[Resolved] Access control not restricting visibility of posts

[Author]

Posts

[Greig Neilson]

I am trying to hide the Students post type from being viewed by users who are not logged in

Link to a page where the issue can be seen: hidden link

I expected to see no records appear.

Instead, I see the test record that I have created.

[Waqar Supporter Languages: English (English ) Timezone: Asia/Karachi (GMT+05:00)]

Hi Greig,

Thank you for contacting us and I'd be happy to assist.

By default, Access restrictions do not affect the output of a post View. Access controls affect the visibility of single posts or posts shown in an archive.

To be able to apply Access restrictions (including from Post Groups for individual posts) to the output of a View you can register a custom shortcode that uses the Access API to check whether the current user has read rights for the current post, and then apply that custom shortcode in a conditional shortcode or conditional block.

Note: Please remember to register the custom shortcode "allowed" at Toolset > Settings > Front-end content.

/**
 * Check permission to read post
 */
add_shortcode('allowed', function () {
 
    $userid = get_current_user_id();
    global $post;
 
    $allowed = apply_filters( 'toolset_access_api_get_post_permissions', true, $post, 'read', $userid, ICL_LANGUAGE_CODE );
 
    $return = ( $allowed ) ? 1:0;
 
    return $return;
});

The output of the View loop item can then be wrapped conditionally, e.g.

<wpv-loop>
[wpv-conditional if="( '[allowed]' eq '1' )"]
// view's loop item content
[/wpv-conditional]
</wpv-loop>

I hope this helps and please let me know if you need any further assistance around this.

regards,
Waqar