Even when locked, roles/caps get reset on upgrade

dfumagalli · 3 November 2019 20:27

Hello,

I need fine control of my level 1 members, so I am using capabilities.
They work very well, I have no issues with them, no issues protecting pages, no issues protecting files.

In order to prevent these capabilities from being reset on S2Member update, I have read and implemented what’s told in the “Locking s2Member Roles/Capabilities” article.

As the article says, when I press the “Reset Roles/Capabilities” button in the Dashboard, I correctly get the message indicating that Roles/Capabilities have been locked. Therefore, the suggested MU addon is working.

However, the last S2Member update totally reset the capabilities and now I have a website that is completely unprotected.

What gives? How can I debug this?

clavaque · 4 November 2019 22:56

Hi Dario.

The latest release didn’t change anything that would affect the behavior of your hack to lock the roles/capabilities.

Did you update/change anything else lately that could have affected the effectiveness of the lock?

dfumagalli · 4 November 2019 23:09

No. It’s a website made to host courses, each subscriber receives one capability for each course he paid. It worked until the last update, now it lost all capabilities so even non subscribed people can view everything in the whole protected website.

Users still retained assigned capabilities, the pages lost both the “Page Level Restriction” and “Require Custom Capabilities” values.

clavaque · 4 November 2019 23:17

Let me see if I understand… So the custom capabilities for the roles did not get lost, but the level restrictions for pages did?

Do you have the Deactivation Safeguards enabled? WP admin > s2Member > General > Deactivation Safeguards

dfumagalli · 4 November 2019 23:26

the pages lost both the “Page Level Restriction” and “Require Custom Capabilities” values

I only have WP admin > s2Member > General > Deletion Safeguards

Here is what I have:

dfumagalli · 4 November 2019 23:26

and here is the MU plugin acting as the instructions say it should:

clavaque · 6 November 2019 22:43

Thanks for the update.

Okay. The Deletion Safeguards looks good. You should not have lost the restrictions you had configured. There’s obviously something wrong specific to your installation, others aren’t losing their configuration on update with the safeguards enabled.

It may be hard to troubleshoot this in the production site. Can you create a clean WP installation, add an older s2Member, configure it, and then update to the latest to see if you can reproduce the problem? If it works fine, then try adding things from your production site, one by one, testing after each to see if the problem shows up then.

I look forward to your update.

dfumagalli · 6 November 2019 22:45

Thank you, Cristián,

I cannot do this immediately, but we are planning a new server in the coming weeks. I’ll do this and then update you about this.