Define also write permissions for post group - possible?

This thread is resolved. Here is a description of the problem and solution.

Problem: I would like to use User Roles to allow certain Users to edit specific posts.

Solution: You can use Access Control shortcodes inline to restrict access to content in a page.

Relevant Documentation: https://toolset.com/documentation/user-guides/access-control-texts-inside-page-content/

This support ticket is created 7 years, 1 month ago. There's a good chance that you are reading advice that it now obsolete.

This is the technical support forum for Toolset - a suite of plugins for developing WordPress sites without writing PHP.

Everyone can read this forum, but only Toolset clients can post in it. Toolset support works 6 days per week, 19 hours per day.

Our next available supporter will start replying to tickets in about 5.07 hours from now. Thank you for your understanding.

Sun	Mon	Tue	Wed	Thu	Fri	Sat
8:00 – 12:00	8:00 – 12:00	8:00 – 12:00	8:00 – 12:00	8:00 – 12:00	-	-
13:00 – 17:00	13:00 – 17:00	13:00 – 17:00	13:00 – 17:00	13:00 – 17:00	-	-

Supporter timezone: America/New_York (GMT-04:00)

Tagged: Access plugin, Content-submission forms, Controlling access to content editing, Controlling access to front-end content, Custom roles, Membership sites, Toolset Forms, Types plugin

This topic contains 2 replies, has 2 voices.

Last updated by arthurR-2 7 years, 1 month ago.

Assisted by: Christian Cox.

Author

Posts

October 18, 2017 at 4:55 pm #579979

arthurR-2

Let's say we have:

* 1 CPT = Companies
* 2 companies: company A and company B
* 2 user roles: company A employee and company B employee
* 3 users, 2 of them are company A employees and 1 is company B employee

Need:
* all users can see all companies
* company A employees can only edit company A post (in front-end, with CRED)
* company B employees can only edit company B post (in front-end, with CRED)

Possible without coding?

I thought, that defining a write permission for a post group would solve the problem, but there is just the read option.

If not possible:
* would it be it easier if there were only 1 employee of each company? (just wondering)

Thank you!

October 18, 2017 at 8:11 pm #580042

Christian Cox

If only the front-end needs to be restricted, you may be able to use inline Access Control shortcodes to handle this by only showing certain forms to certain Roles. That can certainly be accomplished without code, but how depends on your site structure and how the CRED forms are placed on the page. Here's an article that discusses Access Control for page content:
https://toolset.com/documentation/user-guides/access-control-texts-inside-page-content/

Example:

[toolset_access role="EmployeeCompanyA" operator="deny"]
This content will not be shown to Users with role "EmployeeCompanyA".
[cred_form form='edit-company-b' form_name='Edit Company B']
[/toolset_access]

So if you have two different CRED forms, one to edit Company A and another to edit Company B, then you can show and hide those forms effectively with these toolset_access inline controls. Let me know if I've misunderstood the requirement, or if you have other questions about this.

October 18, 2017 at 8:32 pm #580047

arthurR-2

Sadly not, because that's the point - I don't want to duplicate forms or layouts because they'll be all the the same, since the companies are the same CPT. Furthermore there are much more companies, than in the example with just 2.

But I guess I solved the problem in a similar way: I use conditional output to compare some current user field with some field of the company being viewed, and if they match the form is displayed, otherwise the error message. The same for the "Edit post" link.

Thank you for fast reply!