Tell us what you are trying to do?
I am trying to limit access to user to seeing only their own post in user dashboard. In my attached image, I show a user has only 2 posts. However, he is able to see ALL posts from other uses including Published and Drafts.
How to set in Access so that he only can see his own posts and the menu should look like below:
All (2) | Mine (2) | Published (2) | Drafts (0)
It's not possible without a bespoke implementation.
If users have read permission for a post type then they can see those posts on both the front end and listed in the back end regardless of who authored them.
What is needed is something more nuanced than 'read', specifically a narrower 'read-own' permission, where you could only see your own posts.
But looking at core WordPress capabilities the available options are
- read
- read private pages
- read private posts
So, that's not an option.
Instead you will need to intervene in the query that operates on that page and add a filter for the post author.
You can add the following as a code snippet (at Toolset > Settings > Custom Code) that needs to run on the backend, and you will need to edit the slug of the post type you want this to apply to:
add_action( 'current_screen', 'prefix_maybe_hook_into_admin_query' );
function prefix_maybe_hook_into_admin_query( $current_screen ) {
if ( wp_doing_ajax() ) {
return;
}
if ( 'POST_TYPE_SLUG' !== $current_screen->post_type ) {
return;
}
add_action( 'pre_get_posts', 'prefix_hook_into_admin_query' );
}
function prefix_hook_into_admin_query( $query ) {
if (! $query->is_main_query() ) {
return;
}
$query->set( 'author', get_current_user_id() );
}
This won't affect the counts of published posts, that would require further custom work which you may want to pursue yourself.
Hi, many thanks indeed for clarifications and providing a workaround. Any chance in future versions of Access to provide such feature and functionality? - because logically speaking, what's the point of controlling access if we can't prevent others reading/viewing what they should not?
There is no such capability like "read-own" available with core WordPress and that is why he suggested to use the workaround using which it will list only the post that is authored by currently logged in user.
