Inicio › Toolset Professional Support › [Resuelto] Using Access control to limit access to a content template for a CPT
This is the technical support forum for Toolset - a suite of plugins for developing WordPress sites without writing PHP.
Everyone can read this forum, but only Toolset clients can post in it. Toolset support works 6 days per week, 19 hours per day.
Hoy no hay técnicos de soporte disponibles en el foro Juego de herramientas. Siéntase libre de enviar sus tiques y les daremos trámite tan pronto como estemos disponibles en línea. Gracias por su comprensión.
Sun | Mon | Tue | Wed | Thu | Fri | Sat |
---|---|---|---|---|---|---|
- | 10:00 – 13:00 | 10:00 – 13:00 | 10:00 – 13:00 | 10:00 – 13:00 | 10:00 – 13:00 | - |
- | 14:00 – 18:00 | 14:00 – 18:00 | 14:00 – 18:00 | 14:00 – 18:00 | 14:00 – 18:00 | - |
Supporter timezone: Asia/Kolkata (GMT+05:30)
Etiquetado: Access plugin, Controlling access to admin function
Documentación relacionada:
Este tema contiene 19 respuestas, tiene 2 mensajes.
Última actualización por Gerard hace 4 años, 6 meses.
Asistido por: Minesh.
Hi,
I need to set up permissions on a Content template used to display a CPT named "Profile".
Access should be only for the following people
1) The author of the profile
2) The role of Manager
3) WP Administrators
I can figure it out for pages by creating groups, but for this Content Template (Using Gutenberg) I'm at a loss..
Looking for help and/or pointers 🙂
Hello. Thank you for contacting the Toolset support.
Basically, Toolset access controls the Post types, Taxonomies, Types group, Cred forms, WPML permissions, Custom roles.
There is no option to control the content templates.
However, views offers the hook using which you can dynamically assign the content template which is applied on the frontend:
=> https://toolset.com/documentation/programmer-reference/views-filters/#wpv_filter_force_template
If you want to control the content template display on the frontend, I think in this case the above hook could help. You should add check-in conditions to the hook to check if the user falls in criteria then assign the content template ID you desired to display otherwise you can change the content template ID to a different one which shows just the message.
Hi Minesh,
Thank you.
You made me realize that in the end, I want to lock it up at the CPT level.
So, for the "profile" CPT, I ned to make it fully available to the roles of MANAGER and ADMINISTRATORS, that's easy, BUT can I lock the CPT for the author only with the role of STUDENT ?
Have you check the access control for post types:
=> https://toolset.com/documentation/user-guides/access-control/setting-access-control/#managing-access-control-for-posts-pages-and-custom-post-types
Where you can set your required permissions to the desired role. Does this help?
Hmm.. Let me retry..
I have profiles, each authored by individuals in the STUDENT role.
When a student loads up a profile, the URL is something like: enlace oculto
Seeing this, they may try editing the URL to see someone else's profile. That is what I'M trying to avoid..
A user should ONLY be able to see the one profile they created for themselves. The one on which they are the author.
The thing is that access works per role now based on per post type.
What if you create a view that query the CPT "Profile" and add a Query filter to filter that view by post author equal to logged in user.
=> https://toolset.com/documentation/user-guides/views/filtering-views-query-by-author/
So, add this view to your single post type post body or content template you created and add all information within the view's loop editor section. Does this makes sense?
Ok, I think I see what you mean by "So, add this view to your single post type post body or content template you created and add all information within the view's loop editor section. Does this makes sense?"
So far I was using a Content Template attached to "Profile (Single)..
That CT was built using Gutenberg blocks..
I'm not sure how to drag all of that infrastructure into a View loop..
If you can share access details and the Content Template URL I would like to check first how you build the content template using blocks.
Please share admin access details as well as one student user login details so I can perform the test.
*** Please make a FULL BACKUP of your database and website.***
I would also eventually need to request temporary access (WP-Admin and FTP) to your site. Preferably to a test site where the problem has been replicated if possible in order to be of better help and check if some configurations might need to be changed.
I have set the next reply to private which means only you and I have access to it.
Yes - sure, please send me the problem URL where you want to hide the things?
As far as I can see, you want to control the content on the following page - correct?
=> enlace oculto
But it seems to me this is a public page where every-one can see the page. Do you want that only logged-in users can see that page?
I have set the next reply to private which means only you and I have access to it.
<deleted>
It seems we are in totally opposite timezones.
Can you please check now: enlace oculto
I checked the page as non-loggedin user and it displays the error page and then I also checked the page loggedin as admin as well as the Tina Aliante user and I can see its working. Can you please confirm it works at your end as well and this is your expected results.
It this is working, then I just added the capability to the Author role to Profile post type from access control.
I've created the following content template which displays the message when user has no permission to access the profile - you can adjust the message or add whatever you want as per your requirement.
=> enlace oculto
I've added the following code to "Custom Code" section offered by Toolset within the "toolset-custom-code" snippet:
=> enlace oculto
add_filter( 'wpv_filter_force_template', 'prefix_fixed_content_for_visitors', 99, 3 ); function prefix_fixed_content_for_visitors( $template_selected, $id, $kind ) { global $current_user; global $post; if(in_array('administrator',$current_user->roles) or in_array('manager',$current_user->roles) or (in_array('student',$current_user->roles) and $post->post_author == $current_user->ID) ){ $template_selected = 484; // assign a fixed Content Template with ID 123 that contains a static text }else{ $template_selected = 1158; } return $template_selected; }
And now if you try to access the page: enlace oculto
It will display the content template 1158 (which is the one which displays the error message) otherwise if the user is logged in as administrator or manager or student and student is author of the profile then it will display the content template 484 (which you already setup)
I hope the above solution will help you to resolve your issue 🙂 Glad to help.
Please let me know if this is still not the expected result.
Ok - I've modified the code as given under as I can not able to assign the assigned content template ID.
add_filter( 'wpv_filter_force_template', 'prefix_fixed_content_for_visitors', 99, 3 ); function prefix_fixed_content_for_visitors( $template_selected, $id, $kind ) { global $current_user; global $post; if((in_array('student',$current_user->roles) and $post->post_author != $current_user->ID) and (!in_array('administrator',$current_user->roles) or !in_array('manager',$current_user->roles)) ){ $template_selected = 1158; } return $template_selected; }
I've checked it works for both administrator, for author of the profile post and if user is not author of the profile post, it will display the another content template 1158.
Is it working as expected now? Can you please confirm?
Hi.
Thanks, that looks sooo close.. My initial test worked, but then discovered I couldn't access other pages.. The scope was too wide? It should only be applied to the single "profile" CPT?
I've tried to refine it but still have not managed to make it work. I've just put back your latest version of the code and flushed the Kinsta cache..
Please let me know