global $current_user, $wpdb;
get_currentuserinfo();
$user_gallery = $wpdb->get_var( $wpdb->prepare( "SELECT gid FROM wp_ngg_gallery WHERE name = %s", $current_user->user_login ) );
// remove current sub menu
remove_submenu_page(NGGFOLDER, 'nggallery-manage-gallery');
add_submenu_page( NGGFOLDER , __('Manage Gallery', 'nggallery'), __('Manage Gallery', 'nggallery'), 'NextGEN Manage gallery', 'nggallery-manage-gallery&mode=edit&gid=' . $user_gallery, array (&$this, 'show_menu'));
}
houfton comments:
Thank you, Martin, I have tried that but it still says "You do not have sufficient permissions to access this page." The URL looks OK: "/wp-admin/admin.php?page=nggallery-manage-gallery&mode=edit&gid=49".
Arnav Joy answers:
so when you pasted following address to url
/wp-admin/admin.php?page=nggallery-manage-gallery&mode=edit&gid=2&_wpnonce=3f4a3b0ef4
then it did not worked for contributor , right?
can you check that gid=2 is allowed for contributors or not
houfton comments:
Arnav, pasting the URL directly in the address bar works as Administrator but not Contributor.
If I use the normal, unhacked, link as a Contributor I can get to the single Gallery view via the Galleries view and the URL is
wp-admin/admin.php?page=nggallery-manage-gallery&mode=edit&gid=2&_wpnonce=b849792898
so it seems that there is no problem with accessing gid=2.
houfton comments:
I have been trying a few things and what seems to be happening is that the 'hack' is preventing the URL from working when pasted directly in the address bar. If I have either my, or Martin's hack in place the link directly pasted in the address bar (just as a test) does not work as Contributor. But using the unhacked admin.php file the exact same URL does work as Contributor.