Skip Navigation

[Resolved] Users that have no rights can connect posts

This thread is resolved. Here is a description of the problem and solution.

Problem:
Users that have no rights to create Post Type A can still do so when connecting a Post Type A to a Post Type B

Solution:
Update to types 3.1

This support ticket is created 6 years, 3 months ago. There's a good chance that you are reading advice that it now obsolete.

This is the technical support forum for Toolset - a suite of plugins for developing WordPress sites without writing PHP.

Everyone can read this forum, but only Toolset clients can post in it. Toolset support works 6 days per week, 19 hours per day.

Our next available supporter will start replying to tickets in about 2.05 hours from now. Thank you for your understanding.

Sun Mon Tue Wed Thu Fri Sat
- - 14:00 – 20:00 14:00 – 20:00 14:00 – 20:00 14:00 – 20:00 14:00 – 20:00
- - - - - - -

Supporter timezone: Asia/Ho_Chi_Minh (GMT+07:00)

This topic contains 3 replies, has 2 voices.

Last updated by Beda 6 years, 2 months ago.

Assisted by: Beda.

Author
Posts
#1073369

It would be great if you can give suggestion.
In my application there are two custom post "Obituaries" and "Services" and two type of users "Admin" and "Family".
I have created a Relationship between Obituaries and Services(One to Many).
Right now Family can add "obituaries" and "Services" but I want to apply restriction, Family can add only "Obituaries" Detail and Admin can add "Services" only.
Can I apply this type of functionality?

#1073411

To control who can do what on WordPress you can use Toolset Access.

You would head to Toolset > Access after installing the plugin and find the post type you want to control
There, you would set the user roles to have certain capabilities or not.
Then, that would apply to those roles.
https://toolset.com/documentation/user-guides/#access

This will make it impossible for Role A to add or do anything else you do not intend to with the certain post type.

The problem is, when you allow to add or edit one post type in a relationship, you can very well deny access to the other, and that will take effect in the WordPress Admin, but NOT in the Post Relationship meta box when you add or edit an actual "parent" post for example.

Let me explain

1. User Role A can add/edit parent type (only)
2. User Role B can add/edit child type (only)

This correctly removes all tools to edit/create any post they are not supposed to in the WordPress Admin.

But if they add or edit a post they are allowed to, then they can actually add and edit as well the posts (related) that they are not supposed to manipulate.

This is obviously wrong, I reported it and we will work on this.

So for now, this is possible but with a risk:
The user can still add/edit related posts in the Metabox made for it.

#1077148

yes

#1091124

This will be fixed with the next release 3.1.