Skip Navigation

[Resolved] Restrict View Access to Author and Administrator

This support ticket is created 6 years, 1 month ago. There's a good chance that you are reading advice that it now obsolete.

This is the technical support forum for Toolset - a suite of plugins for developing WordPress sites without writing PHP.

Everyone can read this forum, but only Toolset clients can post in it. Toolset support works 6 days per week, 19 hours per day.

Sun Mon Tue Wed Thu Fri Sat
8:00 – 12:00 8:00 – 12:00 8:00 – 12:00 8:00 – 12:00 8:00 – 12:00 - -
13:00 – 17:00 13:00 – 17:00 13:00 – 17:00 13:00 – 17:00 13:00 – 17:00 - -

Supporter timezone: America/New_York (GMT-04:00)

This topic contains 3 replies, has 2 voices.

Last updated by Christian Cox 6 years ago.

Assisted by: Christian Cox.

Author
Posts
#1152386

Hi Team,

Loving your work with the toolset!

I have a scenario where I am creating a members area for my customer. In my case my customer is a kids sport activities provider. The users who register for the site will be Parents of children.

I have created a custom post type of "Children" and have a toolset form built for creating the children. I then have a view on a members profile page that only show's their children.

The only issue I have is that the restriction to view the custom post type seems to be by Role, rather than the author.

For example: My name is Peter and I have 2 children Layla and Joel.

If Joe Bloggs registers an account and logs in with a role of "Member", while he won't see my 2 children on his profile page, if he does a search or knows the permalink to my 2 children he would be able to see it.

Is access able to restrict the view of a post to the author of the post?

#1152744
post-author-filter.png
private-status.png

Hi, in a View or WordPress Archive you can add a Post Author Query Filter to restrict the results to those created by the current logged-in User. I'm attaching post-author-filter.png here as an example. The Query filter editor is part of the View editor screen (or WordPress Archive editor screen). It may be hidden depending on the settings you chose when you created the View or WordPress Archive. If so, you can scroll to the top right and click "Screen Options" to activate this panel.

Another option is to use the "Private" post status to make all posts private. Then you won't need Query filters to restrict those posts from other Users - only the author and site admins will have access to those posts. I'm attaching private-status.png here showing how you can configure Forms to create private posts.

#1152765

Ok great thanks. I did see the filter by logged in Author and that works perfectly fine when displaying all results in a view. However, when I went to the single page view of the post it was being displayed to anyone who had the role as set in Access.

I'm assuming maybe I need to setup a single page template view that filters by Author?

I didn't know about the private post also. Can that be changed to view able by the Author and a role of say "Staff Member" rather than administrator? I'm trying to restrict the customer from being an administrator and building everything to be through the front-end using toolset forms.

Cheers,
Peter

#1153263

However, when I went to the single page view of the post it was being displayed to anyone who had the role as set in Access.
Correct. You can apply post groups based on role to restrict a URL completely, or you can use conditional HTML shortcodes to restrict specific content displayed at that URL. For example, you can create a custom post template for this post type and wrap everything in that template with wpv-conditional tags that test the post author against the current User.
https://toolset.com/documentation/user-guides/conditional-html-output-in-views/
One drawback to that approach is that the URL itself is not restricted, only the contents you are able to wrap in the conditional HTML.

I didn't know about the private post also. Can that be changed to view able by the Author and a role of say "Staff Member" rather than administrator?
The built-in Editor and Administrator roles can see others' private posts by default: https://codex.wordpress.org/Content_Visibility#Private_Content
If you want to change it so that a custom "Staff Member" role has access to others' private posts as well, it may be possible with advanced permissions changes in Toolset Access Control, or by using custom code. Our Access documentation is available here: https://toolset.com/documentation/user-guides/access/
The flexibility of permissions management is somewhat dependent upon how this role is created - whether by Access or by some other 3rd-party system.