Paid Addons Support Forum Only
Please note, that here we only support Paid Addons issues and questions.
gVectors Support staff works from 6am to 6pm (GMT+0)
All questions related to wpForo and wpDiscuz free plugins should be asked in the corresponding plugin support forum:
User Group and User Groups Secondary
I just upgraded to wpForo 1.7.7 and wpForo - User Custom Fields 2.0.1
I'm having a MAJOR issue with the User Group and User Groups Secondary fields. There fields are on the Account tab and they were only available to the admin usergroup previously. But now the User Group field isn't available to anyone (including admin) and the User Groups Secondary field is available to everyone.
Luckily a user pointed out the User Groups Secondary field to me. The fact that it's available to everyone is a major security breach since I have some private forums that only certain people should have access to. Currently they are able to give themselves access.
I have temporarily removed the User Group and User Groups Secondary fields from the Account tab until I can figure out how to make them both visible to admin and admin only.
Please add the Secondary Usergroup back and manage the permissions. When you edit the Secondary usergroup you'll see new options to manage access.
I tried that with the User Groups Secondary field, but it didn't seem to do anything. Two problems:
Even if I only give access to the 0 Deactivated Usergroup (see screenshot below), a user who is not in that Usergroup can still see the field on their Account tab when I add the field to the Account tab.
Actually, I would prefer to uncheck everything in the Who can see? section so only the Admin Usergroup would have access, but when I do that and go back in, everything is checked.
Looks like this is a problem with regular Text Custom Fields as well. I just used the Duplicate field option to copy an existing custom field called Old Username to a new custom field called Special Instructions.
Now all of a sudden the Old Username field is visible to everyone where previously it was only visible to Admin.
Same problem as my User Groups Secondary field in that I can't uncheck everything in the Who can view? section to only give access to Admin because it re-checks everything the next time I go in.
So, I tried only giving access to the 0 Deactivated Usergroup like this:
Then I login as someone who does not have access to the 0 Deactivated Usergroup and they can still see my custom field:
Bottom line, I don't think security is working on custom fields anymore. Bug?
That's disappointing that we lost this functionality. It definitely worked before the upgrade.
How can I manage the data stored on an individual Member Profile from the Dashboard? The only way I can see is to manage the data on the Account tab. I have certain data that I keep track of for each Member Profile (Usergroups and some other things). But only Admin should have the ability to manage this data.
Is it possible to create a new custom tab that only Admin can see? Will the Who can view? section on the tab work to restrict access to only Admin?