Jump to content
flourishdesignstudio

[Solved] DMS2 Editor Lockdown

Recommended Posts

flourishdesignstudio

I am working on a site that has several administrators but I need to limit the DMS setting to be a select number of users. I have followed the following instructions but for some reason it is still allowing all admins acces to the DMS settings:

Quote

 

I know where the instructions to lock down the visual editor are but here is my question.  I have several plugins (woo commerce, events plugin, thumbnail regenerator, etc) installed on a site that the user will need access.  

 

Based on what I see, it seems like the default setting is let admin access the "DMS Editor".  I've tested the Editor profile, and Store Manager profile but neither have access to all the plugins.  

 

Will following the "Multiple User Access" instructions let UserA (assigned admin privileges but not included in the usernames below) access all WP tools and plugins other than the Visual Editor?  Also do I need to make this change in a child theme?  

 

Multiple User Access

If you work in a team and wish to have multiple users access to the Visual Editor but keep your client lockout, use this method. Open up your wp-config.php file and find the following code:

  1. define('WP_DEBUG', false);

Add below that, the following code (remember to replace the usernames in the example below to your teams usernames):

  1. define( 'PL_EDITOR_LOCK', 'andrew,bob,chris,daniel,eric' );

Your changes will look similar to this:

  1. define('WP_DEBUG', false);
  2. define( 'PL_EDITOR_LOCK', 'andrew,bob,chris,daniel,eric' );


 

 

If the whitelisted usernames have capitals such as "FlourishDesignStudio" should their names be written as such or converted into all lowercase for the wp-config file (aka 'flourishdesignstudio')? Thanks in advance for any help you are able to provide!

 

 

Share this post


Link to post
Share on other sites
Simon

wordpress usernames cant have uppercase chars they are always lowercase.

 

Share this post


Link to post
Share on other sites
flourishdesignstudio

Hi Simon,

I have corrected this issue but the problem is still occurring where I am unable to lock DMS for everyone except whitelisted usernames. If there anything else that I should do? Has the process changed?

Thanks so much! 

Share this post


Link to post
Share on other sites
Simon

It works the other way round.

// example:

// define( 'PL_EDITOR_LOCK', 'admin' ); // only allow 'admin' to use editor.
// define( 'PL_EDITOR_LOCK', 'simon,stefan,andrew' ); // allow 3 users to use the editor.
// define('PL_EDITOR_LOCK','7,admin,11'); // allows User IDs 7 and 11 and username admin to use the editor.
// If not defined all users with edit_theme_options role have access to the editor.

Share this post


Link to post
Share on other sites
flourishdesignstudio

Thanks! I have been trying this approach without success:

define( 'PL_EDITOR_LOCK', 'dan,flourishdesignstudio,anna' ); // allow 3 users to use the editor.

 

Share this post


Link to post
Share on other sites
Simon

So what the issue?

None of those user have access? Or all users have access?

Where exactly did you add the code?

Share this post


Link to post
Share on other sites
flourishdesignstudio

sorry! Yes, all the users still have access. We put that code into the wp-config.php file. Isn't that correct?

Share this post


Link to post
Share on other sites
Simon
1 minute ago, flourishdesignstudio said:

sorry! Yes, all the users still have access. We put that code into the wp-config.php file. Isn't that correct?

Depends where exactly you added it.

Share this post


Link to post
Share on other sites
flourishdesignstudio

Hi Simon,

Still no luck here... we added the code after the following text:

  1. define('WP_DEBUG', false);

Any other things that we might be doing wrong?

Share this post


Link to post
Share on other sites
Simon

I guess get a ticket started, provide an admin user for me and ftp login so i can check files.

Share this post


Link to post
Share on other sites
flourishdesignstudio

Will do, thanks for the help!

Silly question... to open a ticket do I simply contact support?

Thanks so much Simon!

 

Share this post


Link to post
Share on other sites
Simon
Just now, flourishdesignstudio said:

Will do, thanks for the help!

Silly question... to open a ticket do I simply contact support?

Thanks so much Simon!

 

Yes, use the button at top of the forum :)

Share this post


Link to post
Share on other sites
Simon

OK replying here so other people might benefit.

Yes you had added the correct line, and yes it was in the right location HOWEVER

The editor you had used to copy/paste the line of code included some non ascii chars, im actually quite surprised you didnt bring your entire site down!! 

So what did I find?

define(�PL_EDITOR_LOCK�,�flourishdesignstudio,annagallow,danparker�);

As you can see, the quotes are replaced with � 

I replaced with this

define('PL_EDITOR_LOCK','flourishdesignstudio,annagallow,danparker');

And now everything is working as expected.

 

Share this post


Link to post
Share on other sites
flourishdesignstudio

You are amazing! Thank you so so so much! Not sure how that happened but we truly appreciate you looking into this for us!

Share this post


Link to post
Share on other sites
Simon

This topic has been marked as solved.

Share this post


Link to post
Share on other sites
flourishdesignstudio

Hi Simon,

I hate to reopen this old topic but we are having troubles with this lockdown site again. I am not sure if the changes worked at first but then didn't when the site propagated but at this point no one is able to log into the DMS editor. Is this something that you have run into in the past? I want to do a full backup of the files and setting but I don't have access to the front-end editors now.

Thanks for any help you can provide!

Anna

Share this post


Link to post
Share on other sites
Simon

Either you are not in the list of users in the config, or someone has edited that config again with a non compliant editor like before.

Share this post


Link to post
Share on other sites
flourishdesignstudio

I have not changes any of the settings and I have confirmed that I am on the whitelist:

The only think that looks different than the sample code online is that there is no debug line:

define('WPLANG', '');
define('PL_EDITOR_LOCK','flourishdesignstudio,annagallow,danparker');

 

I can reopen the support ticket and send you FTP if that is helpful.

Thanks so much Simon!

Share this post


Link to post
Share on other sites
Simon

sure ok, send me the details.

Share this post


Link to post
Share on other sites
Simon
On 7/1/2016 at 1:32 PM, flourishdesignstudio said:

I have not changes any of the settings and I have confirmed that I am on the whitelist:

The only think that looks different than the sample code online is that there is no debug line:

define('WPLANG', '');
define('PL_EDITOR_LOCK','flourishdesignstudio,annagallow,danparker');

 

I can reopen the support ticket and send you FTP if that is helpful.

Thanks so much Simon!

OK you had some random javascript code in your custom scripts, this was causing javascript to crash so no editor.

PS 

PLEASE PLEASE update WordPress and the 24 odd plugins that need to be updated!!

Share this post


Link to post
Share on other sites
flourishdesignstudio

Hi Simon,

I removed the DMS Header scripts from the PageLines section but am still unable to see the admin bar for Pagelines when I am logged in to the front of the site. I recognize that we desperately need to update the site's files and plugins which is why I am trying to gain access to DMS so I can export and backup all my setting, etc. I like to have full backups of the site before I proceed doing updates in case I need to revert back to the previous files for any reason. However, without access to the editor I cannot do these exports/backups.

Were you able to access the DMS editor when you removed the scripts?

I realize that we are probably being frustrating for you and I have always had great success with your products. I simply need to back everything up so I can move forward and do all the other updates.

Thanks Simon!

 

 

Share this post


Link to post
Share on other sites
Simon

Yes the editor worked the moment i commented out the broken javascript, I then added my name to the editor lock list, tested that i had no access, removed my name and had access again.

You dont need to export anything to update plugins! Just do a site backup via your host.

Share this post


Link to post
Share on other sites
flourishdesignstudio

Hi Simon,

I completely believe you. I used your account to log in (and added you back into the wp-config file) and I am still unable to access the DMS editor from any device in our office (ipad or computers) on your account, my account, or my colleague's account. However, we use DMS on almost 40 other sites and I am able to access the editor on those site. Are there any known issues with this happening to other people?

I recognize that I am duplicating efforts in regards to my backups and that I just need the site backup. I just like to have layers of protection in case any single component of the site gets corrupted or needs to be addressed individually. I have since gone through and completed all the updates (WP, themes, and plugins) and so now everythgin on the site is up-to-date. The editor problem persists and will certainly present a major issue if we are unable to edit the modules or site settings moving forward. Do you feel this is something to do with the host? Would there possible be a problem with our IP address that would allow you to access the DMS editor but no one in our office? Would it be helpful to send you credentials to sign in and take a look through my account?

I don't mean to stay stuck on this issue, it is just that when we need to edit the site or section we will no longer have access so I need to be able to figure out why this is happening.

As always, your help is much appreciated and I truly value all your time and effort in helping us with this!

 

Share this post


Link to post
Share on other sites
Simon

My advice is to remove the line in wp-config and see if you can then access the editor.

Could be a javascript issue, or your office blocking some resources

Share this post


Link to post
Share on other sites
flourishdesignstudio

Thanks Simon. It seems to work when the lock is removed entirely so I will simply leave the lock on until I need to make edits. Once edits are finished I will put the lock back on. 

Sorry this has been such a mess. I know the lock works properly on other sites and I appreciate you sticking with us through the troubleshooting of this issue!

Love your product and greatly appreciate the support!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


×