whereverpanda

I don’t have WooCommerce – which form plugin are you using?

The form protection still works and all – But it seems to be a Firefox issue then. If that helps to narrow it down? (as @mauri01 said before)

@dnesscarkey Sent you the site on your contact page

@mauri01 Will share any findings here ??

@dnesscarkey I can confirm I still am getting the message on the latest version and it’s specifically on Firefox on Mac. I don’t get the error in Chrome on Mac or Windows. I have not checked other browsers.

I am getting this as well. Can you possibly fix?

The creator of the topic’s site URL is in the screengrab.

Thanks!

@supaiku

Hi there,

I am 100% with you on them having to have informed us regarding the change and hopefully, if this DOES change again in a future update, they will let us know. But they have apologized for this and stated that they will keep the community informed. This is a feature I’m still hoping they build in to NF’s core settings settings.

I genuinely hope the method I’m going to describe below will help you, because I am not a coder I wouldn’t know how to fix it if it does in fact change again!

As far as I know the code can be put into your theme’s functions.php file, but because I use Oxygen Builder, I use the Code Snippets plugin. I also use Publishpress Permissions for capability settings.

I add a capability in Publishpress Permissions called ‘access_forms’, so in my code below, change that to your desired capability:

I add a new Code Snippet and paste this into it:

// Must use all three filters for this to work properly. 
add_filter( 'ninja_forms_admin_parent_menu_capabilities',   'nf_subs_capabilities' ); // Parent Menu
add_filter( 'ninja_forms_admin_all_forms_capabilities',     'nf_subs_capabilities' ); // Forms Submenu
add_filter( 'ninja_forms_admin_submissions_capabilities',   'nf_subs_capabilities' ); // Submissions Submenu

function nf_subs_capabilities( $cap ) {
    return 'access_forms'; // EDIT: User Capability
}
/**
 * Filter hook used in the API route permission callback to retrieve submissions
 *
 * return bool as for authorized or not.
 */
add_filter( 'ninja_forms_api_allow_get_submissions', 'nf_define_permission_level', 10, 2 );
add_filter( 'ninja_forms_api_allow_delete_submissions', 'nf_define_permission_level', 10, 2 );
add_filter( 'ninja_forms_api_allow_update_submission', 'nf_define_permission_level', 10, 2 );
add_filter( 'ninja_forms_api_allow_handle_extra_submission', 'nf_define_permission_level', 10, 2 );
add_filter( 'ninja_forms_api_allow_email_action', 'nf_define_permission_level', 10, 2 );

function nf_define_permission_level() {
  
  $allowed = \current_user_can("access_forms");
  
  return $allowed;
};

VERY IMPORTANT: If you are using Code Snippets, set it to run everywhere!

I really hope this helps you!!

• This reply was modified 3 years, 3 months ago by whereverpanda.

@heateor

You’re a superstar, thanks so much!

• This reply was modified 3 years, 4 months ago by whereverpanda.

I have asked this question a while ago – mine was because of a front end issue, but it’s still not acceptable in my opinion.

I did raise this on another forum (where the developers apparently get notified) but nothing has come of it yet…

@stuartsequeira Thank you very much, Stuart!

@msaari Hi Mikko,

Just saw there was a new version out and remembered that I didn’t thank you for adding this compatibility in the previous version.

So thanks for that! ??

@ouija Thank you for your support in this matter as well – I thought I was being a bit stupid by thinking this was a minor change and I was being a bit thick.
I noticed that the individual forms’ submission pages moved to /wp-admin/admin.php?page=nf-submissions&form_id=# which at least means I can send a user to a specific form using a URL which is needed when you don’t want users to see all forms and you don’t have per form access.

I really hope this is something they stick to and as you mentioned, inform users about in the release notes if something of this scale changes. I’m not a coder AT ALL so I generally rely on plugins and their stability, so hopefully this was an oversight on their part.

@stuartsequeira @jmcelhaney Can you please confirm that my code in my previous reply is correct? (here). It is working, but it is live on a client’s site and I need to know it’s secure.

Thank you!

I implemented the code as follows on a client’s site and it does seem to work.

Will you please double check this code and confirm and let me know that it’s correct and secure? I think this will be of use to the entire community. It’s for users with the capability access_forms:

// Must use all three filters for this to work properly. 
add_filter( 'ninja_forms_admin_parent_menu_capabilities',   'nf_subs_capabilities' ); // Parent Menu
add_filter( 'ninja_forms_admin_all_forms_capabilities',     'nf_subs_capabilities' ); // Forms Submenu
add_filter( 'ninja_forms_admin_submissions_capabilities',   'nf_subs_capabilities' ); // Submissions Submenu

function nf_subs_capabilities( $cap ) {
    return 'access_forms'; // EDIT: User Capability
}
/**
 * Filter hook used in the API route permission callback to retrieve submissions
 *
 * return bool as for authorized or not.
 */
add_filter( 'ninja_forms_api_allow_get_submissions', 'nf_define_permission_level', 10, 2 );
add_filter( 'ninja_forms_api_allow_delete_submissions', 'nf_define_permission_level', 10, 2 );
add_filter( 'ninja_forms_api_allow_update_submission', 'nf_define_permission_level', 10, 2 );
add_filter( 'ninja_forms_api_allow_handle_extra_submission', 'nf_define_permission_level', 10, 2 );
add_filter( 'ninja_forms_api_allow_email_action', 'nf_define_permission_level', 10, 2 );

function nf_define_permission_level() {
  
  $allowed = \current_user_can("access_forms");
  
  return $allowed;
};

Thank you!

Hi there,

Thanks for that

So just to double check – is my code correct for user with capability access_forms and can it be used on a production site?

Thanks

• This reply was modified 3 years, 5 months ago by whereverpanda.

Update:

So I removed the last bracket from the last line of the new snippet of code. It removes the error in the Code Snippets plugin, and allows me to activate, but it still did not work. In the Code Snippets plugin, it has to be set to

‘Run snippet everywhere’

then it works.

It allows the user with a capability (access_forms) I created in Publishpress Permissions to view the submissions page. It also allows the user to download the submissions.

However, clicking on the Ninja Forms dashboard, and clicking on the cog on the form and then on ‘View Submissions’, it gives an error page (Sorry, you are not allowed to access this page.) This is still an issue.

// Must use all three filters for this to work properly. 
add_filter( 'ninja_forms_admin_parent_menu_capabilities',   'nf_subs_capabilities' ); // Parent Menu
add_filter( 'ninja_forms_admin_all_forms_capabilities',     'nf_subs_capabilities' ); // Forms Submenu
add_filter( 'ninja_forms_admin_submissions_capabilities',   'nf_subs_capabilities' ); // Submissions Submenu

function nf_subs_capabilities( $cap ) {
    return 'access_forms'; // EDIT: User Capability
}
/**
 * Filter hook used in the API route permission callback to retrieve submissions
 *
 * return bool as for authorized or not.
 */
add_filter( 'ninja_forms_api_allow_get_submissions', 'nf_define_permission_level', 10, 2 );
add_filter( 'ninja_forms_api_allow_delete_submissions', 'nf_define_permission_level', 10, 2 );
add_filter( 'ninja_forms_api_allow_update_submission', 'nf_define_permission_level', 10, 2 );
add_filter( 'ninja_forms_api_allow_handle_extra_submission', 'nf_define_permission_level', 10, 2 );
add_filter( 'ninja_forms_api_allow_email_action', 'nf_define_permission_level', 10, 2 );

function nf_define_permission_level() {
  
  $allowed = \current_user_can("access_forms");
  
  return $allowed;
};

Please note the company I work with do have licenses, but I feel this is a basic thing that needs to be made as clear as possible and Ninja Forms’ permissions/capabilities are very unclear (unlike Caldera Forms which we are soon having to switch from on a site with 15+ forms, which has per form capability settings, which would be an amazing feature to see).

Will you PLEASE check my code to see if I did something wrong (security wise etc) and if it is correct, please update your code in your documentation.

Last question, will per form permission be something we can ever see in Ninja Forms?

Thanks!

• This reply was modified 3 years, 5 months ago by whereverpanda.
• This reply was modified 3 years, 5 months ago by whereverpanda.

One more thing, when adding the last piece of code (as is from your documentation), code snippets gives the error ‘e is undefined’.

Is there perhaps an error in the code?

EDIT:
When trying to save the snippet I get this:

The code snippet you are trying to save produced a fatal error on line 17:
syntax error, unexpected ‘)’, expecting end of file

• This reply was modified 3 years, 5 months ago by whereverpanda.