Non logged in users can access a category page though the CPT is set to private

This thread is resolved. Here is a description of the problem and solution.

Problem:
Non logged in users can access a category page though the CPT is set to private

Solution:
You can use the pre_get_posts action hook to disable the taxonomy term archive.

You can find the proposed solution in this case with the following reply:
=> https://toolset.com/forums/topic/non-logged-in-users-can-access-a-category-page-though-the-cpt-is-set-to-private/#post-1799989

Relevant Documentation:
=> http://jboullion.com/disable-taxonomy-archive/

This support ticket is created 3 years, 6 months ago. There's a good chance that you are reading advice that it now obsolete.

This is the technical support forum for Toolset - a suite of plugins for developing WordPress sites without writing PHP.

Everyone can read this forum, but only Toolset clients can post in it. Toolset support works 6 days per week, 19 hours per day.

Sun	Mon	Tue	Wed	Thu	Fri	Sat
-	10:00 – 13:00	10:00 – 13:00	10:00 – 13:00	10:00 – 13:00	10:00 – 13:00	-
-	14:00 – 18:00	14:00 – 18:00	14:00 – 18:00	14:00 – 18:00	14:00 – 18:00	-

Supporter timezone: Asia/Kolkata (GMT+05:30)

Tagged: Types plugin

This topic contains 2 replies, has 2 voices.

Last updated by nelsonT-2 3 years, 6 months ago.

Assisted by: Minesh.

Author

Posts

October 4, 2020 at 1:14 am #1799011

nelsonT-2

Hi,

I have created a CPT with a taxonomy and created roles in Access. Three of the roles I have set are "President/Secretary" and "Concil members".

In Access, I have set the CPT to be only access by the members of those two groups (all access for "President/Secretary" and Read only access for "Concil members).

If I access the "page" from a private window, I can see the title, but not the content (I used a Content template)... I honestly was expecting to see a 404 page error, since that's what I putted in the settings... But it's not the worst...

I created a menu (only visible for people of those two groups, thanks to the "IF menu" plugin). In it I putted links to the different categories (my taxonomy) of documents. With great surprise, if I copy/paste the url (site/category/category-term) I can see all the elements of that category... If I click on it, I arrive on the previously mentioned page... Should that page lead to a 404 page (or at least be empty or similar) since the user don't have access to that content?

So, basically, what I would want is that if we copy/paste either the category URL or the post URL itself, it both leads to a 404 page.

Thank you,
Nelson

October 5, 2020 at 9:39 am #1799989

Minesh

Supporter

Languages: English (English )

Timezone: Asia/Kolkata (GMT+05:30)

Hello. Thank you for contacting the Toolset support.

The URL you are saying (site/category/category-term) is actually a taxonomy archive.

You should try to add the following code to set the 404 error for taxonomy archive to disable the access using URL.
=> hidden link

October 7, 2020 at 4:33 am #1802471

nelsonT-2

Thank you Minesh.

By default, the code you pointed me to disable the taxonomy for everyone (including admin). Since I wanted to allow it for some roles and not for other, I had to combine it with some other code, but it worked.

Here's the final code (that I added in the Toolset settings):
function jb_disable_tax_archive($qry) {

if (is_admin()) return;

if (is_tax('categorie-de-document')){
$user = wp_get_current_user();
$allowed_roles = array( 'administrator', 'president_secretaire', 'membre_du_conseil' );
if (! array_intersect( $allowed_roles, $user->roles ) ) {
$qry->set_404();
}
}
}

In case it can help others...
Nelson

This ticket is now closed. If you're a WPML client and need related help, please open a new support ticket.