Skip Navigation

[Resolved] Non logged in users can access a category page though the CPT is set to private

This thread is resolved. Here is a description of the problem and solution.

Problem: Non logged in users can access a category page though the CPT is set to private

Solution: You can use the pre_get_posts action hook to disable the taxonomy term archive.

You can find the proposed solution in this case with the following reply: => https://toolset.com/forums/topic/non-logged-in-users-can-access-a-category-page-though-the-cpt-is-set-to-private/#post-1799989

Relevant Documentation: => http://jboullion.com/disable-taxonomy-archive/

This is the technical support forum for Toolset - a suite of plugins for developing WordPress sites without writing PHP.

Everyone can read this forum, but only Toolset clients can post in it. Toolset support works 6 days per week, 19 hours per day.

Tagged: 

This topic contains 2 replies, has 2 voices.

Last updated by nelsonT-2 1 year, 1 month ago.

Assigned support staff: Minesh.

Author
Posts
#1799011

Hi,

I have created a CPT with a taxonomy and created roles in Access. Three of the roles I have set are "President/Secretary" and "Concil members".

In Access, I have set the CPT to be only access by the members of those two groups (all access for "President/Secretary" and Read only access for "Concil members).

If I access the "page" from a private window, I can see the title, but not the content (I used a Content template)... I honestly was expecting to see a 404 page error, since that's what I putted in the settings... But it's not the worst...

I created a menu (only visible for people of those two groups, thanks to the "IF menu" plugin). In it I putted links to the different categories (my taxonomy) of documents. With great surprise, if I copy/paste the url (site/category/category-term) I can see all the elements of that category... If I click on it, I arrive on the previously mentioned page... Should that page lead to a 404 page (or at least be empty or similar) since the user don't have access to that content?

So, basically, what I would want is that if we copy/paste either the category URL or the post URL itself, it both leads to a 404 page.

Thank you,
Nelson

#1799989

Minesh
Supporter

Languages: English (English )

Timezone: Asia/Kolkata (GMT+05:30)

Hello. Thank you for contacting the Toolset support.

The URL you are saying (site/category/category-term) is actually a taxonomy archive.

You should try to add the following code to set the 404 error for taxonomy archive to disable the access using URL.
=> hidden link

#1802471

Thank you Minesh.

By default, the code you pointed me to disable the taxonomy for everyone (including admin). Since I wanted to allow it for some roles and not for other, I had to combine it with some other code, but it worked.

Here's the final code (that I added in the Toolset settings):
function jb_disable_tax_archive($qry) {

if (is_admin()) return;

if (is_tax('categorie-de-document')){
$user = wp_get_current_user();
$allowed_roles = array( 'administrator', 'president_secretaire', 'membre_du_conseil' );
if (! array_intersect( $allowed_roles, $user->roles ) ) {
$qry->set_404();
}
}
}

In case it can help others...
Nelson