I have done research, so now I have a better understanding.
User Role: Contributor
WP User Role capability as Contributor: Do not allow Publish
Toolset Form access as Contributor: Allow Edit, but submit for review
Result:
The only place where the user can edit is by clicking the provided 'Edit' link to the form that Edits the CPT.
The user cannot edit an already Published post in the back end.
What I would expect to see is either:
(A) If the user tried to edit their existing published post, the back-end allows the post to be edited but not Published, only Submit for review
(B) If the user tried to edit their existing published post in the back-end, they would be forwarded to the form that allows Editing existing CPT content, with submit for review
Your user role doesn't allow Publish - it's set as Pending.
Which means that when I (as Admin) Publish it, you will no longer be able to edit it from the back-end.
You'll only be able to edit via the 'Edit existing' form on the front-end.
Fortunately I have found a front-end solution, but it would be ideal if the user could either:
(a) Edit and 'publish' as Pending Review (as the Edit Existing form does)
(b) There's an 'Edit' link but it actually points to the front-end Edit Existing form.
This happens because the user who Publishes the post, is the user who is set as the post author. Thats how wordpress itself operates I believe and not an issue on our end.
So you as the admin would need to manually reset the post author after you've published the post.
Yes, this has to do with WordPress built-in permissions.
Even if I manually change the author of the CPT to the individual who submitted the post, unless the user also has the ability to Publish, they cannot edit a post that has been published.
If the user can't publish a post, they can't edit a published post ... in the back-end.
However, Toolset offers that same user a front-end ability to take an already published CPT, and submit "for review" an edited version of the post.
Back-end: User without publishing permission cannot edit a published post
Front-end with Toolset: User without publishing permission can submit a form that submits a revision "for review", that does not publish
In other words, that means I need to design all user interactions through the front-end, and prevent them from going into the back-end (where they won't be able to do anything).
The main limiting factor here is that the publisher of the post will always be set to the user who hits the publish button rather than the user that created the post.
Since it is a backend feature we are moving to our frontend, this will also hold true on the frontend. The only way to avoid this is to have some secondary author field, this field would get auto-populated with ID of the user, then when the admin comes in and hits published then we copy over the author information in that instance.
Please let me know what you think of this and we can move forward from there.
