Skip Navigation

[Resolved] Blocking content for lower roles

This thread is resolved. Here is a description of the problem and solution.

Problem:

How to use Access filter hook toolset_access_api_get_post_permissions?

Solution:

You can follow our document to setup your custom PHP codes.

Relevant Documentation:

https://toolset.com/documentation/programmer-reference/access-api-filters/#toolset_access_api_get_post_permissions

This support ticket is created 3 years, 4 months ago. There's a good chance that you are reading advice that it now obsolete.

This is the technical support forum for Toolset - a suite of plugins for developing WordPress sites without writing PHP.

Everyone can read this forum, but only Toolset clients can post in it. Toolset support works 6 days per week, 19 hours per day.

Sun Mon Tue Wed Thu Fri Sat
- 9:00 – 13:00 9:00 – 13:00 9:00 – 13:00 9:00 – 13:00 9:00 – 13:00 -
- 14:00 – 18:00 14:00 – 18:00 14:00 – 18:00 14:00 – 18:00 14:00 – 18:00 -

Supporter timezone: Asia/Hong_Kong (GMT+08:00)

Author
Posts
#1818283

I’m building a training platform for a company and their staff are allotted ‘roles’ based on their position on the company.

Each role has access to specific documents for the role, and documents for all roles underneath it.

The roles are:

Manager
Supervisor
Site installer
Trainee level 4
Trainee level 3
Trainee level 2
Trainee level 1

I need to allow access to posts which are created for each role, but any role above that role can see documents for all roles beneath it.

So a trainee level 3 can see level 2 and 1 documents but level 1 can’t see anything above it?

I’m guessing assigning the posts into groups would be the way and assigning roles to each group would work, but this seems messy, especially as I could also perform a conditional php check (it’s a coded website not using views etc) to perform a role check on page load.

Is there an easy way in access to allow this type of post management?

#1818651

Nigel
Supporter

Languages: English (English ) Spanish (Español )

Timezone: Europe/London (GMT+00:00)

There isn't a way to create a hierarchy of roles in the way you describe, no, each role is essentially a standalone role with capabilities that are independent of any other roles registered.

Adding document posts to post groups and then granting roles permission to view/edit documents in those groups would be the way to go.

I'm not sure it's that messy.

You would create post groups along the lines of "level 3 and above", and set permissions for that group for each role accordingly (deny level 1 and 2, permit other roles).

So there would be a certain amount of set-up, but you'd only have to do it once.

Then it would just be a question of assigning documents to the correct post groups as they are published.

#1818811

Thank you

Ie now done this and created all the roles and groups required. Im creating the site without the use of views / layouts and using PHP and JS for customisations.

Looking through the documentation for toolset, I cant seem to find any shortcodes for Access where I can conditionally display posts in my post archive based on the group its assigned to. Can you point me in the right direction for the shortcakes for toolset access so I can display content myself without rewriting accesss control myself

#1819029

Nigel
Supporter

Languages: English (English ) Spanish (Español )

Timezone: Europe/London (GMT+00:00)

If you are editing PHP templates I don't think it is Access shortcodes you need (we no longer have documentation for these, anyway), but rather the Access API functions described here: https://toolset.com/documentation/programmer-reference/access-api-filters/

You would likely need to use the first listed filter, toolset_access_api_get_post_permissions, to check permissions for a given post by role.

#1819339

Thanks for the reply. This is not really what im looking for as this would require conditionally checking the user role which I don't need access for.

What im looking for is to get the assigned post group of the current post (thats easy as theres a shortcode - echo do_shortcode ("[wpv-post-field name='_wpcf_access_group']");

That displays the post group the current post is assigned to.

Now I need to check that the current user is in that group and can view this post. This is what I cant find the answer to as there doesn't seem to be any post meta attached to the user showing what group their in, nor a shortcode for getting it? Any ideas, otherwise its a case of bypassing access and manually doing a conditional which is not what id prefer if at all possible

#1819785

Nigel
Supporter

Languages: English (English ) Spanish (Español )

Timezone: Europe/London (GMT+00:00)

You are trying to check can the current user view some post: that's exactly what that first API filter is for.

https://toolset.com/documentation/programmer-reference/access-api-filters/#toolset_access_api_get_post_permissions

The reason you don't find user meta showing what group they belong to is that users don't belong to groups, roles do (or more accurately, posts belong to groups, and permissions for the posts within the group are determined by role).

#1819855
User role.png
Blocked Posts.png

My apoligies but im still not understanding how this works, or its not working how I expect.

I have a user with a role of subscriber (its a custom role but the same capabilities)

I have 4 posts, 3 are viewable by subscriber, 1 is only viewable by administrators.

Using the above filter, it doesnt work as it shows that the current user has read permission (which it does globally) but it should show false for one of the posts (the one highlighted in the attached image).

Below is my code

/*Get the user id*/
$user_id = get_current_user();

/*Echo the current group the post belongs to*/
echo do_shortcode ("[wpv-post-field name='_wpcf_access_group']<br>");

/*Get user permissions for this post*/
$has_permission = current_user_can('read');
$has_permissions = apply_filters('toolset_access_api_get_post_permissions', $has_permission, 1, 'read', $user_id, 'en');

/*Spit out the query results*/
var_dump ($has_permissions);
echo '<pre>';
print_r ($has_permissions);
echo '</pre>';

#1821749

Hello,

You need to specific the post ID and user ID.
For example, you can modify your PHP codes as below:

/*Get user permissions for this post*/
$user_id = get_current_user_id();
$post_id = get_the_ID();
$has_permission = current_user_can('read');
$has_permissions = apply_filters('toolset_access_api_get_post_permissions', $has_permission, $post_id, 'read', $user_id);
if($has_permissions){
	var_dump ($has_permissions);
	echo do_shortcode ("[wpv-post-field name='_wpcf_access_group']<br>");
}
#1822389

My issue is resolved now. Thank you!

I suggest a slight change to the docs showing one part of the function needs the current post id as opposed to a number (which I now realise is the post id in the example)

$has_permissions = apply_filters('toolset_access_api_get_post_permissions', $has_permission, $post->ID, 'edit', $current_user, 'en');

This ticket is now closed. If you're a WPML client and need related help, please open a new support ticket.