Version 0.2 of the Post Levels plugin has been released. This release makes the plugin compatible with WordPress 1.5.1. There are no new features in this release.
Download
Update 5/22: Sigh, as mentioned in the comments, single-post view is broken. This is due to an issue in WordPress that I unfortunately cannot change within a plugin. I’ve filed a bug; in the meanwhile, I recommend staying on 1.5 until this (and other) issues (hopefully) get fixed in 1.5.1.1
32 Comments
hi Fil. i just want to point out a small logic error the persistently crops up in the plugin.
the problem is in the way you check for logged-in users. in wordpress, a logged-in visitor will have a $user_level from 0 to 10. with 0 representing the lowest level of a registered and logged-in user. if the visitor is not logged-in $user_level is left blank.
so, it’s only natural to think that empty() will work. however, in php, if $var is equal to 0 (zero), empty($var) will return true.
i propose you change
// Don't bother unless someone is logged in
if (!empty($user_level))
to
// Don't bother unless someone is logged in
if (isset($user_level))
and change is_post_level() function accordingly.
anyway, just thought i’d bring this to your attention. thanks for a quick 1.5.1 fix :)
~crash
Crash: That’s actually by design, because I wanted to ensure that an admin had approved the user account before they say private posts.
I’ll change this to an option in the next version.
Post Levels still doesn’t actually keep anything at all private, due to the RSS feed.
Daniel: I’m not sure what you’re talking about, the RSS feed doesn’t expose the private posts (this is actually a feature request by many users of the plugin)
Make sure you’re logged out of the site before you view the RSS feed, as you’ll see the private posts if you’re logged in (it’s all browser-cookie based)
Hi, wanted to ask, how to make the posts show up automatically? Because it doesn’t seem to. It does hide from users not logged in, as it’s made private. But even if they are logged in, they are asked to type in the password to view the post. How to make it auto show?
This is my site. http://sims2.tatatee.com/main/
I can set up a test user for you if you need.
Tatatee: It sounds like yo’ure setting a password on the post as well as setting it to private. Make sure you remove the post password if you want to use post levels.
You were right!
I entered post_levels in the password box and not the custom field box. My bad.
Thanks!
Ever since I upgraded to 1.5.1, Wordpress has been telling my users that no posts matched their criteria whenever they try to comment. They used to be able to access individual pages of private entries. Is there a reason why they can’t now? Is it just my site?
No it’s not just your site. This happens also in mine. Does anyone know how to solve this issue? (I’m a Computer Science student, and I’m willing to help if my help is needed)
Reverie: Just looked into this, it’s a new issue in 1.5.1 that I unfortunately cannot fix in a plugin (you would have to hack / replace a core file in WordPress).
You will either have to downgrade to 1.5, or live without the post levels plugin until 1.5.1.1 :(
Thanks for looking into it. I’ve upgraded to 1.5.1.1 too. But the bug is still there. I guess I’ll wait. :)
And oh, downgrading didn’t go well at all because I didn’t have the database backup from before 1.5.1.
So it wont work in 1.5.1.1?
here is 1.5.1.2 out now… Hope to see this working as this is a sweet plugin. Thanks Fil
Sill doesn’t work in 1.5.1.2… :’(
Is there any way I can redirect a user to my blog instead of the dashboard?
Hey there - I am curious, how are these posts handled by search engines?
I just opened my site up today again to search engines and almost immediately msnbot has been all over it. I just took a look at my users online page and it showed msn bot at being on the page of one of my level 2 posts.
So basically, I’m thinking - how did the bot get there in the first place if the post isn’t viewable to users who aren’t logged in? And did it actually see/index anything?
Thanks, valerie (spoken-for.org)
Hi there,
I was always looking for a plugin like this. With WP 1.2 I tried out Viewlevel but wasn’t very exhalted with the features it provided. This was also because of the poor WP API.
Now a new major release is out and I saw your new plugin doing much the same as the old abandoned Viewlevel. This day I installed it on my test blog and ran into the same problem as all others did with WP 1.5.1. Anyway I wanted this to work as it was supposed to and so I built a solution where it isn’t necessary to touch any WP original code. The good thing to say about it: It works. The bad: I am not sure whether I used variables in this fix I shouldn’t have.
So here it is. All code has to be added to your post-levels.php file.
1.) Find the line “add_filter(’posts_where’, ‘postlevel_posts_where’);”. Insert a new line after it with “add_filter(’the_posts’, ‘postlevel_posts’);”
2.) Before the “?>” insert the following code:
function postlevel_posts($where)
{
if (count($where) == 0)
{
//
// this is a workaround for WP 1.5.1 until it is somehow fixed
global $wpdb, $user_ID, $postlevel_key, $user_level;
$posts = $wpdb->get_results($request);
if (count($posts) == 1) {
if (’publish’ != $posts[0]->post_status) {
if ( ! (isset($user_ID) && (” != intval($user_ID))) ) {
// User must be logged in to view unpublished posts.
$posts = array();
} else {
if (’draft’ == $posts[0]->post_status) {
// User must have edit permissions on the draft to preview.
if (! user_can_edit_post($user_ID, $posts[0]->ID)) {
$posts = array();
}
} elseif (’private’ == $posts[0]->post_status) {
// here lies the problem in the main code, so we changed this here
if (($posts[0]->post_author != $user_ID)
&& !($postlevel_key == $posts[0]->meta_key
&& intval($user_level) >= intval($posts[0]->meta_value))) {
$posts = array();
}
}
}
}
}
//
return $posts;
}
return $where;
}
That’s all. Warning: This comes with no warranty. As soon as there is an “official” API, this should be removed because of possible security holes. Anyway: Enjoy!
McShelby (normally just Shelby)
Ups, messed up the indention in my last post. If you want to have indention (and some comments of me), take a look at the HTML code of this page and copy/paste the fixed plugin code from there. Remove the after every line code manually.
Does ‘Single Post View is Broken’ mean 404 errors? I have a bunch of users complaining about 404 errors on single post views for entries with postlevel set - but they come up fine for me.
can someone elaborate please on what this single-post issue is?
the only problem i found was if i logged-out and manually tried to access a PL-ed post, i got a dirty 404, instead of a nice WP redirect.
i’m still not sure what post_level is suppose to do does it keep a post from being viewed ? or edited
since it requires you make a post private wouldn’t that keep it out of the viewing pages ?
when you mean a certain userlevel can see it do you mean in the admin only or in the actual blog pages
i’m using WP 1.5.1 and haven’t been able to make much use of post_levels
if there any way to get the post_level plugin to work with the latest WP version ? can’t you modify the plugin to work with all versions ?
You wouldn’t happen to have the ticket number for the bug you reported? I wonder if anyone can get the Dev’s to just include post-level functionality in 1.6.
Is there any way to automatically set the level based on the category of the post? I’m likely to forget to set it. I have a hard enough time remembering to set the categories. :)
The code (above) posted by McShelby works really well to fix the single post 404 issue. Copy it into your post-levels.php file - but make sure to do a search and replace for the ‘curved single quotes’ (’smart quotes’ that dont work in code) that appear in the code above - with actual single quotes. If you don’t, the plugin will error out when you try to load any of your pages.
Sorry, I just copied and pasted the code from my source, but somehow the blog has converted the quotes. Sorry for this. I wished Filipe already had included this fix into the code and provide an official new version of this great plugin, so no one has to mess around with fixing the code by hand.
Is there some way to filter out these posts just based on the post_level custom field and not the “private” post_status? I have a bunch of authors on my site and we need to edit each others content. It would be really nice to be able to just use the custom field so that we can get to the posts. I recognize that if the plugin is disabled, the custom field will be worthless. (I’ve been trying to play with the str_replace line without much success.)
There are a lot of advantages using the “private” flag. Assume the plugin is somehow disfunct or turned off in the admin panel. If the “private” flag is not set, suddenly every visitor of your site can view every post! For me, that’s not what I want. If a this access control plugin fails I prefer that it is rather showing nothing than exposing every content to all users.
Besides that if not flagged “private” your new “published” post wil be announced at the update service (by default http://rpc.pingomatic.com/).
Nevertheless a user can edit another post even if it’s flagged private and post_levels plugin is active if his’ userlevel is higher than that of the writer. Maybe you can tweak the levels of your users by providing an “edit user” with level 9 and all other user not higher than 8? Just a thought.
Hi, I created a bugfix branch to work around the above problem with WP 1.5.x. Incorporated in this fix is the above written code plus some minor other bugfixes and an additional feature. Read all about it here: http://soeren-weber.net/post/2005/07/10/34/
As mentioned in the first comment, I think choosing 0 post_level by default is a logic error. I changed this a little bit. So that I can set users just registered users (or friends). Otherwise you need to set user’s level to 1, which also gives posting permissions. Here is my patch. empty changed to isset, and default post_level is below allowed levels (-1)..
—————————
— post-levels.php.txt 2005-05-15 00:43:41.000000000 +0300
+++ post-levels.php 2005-07-28 10:43:05.205061888 +0300
@@ -32,9 +32,8 @@
if (function_exists(’add_filter’))
{
global $user_level; get_currentuserinfo();
-
// Don’t bother unless someone is logged in
- if (!empty($user_level))
+ if (isset($user_level))
{
add_filter(’posts_join’, ‘postlevel_posts_join’);
add_filter(’posts_where’, ‘postlevel_posts_where’);
@@ -50,21 +49,21 @@
}
// Whether the current posts is of the given level
- function is_post_level($level = 0)
+ function is_post_level($level = -1)
{
global $postlevel_key;
$val = get_post_custom_values($postlevel_key);
if (!empty($val))
return ($val == $level);
else
- return ($level == 0);
+ return ($level == -1);
}
}
else
{
// Not logged in, use define fast functions that don’t use the DB
function is_private() { return false; }
- function is_post_level($level = 0) { return ($level == 0); }
+ function is_post_level($level = -1) { return ($level == -1); }
}
}
}
First off, great plug-in! Exactly what I was looking for.
I want to let folks know about a strange behavior I have encountered with Soren’s (and perhaps the original) Post-Levels plugin. The plug-in works great in Internet Explorer (PC & Mac), but for me, Does not work in Firefox (PC & Mac) or Safari (Mac). Am I the only one with this problem?
Thanks again to Filipe, Soren, and any other contributors for this great plug-in.