[Resuelto] Custom user role should only see his own private post

[Autor]

Mensajes

[Marcel]

Hi,

On this site, users can add a post via a front-end form, which gets the status "private". But the user should be able to see and edit (only) his own private post. When I give the user role "read_private_posts" permission in Access, he can also see other peoples private posts. Thats not what we want.

[Minesh]

Hello. Thank you for contacting the Toolset support.

Can you please share problem URL where you added the form as well as admin access details.

*** Please make a FULL BACKUP of your database and website.***
I would also eventually need to request temporary access (WP-Admin and FTP) to your site. Preferably to a test site where the problem has been replicated if possible in order to be of better help and check if some configurations might need to be changed.

I have set the next reply to private which means only you and I have access to it.

[Minesh]

Can you please share "schipper in spe" role user access details as well.

I have set the next reply to private which means only you and I have access to it.

[Minesh]

I see you are using post type archive to display the posts on the fllowing archive:
=> enlace oculto

Here is the archive in the backend.
- enlace oculto

I'm not sure why the "Query Filter" section is not available under the "Loop Selection" tab on the right sidebar.

We can filter the posts based on the post author. So, when you add the post from the frontend, user must be logged in - correct? if yes:
- You must set that post author as the current loggedin user. So we can identify that this post is created by this current loggedin user.

Then later on, with the post type archive you crated for the "schip" we can filter the posts based on the post authror equal to the current loggedin user. Is that sounds good?

So, my question is do you set current loggedin user as the author of the post when user create posts from the frontend?

[Marcel]

A logged-in user should be able to see all ships / posts. But some of those are published as a private post, and they should only see their own private post. So they should see all public published posts, but not private posts except for their own.

[Minesh]

So basically, you want to exaclude the private posts created by other users and display all public posts from current as well as other users and private post of the current user.

Is that correct?

[Marcel]

Yes

[Minesh]

Can you please check now: enlace oculto

I've added the following code to "Custom Code" section offered by Toolset with the code snippet "toolset-custom-code":
=> enlace oculto

add_action('pre_get_posts', 'prefix_filter_schip_archive_posts', 99,1);

function prefix_filter_schip_archive_posts($query) {

    if (
        !is_admin() &&
        $query->is_main_query() &&
        $query->is_post_type_archive('schip')
    ) {

        // Guest users → only published posts
        if (!is_user_logged_in()) {
            $query->set('post_status', 'publish');
            return;
        }

        $current_user_id = get_current_user_id();

        // Allow publish + private posts
        $query->set('post_status', array('publish','private'));

        // Get private posts created by other users
        $private_posts = get_posts(array(
            'post_type'      => 'schip',
            'post_status'    => 'private',
            'author__not_in' => array($current_user_id),
            'fields'         => 'ids',
            'nopaging'       => true
        ));

        if (!empty($private_posts)) {
            $query->set('posts__not_in', $private_posts);
        }
      
      	
    }
}

Can you please confirm it works as expected.

[Marcel]

Hi Minesh,

This code showed all private posts, not just the private posts of the author. But I put this in AI and let it fix it. It gave me the following working code:

add_action('pre_get_posts', 'filter_schip_posts_for_schipper', 99);

function filter_schip_posts_for_schipper($query) {

if (!is_admin() && $query->get('post_type') == 'schip' && $query->is_main_query()) {

if (!is_user_logged_in()) {
// Niet ingelogd → alleen public
$query->set('post_status', 'publish');
return;
}

$current_user_id = get_current_user_id();

// Hier maken we een OR-structuur: publish van iedereen OR private van jezelf
$query->set('post_status', array('publish', 'private'));
$query->set('author', ''); // eerst alles toestaan

// WordPress filter om alleen eigen private posts te tonen
add_filter('posts_where', function($where, $q) use ($current_user_id) {
global $wpdb;

// alleen toepassen op onze 'schip' query
if ($q->get('post_type') != 'schip') return $where;

$where .= " AND ({$wpdb->posts}.post_status = 'publish' OR ({$wpdb->posts}.post_status = 'private' AND {$wpdb->posts}.post_author = {$current_user_id}))";

return $where;
}, 10, 2);
}
}

[Minesh]

Great, glad to help - you are welcome to mark resolve this ticket.