[Resolved] I setup view, it shows all results instead of just what user has permission for.

[Author]

Posts

[Jonathon Hanten]

Tell us what you are trying to do?
I setup a view to display several custom post types, but I only wanted the user to see the CPTs they permission to see to show in the view. I thought this would just work, but it seems the view shows all no matter who is logged in? The permissions are working so that if a person clicks on a CPT they don't have permission to access they are denied. I am building this all in blocks.

I'm wondering if there is a way to adjust this in the query? I'm trying to avoid having to create separate views for each type, but still show only the CPTs with permissions from Access Control.

What is the link to your site? Local site, but will be copied to host soon.

[Jamal]

Hello and thank you for contacting the Toolset support.

Views queries do not take into consideration Toolset Access permissions or the default WordPress permissions. For example, a default view will display only the published posts. But, if you choose to display the draft posts or the private posts, it will display them without taking into consideration WordPress default permissions.

CPTs post pages, instead, are bound to WordPress default permissions and Toolset Access permissions.

To be able to use the same view and display different CPTs for different kinds of users, the only way, is to use custom code. You will have to use the  hook to modify the view's query post types based on the user type.

add_filter( 'wpv_filter_query', 'prefix_change_post_types' );
 
function prefix_change_post_types( $query_args, $view_settings, $view_id ) {
    if ( $view_id == 123 ) { // change this ID with the ID of your view
		$types = (array) $query_args['post_type'];
		if ( !is_admin() ) {
			// display only posts and pages for non admin users
			$query_args['post_type'] = array( 'post', 'page' ); 
		}
	}
    return $query_args;
}

Read more about the hook and WordPress query parameters here:
- https://toolset.com/documentation/programmer-reference/views-filters/#wpv_filter_query
- https://developer.wordpress.org/reference/classes/wp_query/#post-type-parameters

I hope this helps. Let me know if you have any questions.

[Jonathon Hanten]

Thank you for this code snippet, but it is so generic and the links provided don't really provide any direction for someone brand new to wpv_filter_query. Do you have any suggestions on how to do what I am asking. Maybe an example argument more inline with what I am trying to do? I still feel this should be a built in feature like how you can query to only show a logged in users content. Access control should I don't know control access.

I did find this forum post: https://toolset.com/forums/topic/content-restricted-by-post-groups-still-showing-in-view/

but I don't know if I can use this to do what I want to do or how to determine the custom-group names mentioned.

[Jamal]

A solution with Access groups is not suited for your use case. Access groups are meant to restrict selected posts, without considering their post type. You, instead, want to restrict custom post types per user type.

If you opt for a solution with Access groups, you may end up with complex custom code than the solution I am suggesting.

Can you provide more details about your use case and I'll improve the snippet. For example, what custom post types are involved? What type of users are involved? Or what is the logic that you want to implement(who an see what)?

[Jonathon Hanten]

My issue is sort of resolved now. Thank you! I went a different direction. Originally I was trying to have a single view with all CPTs included, but wanted only the ones people have access to show in the list. Since then I have created separate pages for each CPTs view and used a mix of Access control, page groups, and Conditional IF blocks to show or hide access to the content. It is extremely clunky, but it works.

I still feel strongly that access control should be built directly into views, but you guys do you.