I think there's something wrong with the authorization of events.
How I think it now works:
1. A WordPress user has a profile Amelia Employee. This WordPress user is connected to an Amelia Employee (only WP users with the profile Employee can be connected).
2. The user can see / edit events if he is added to this specific event as an Amelia Employee.
3. In the general settings of Amelia, role settings, the switch should be on ‘Edit their events’.
When these settings are active, users can see and edit events. If this switch is off, they can see it, but not edit is.
But when it’s on, and I change the roles of the profile Amelia Employee and delete all roles, they can still edit and see events. When it’s off, and I add roles to another profile of this user, they still can’t edit and or see events.
So, the roles are not taken into account. Only the profile name and the switch.
I've two types of employees I want to authorize:
* an editor: change, edit, delete an event, export the attendees
* reader: only read the event and export the attendees.
But I can’t…
I understand you build something and won’t ask people to install a user role editor. But… when an employee is added to an event, the switch is off, they should (only) be able to read the event and export the attendees. And when I add the edit roles to another profile and add them to an employee, they should be able to edit the event.
So can you please add a check on the authorization roles when the switch is off?
I'm afraid, I didn't understand your question correctly.
There's only one role in Amelia: Employee role and the permission to see assigned appointments/events is given to this role by default. And by switching on the "Manage their events" option you allow your Employees to edit their events. But this permission will be given to all Employees, so you cannot divide one Amelia Employee role into two roles: the editor and the reader.
You can try to turn Amelia manager into editor and Amelia Employee into the reader by adding/deleting permissions through the User Role Editor plugin (it's free and works fine with Amelia).
How do your Employees access their bookings - on the back-end or on the front-end Employee Panel?
Also, only Admins have the permission to delete Appointments or any other data in Amelia, so if you test new permissions, please make sure that you are logged in under a test Employee since if you are logged in as Admin you will see all these options no matter which permissions you add through User Role Editor.
The employees access their bookings on the back-end. I (already) have a special test user with the role Amelia Employee. I edited that role to simply these:
amelia_read_custom_fields
amelia_read_events
amelia_read_menu
read
That test user is tested in an other browser, cookies deleted, etc. And still able to edit the events, customers of that event, etc. :(
Can you please provide us with a temporary WP-admin (administrator) user for your site where this happens, so we could log in and take a look ‘from the inside’ as that’s the most efficient way to see and resolve the issue.
We do not interfere with any data or anything else except for the plugin (in case that’s a production version of the site), and of course, we do not provide login data to third parties.
You can write credentials here just check PRIVATE Reply so nobody can see them except us.
I couldn't log into the Employee's profile with the credentials you provided:
Anyway, I enabled amelia_write_events and amelia_write_custom_fields capabilities, so if the plugin's code allows this, adding these capabilities should suffice.
Since Custom Fields is a part of the Customize section, access for that had to be granted also. Now the employee can create new events and create new custom fields.
Thanks for checking. But... I don't understand. Why is this the solution?
I've removed all editing authorisation of the employee-role, but they can still edit it. They should only read the event and export the data (including the custom fields).
I thought you wanted to allow them to view and edit the events and custom fields, based on your initial comment.
The thing is that what you're trying to do is not possible with this user role. The Amelia Employee user role has limitations and it's not intended to have all those capabilities enabled. If you want to allow them to view only the custom fields, you can try removing the "write" option from both custom fields and customize section. I can't guarantee that it will work since, again, the user role wasn't intended to have these capabilities in the first place.
Thanks again for checking, reviewing etc. I really appreciate it!
I got the tip of your colleague to strip the employee profile into only reading, for a reading-user. And edit the manager profile, if needed, for a reading and writing-user. That was fine with me.
But...
I think there's something wrong programmed in the authorisation.
This is how it is:
* To connect an event to an employee, the user should have an employee profile. OK
* An event is connected with the Employee profile, to prevent editing events that are not theirs. OK
* In the main settings a switch makes an event editable for the employee. THAT'S KINDA WEIRD. IF YOU SEE IT LIKE A 'MASTER' SETTING, THEN OK.
* If the user has an employee profile, all authorisation roles, like reading and writing are not taken into account. The user can view and edit, at all times. THATS NOT OK. WHY DO THESE ROLES EXIST IF THEY DON'T WORK? ALSO IF THE 'MASTER SWITCH' IS OFF, THEN THEY STILL DON'T WORK, THEY WON'T ALLOW USERS TO EDIT THE EVENT.
I think that if the actual roles are taken into account, when opening the event (the same way you open the event to edit it), users of this plugin can edit it exactly like they need. I really hope you think so too. Please let me know. And when it's written in code, so I can make some people happy 🙃 Including me, then I don't need to export all the event data, but they can do it theirselves.
Exporting feature has been recently granted to the Amelia Manager role, and up until the last update, even they didn't have that option. Allowing employees to export data has not been granted, and modifying the WordPress user role can't allow that to happen. This capability is added to the Amelia user (there are only 3 "provider", "customer" and "manager"), and they're not related to WordPress user role.
Modifying the WordPress user role would overwrite the capabilities of Amelia's users in global, meaning if you enable some, the user will be able to use the capability that was enabled as if they are an admin - there's no conditional logic that'd say "You can export events, but only the ones assigned to you" - that would require custom development.
I'll forward the suggestion to our development team, but I don't know when (or if) they will be able to include this any time soon. They already have a (rather long) list of priorities, so adding this as a request will be considered low-priority, unfortunately.
I hope they'll have time to include custom permissions per user, but I can't guarantee anything.
That's partial because of the capabilities of the Amelia user, as mentioned in my previous response.
The Amelia Employee user can view (read) the events by default, but you can choose whether they'll be able to edit them or not through Amelia Settings/Roles/Employee:
Yes, that's the 'switch' I was talking about. But. Here's the problem.
If the setting is on: they can manage their events, even if I delete the role amelia_write_events. They can read, write settings, see, edit and export participants and view the custom fields.
If the setting is off: they can't manage their events, even if they have the role amelia_write_events. They can't open the event to see the participants.
So, the role amelia_write_events is not taken into account. Ever.
The setting is fine with me and helps non technical clients to edit the authorisation in a easy way. If only the role amelia_write_events was also taken into account, then it's all solved. Then:
If the setting is on: they can manage their events, unless I delete the role amelia_write_events. Then they can still open it, read it, and still see the participants. And export the data.
Good to hear it was automatic. I tried to explain in my post of August 13, 2021 at 8:01am that editing the backend roles would have been the solution, but the roles are not taken into account. Please read that post for more information ;)
I just tested the User Role settings that you mentioned and I can confirm that at the moment it cannot be achieved through the User Role Editor plugin.
We didn't test it for a long time, and since then Amelia and the User Role Editor were updated a couple of times. That's why the solutions that we were using before don't work now.
Hi,
I think there's something wrong with the authorization of events.
How I think it now works:
1. A WordPress user has a profile Amelia Employee. This WordPress user is connected to an Amelia Employee (only WP users with the profile Employee can be connected).
2. The user can see / edit events if he is added to this specific event as an Amelia Employee.
3. In the general settings of Amelia, role settings, the switch should be on ‘Edit their events’.
When these settings are active, users can see and edit events. If this switch is off, they can see it, but not edit is.
But when it’s on, and I change the roles of the profile Amelia Employee and delete all roles, they can still edit and see events. When it’s off, and I add roles to another profile of this user, they still can’t edit and or see events.
So, the roles are not taken into account. Only the profile name and the switch.
I've two types of employees I want to authorize:
* an editor: change, edit, delete an event, export the attendees
* reader: only read the event and export the attendees.
But I can’t…
I understand you build something and won’t ask people to install a user role editor. But… when an employee is added to an event, the switch is off, they should (only) be able to read the event and export the attendees. And when I add the edit roles to another profile and add them to an employee, they should be able to edit the event.
So can you please add a check on the authorization roles when the switch is off?
Hi, Gerbert,
Thank you for choosing Amelia.
I'm afraid, I didn't understand your question correctly.
There's only one role in Amelia: Employee role and the permission to see assigned appointments/events is given to this role by default. And by switching on the "Manage their events" option you allow your Employees to edit their events. But this permission will be given to all Employees, so you cannot divide one Amelia Employee role into two roles: the editor and the reader.
You can try to turn Amelia manager into editor and Amelia Employee into the reader by adding/deleting permissions through the User Role Editor plugin (it's free and works fine with Amelia).
Best Regards.
Hi Liza,
Thanks for your reply. I've edited the roles, but it doesn't work. It would have been a nice solution.
This is what I did:
* manage their events: ON
* in the event added the employee
* edited the employee role: deleted all write and delete authorisation. Only read authorisation is activated.
But they can still edit en delete the events, add and delete customers to the event. Etc.
Best regards!
Gerbert,
Thank you for the clarification.
How do your Employees access their bookings - on the back-end or on the front-end Employee Panel?
Also, only Admins have the permission to delete Appointments or any other data in Amelia, so if you test new permissions, please make sure that you are logged in under a test Employee since if you are logged in as Admin you will see all these options no matter which permissions you add through User Role Editor.
Hi Liza,
The employees access their bookings on the back-end. I (already) have a special test user with the role Amelia Employee. I edited that role to simply these:
That test user is tested in an other browser, cookies deleted, etc. And still able to edit the events, customers of that event, etc. :(
Hi Gerbert
Can you please provide us with a temporary WP-admin (administrator) user for your site where this happens, so we could log in and take a look ‘from the inside’ as that’s the most efficient way to see and resolve the issue.
We do not interfere with any data or anything else except for the plugin (in case that’s a production version of the site), and of course, we do not provide login data to third parties.
You can write credentials here just check PRIVATE Reply so nobody can see them except us.
Hi Gerbert
Thank you for providing the information we will investigate thih further and get back to you as soon as we have some more information.
We appreciate your time and patience.
Hello Gerbert
I couldn't log into the Employee's profile with the credentials you provided:
Anyway, I enabled amelia_write_events and amelia_write_custom_fields capabilities, so if the plugin's code allows this, adding these capabilities should suffice.
Kind Regards,
Aleksandar Vuković
[email protected]
Rate my support
wpDataTables: FAQ | Facebook | Twitter | Instagram | Front-end and back-end demo | Docs
Amelia: FAQ | Facebook | Twitter | Instagram | Amelia demo sites | Docs | Discord Community
You can try wpDataTables add-ons before purchasing on these sandbox sites:
Powerful Filters | Gravity Forms Integration for wpDataTables | Formidable Forms Integration for wpDataTables | Master-Detail Tables
Great, Gerbert, thanks!
This should be it:
Since Custom Fields is a part of the Customize section, access for that had to be granted also. Now the employee can create new events and create new custom fields.
Kind Regards,
Aleksandar Vuković
[email protected]
Rate my support
wpDataTables: FAQ | Facebook | Twitter | Instagram | Front-end and back-end demo | Docs
Amelia: FAQ | Facebook | Twitter | Instagram | Amelia demo sites | Docs | Discord Community
You can try wpDataTables add-ons before purchasing on these sandbox sites:
Powerful Filters | Gravity Forms Integration for wpDataTables | Formidable Forms Integration for wpDataTables | Master-Detail Tables
Hi Aleksandar,
Thanks for checking. But... I don't understand. Why is this the solution?
I've removed all editing authorisation of the employee-role, but they can still edit it. They should only read the event and export the data (including the custom fields).
Kind regards,
Gerbert
Hello Gerbert.
I thought you wanted to allow them to view and edit the events and custom fields, based on your initial comment.
The thing is that what you're trying to do is not possible with this user role. The Amelia Employee user role has limitations and it's not intended to have all those capabilities enabled. If you want to allow them to view only the custom fields, you can try removing the "write" option from both custom fields and customize section. I can't guarantee that it will work since, again, the user role wasn't intended to have these capabilities in the first place.
Kind Regards,
Aleksandar Vuković
[email protected]
Rate my support
wpDataTables: FAQ | Facebook | Twitter | Instagram | Front-end and back-end demo | Docs
Amelia: FAQ | Facebook | Twitter | Instagram | Amelia demo sites | Docs | Discord Community
You can try wpDataTables add-ons before purchasing on these sandbox sites:
Powerful Filters | Gravity Forms Integration for wpDataTables | Formidable Forms Integration for wpDataTables | Master-Detail Tables
Hi Aleksandar,
Thanks again for checking, reviewing etc. I really appreciate it!
I got the tip of your colleague to strip the employee profile into only reading, for a reading-user. And edit the manager profile, if needed, for a reading and writing-user. That was fine with me.
But...
I think there's something wrong programmed in the authorisation.
This is how it is:
* To connect an event to an employee, the user should have an employee profile. OK
* An event is connected with the Employee profile, to prevent editing events that are not theirs. OK
* In the main settings a switch makes an event editable for the employee. THAT'S KINDA WEIRD. IF YOU SEE IT LIKE A 'MASTER' SETTING, THEN OK.
* If the user has an employee profile, all authorisation roles, like reading and writing are not taken into account. The user can view and edit, at all times. THATS NOT OK. WHY DO THESE ROLES EXIST IF THEY DON'T WORK? ALSO IF THE 'MASTER SWITCH' IS OFF, THEN THEY STILL DON'T WORK, THEY WON'T ALLOW USERS TO EDIT THE EVENT.
I think that if the actual roles are taken into account, when opening the event (the same way you open the event to edit it), users of this plugin can edit it exactly like they need. I really hope you think so too. Please let me know. And when it's written in code, so I can make some people happy 🙃 Including me, then I don't need to export all the event data, but they can do it theirselves.
Hi again Gerbert
Exporting feature has been recently granted to the Amelia Manager role, and up until the last update, even they didn't have that option. Allowing employees to export data has not been granted, and modifying the WordPress user role can't allow that to happen. This capability is added to the Amelia user (there are only 3 "provider", "customer" and "manager"), and they're not related to WordPress user role.
Modifying the WordPress user role would overwrite the capabilities of Amelia's users in global, meaning if you enable some, the user will be able to use the capability that was enabled as if they are an admin - there's no conditional logic that'd say "You can export events, but only the ones assigned to you" - that would require custom development.
I'll forward the suggestion to our development team, but I don't know when (or if) they will be able to include this any time soon. They already have a (rather long) list of priorities, so adding this as a request will be considered low-priority, unfortunately.
I hope they'll have time to include custom permissions per user, but I can't guarantee anything.
Kind Regards,
Aleksandar Vuković
[email protected]
Rate my support
wpDataTables: FAQ | Facebook | Twitter | Instagram | Front-end and back-end demo | Docs
Amelia: FAQ | Facebook | Twitter | Instagram | Amelia demo sites | Docs | Discord Community
You can try wpDataTables add-ons before purchasing on these sandbox sites:
Powerful Filters | Gravity Forms Integration for wpDataTables | Formidable Forms Integration for wpDataTables | Master-Detail Tables
Hi Aleksandar,
In this case I referred not to custom fields authorisation, but to these roles:
* amelia_read_events
* amelia_write_events
If I delete the 'write' -role, a user can still edit the event. I think that's wrong.
BR,
Gerbert
Hey Gerbert.
That's partial because of the capabilities of the Amelia user, as mentioned in my previous response.
The Amelia Employee user can view (read) the events by default, but you can choose whether they'll be able to edit them or not through Amelia Settings/Roles/Employee:
Kind Regards,
Aleksandar Vuković
[email protected]
Rate my support
wpDataTables: FAQ | Facebook | Twitter | Instagram | Front-end and back-end demo | Docs
Amelia: FAQ | Facebook | Twitter | Instagram | Amelia demo sites | Docs | Discord Community
You can try wpDataTables add-ons before purchasing on these sandbox sites:
Powerful Filters | Gravity Forms Integration for wpDataTables | Formidable Forms Integration for wpDataTables | Master-Detail Tables
Hi Aleksandar,
Yes, that's the 'switch' I was talking about. But. Here's the problem.
If the setting is on: they can manage their events, even if I delete the role amelia_write_events. They can read, write settings, see, edit and export participants and view the custom fields.
If the setting is off: they can't manage their events, even if they have the role amelia_write_events. They can't open the event to see the participants.
So, the role amelia_write_events is not taken into account. Ever.
The setting is fine with me and helps non technical clients to edit the authorisation in a easy way. If only the role amelia_write_events was also taken into account, then it's all solved. Then:
If the setting is on: they can manage their events, unless I delete the role amelia_write_events. Then they can still open it, read it, and still see the participants. And export the data.
Thanks again for your help, analytics etc!
Best Regards,
Gerbert
Hi Gerbert!
Thank you for contacting back
I still see it as open, so it may have been an automated message.
You can optionally use User Role Editor plugin for backend roles; however, this would not influence the frontend roles, I'm afraid.
Hi Ivana,
Good to hear it was automatic. I tried to explain in my post of August 13, 2021 at 8:01am that editing the backend roles would have been the solution, but the roles are not taken into account. Please read that post for more information ;)
Best Regards,
Gerbert
Hi, Gerbert,
Thank you for the clarification.
I just tested the User Role settings that you mentioned and I can confirm that at the moment it cannot be achieved through the User Role Editor plugin.
We didn't test it for a long time, and since then Amelia and the User Role Editor were updated a couple of times. That's why the solutions that we were using before don't work now.
Sorry for this inconvenience.
Best Regards.