Skip Navigation

[Resolved] Access control limiting user meta fields works for built-in profile editing only

This thread is resolved. Here is a description of the problem and solution.

Problem: I would like to display the value of a User field in the Edit User Form, but not allow the User to edit that value.

Solution: Use the Types field shortcode syntax to display a User field value without allowing edits in the Form:

Level 1: [types usermeta="your-field-slug" user_current="true"][/types]<br />

Relevant Documentation:

This support ticket is created 3 years, 9 months ago. There's a good chance that you are reading advice that it now obsolete.

This is the technical support forum for Toolset - a suite of plugins for developing WordPress sites without writing PHP.

Everyone can read this forum, but only Toolset clients can post in it. Toolset support works 6 days per week, 19 hours per day.

Sun Mon Tue Wed Thu Fri Sat
8:00 – 12:00 8:00 – 12:00 8:00 – 12:00 8:00 – 12:00 8:00 – 12:00 - -
13:00 – 17:00 13:00 – 17:00 13:00 – 17:00 13:00 – 17:00 13:00 – 17:00 - -

Supporter timezone: America/New_York (GMT-04:00)

Screenshot 2020-07-09 11.16.51.png
Screenshot 2020-07-09 11.16.31.png
Screenshot 2020-07-09 11.15.10.png
Screenshot 2020-07-09 11.14.43.png
Screenshot 2020-07-09 11.14.35.png

I've added a group of custom fields for the users called "Certification Fields", which contains fields like:

Is this person credentialed to teach? [yes][no]

Only admins should be able to change this value.

I used Toolset Access to configure User Meta Fields Access : Certification Fields so that users can't modify their own certification fields.

This works fine as expected when the user visit their wp-admin/profile.php page. They can see their certification status, but they can't change it.

However, I don't want to use the built-in wordpress profile editing page, so I've created a Toolset User Form which lets people edit their account.

If I include the "Is this person credentialed to teach?" field on the Toolset-powered User Form, then the user CAN edit their own status, even though I specified in Toolset Access that users shouldn't be able to edit their own certification meta fields.

I do see that I can simply click the trashcan icon to remove those fields altogether from the Toolset User Form.

How do I instead SHOW the value, without letting them CHANGE the value?


Hi, do you want to show the field value, or a disabled input with the field value set in it?

If you want to just show the field value, i.e. "certified", instead of a radio input field, you can use the standard Types field shortcodes to display the current User's field value. Drag an "HTML content" element into the Form builder from the "Extra elements" panel, then place the Types field shortcode using the syntax described in the field shortcode documentation here:
Click the "+More" button for examples. Here is an example showing the current User's field value:

Level 1: [types usermeta="your-field-slug" user_current="true"][/types]<br />

You would replace your-field-slug with the slug of the custom field you want to display.

If you want to show the normal input field in the Form but make it uneditable, you can switch to "Expert mode" in the Form builder and add readonly='true' to the cred_field shortcode corresponding to this specific field. The radio button would be displayed on the front-end, but disabled. Example:

[cred_field field='your-field-slug' force_type='field' class='form-control' output='bootstrap' readonly='true']

Let me know if you have questions about that.


Perfect, thanks! The shortcode solution was great. I don't recommend the "read-only" method because someone could simply save the HTML file to their desktop, remove the read-only flag, load it up, submit it, and give themselves credentials!

This ticket is now closed. If you're a WPML client and need related help, please open a new support ticket.