Hi Team,
Loving your work with the toolset!
I have a scenario where I am creating a members area for my customer. In my case my customer is a kids sport activities provider. The users who register for the site will be Parents of children.
I have created a custom post type of "Children" and have a toolset form built for creating the children. I then have a view on a members profile page that only show's their children.
The only issue I have is that the restriction to view the custom post type seems to be by Role, rather than the author.
For example: My name is Peter and I have 2 children Layla and Joel.
If Joe Bloggs registers an account and logs in with a role of "Member", while he won't see my 2 children on his profile page, if he does a search or knows the permalink to my 2 children he would be able to see it.
Is access able to restrict the view of a post to the author of the post?
Hi, in a View or WordPress Archive you can add a Post Author Query Filter to restrict the results to those created by the current logged-in User. I'm attaching post-author-filter.png here as an example. The Query filter editor is part of the View editor screen (or WordPress Archive editor screen). It may be hidden depending on the settings you chose when you created the View or WordPress Archive. If so, you can scroll to the top right and click "Screen Options" to activate this panel.
Another option is to use the "Private" post status to make all posts private. Then you won't need Query filters to restrict those posts from other Users - only the author and site admins will have access to those posts. I'm attaching private-status.png here showing how you can configure Forms to create private posts.
Ok great thanks. I did see the filter by logged in Author and that works perfectly fine when displaying all results in a view. However, when I went to the single page view of the post it was being displayed to anyone who had the role as set in Access.
I'm assuming maybe I need to setup a single page template view that filters by Author?
I didn't know about the private post also. Can that be changed to view able by the Author and a role of say "Staff Member" rather than administrator? I'm trying to restrict the customer from being an administrator and building everything to be through the front-end using toolset forms.
Cheers,
Peter
However, when I went to the single page view of the post it was being displayed to anyone who had the role as set in Access.
Correct. You can apply post groups based on role to restrict a URL completely, or you can use conditional HTML shortcodes to restrict specific content displayed at that URL. For example, you can create a custom post template for this post type and wrap everything in that template with wpv-conditional tags that test the post author against the current User.
https://toolset.com/documentation/user-guides/conditional-html-output-in-views/
One drawback to that approach is that the URL itself is not restricted, only the contents you are able to wrap in the conditional HTML.
I didn't know about the private post also. Can that be changed to view able by the Author and a role of say "Staff Member" rather than administrator?
The built-in Editor and Administrator roles can see others' private posts by default: https://codex.wordpress.org/Content_Visibility#Private_Content
If you want to change it so that a custom "Staff Member" role has access to others' private posts as well, it may be possible with advanced permissions changes in Toolset Access Control, or by using custom code. Our Access documentation is available here: https://toolset.com/documentation/user-guides/access/
The flexibility of permissions management is somewhat dependent upon how this role is created - whether by Access or by some other 3rd-party system.