I need to do the following:
• Logged in users can create posts to the custom post type "briefings" from the front end using a Toolset Post Form (I can do this part)
• Once submitted, that post must ONLY be visible to site Admins and the original user who created the post
• Nobody else at all – neither random visitors to the site, or other logged in users – should be able to view the post.
The use case is that we want to accept client briefings for projects on the site using Toolset Forms. But with it being a private brief, it's important that the content of the post is entirely private between the client and us as site admins.
Please can you tell me if I can do this and, of so, how?
With our Access plugin you should be able to setup the user permissions that you desire.
Once you've correctly setup your permissions then your site should be exactly how you want it where only the Owners and Admins can see their respective posts.
Can I have a follow-up on this? There is no ability – that I can see – to limit the ability to read only an author's own posts. Just the ability to read or not read all posts in that post type.
And if I do that, then it is absolute that nobody AT ALL will be able to view posts other than the post author and admins?
Given that your users would be all under the same role then you won't be able to apply a read only type setting given that the read permissions apply to all users.
If you create a frontend template for your post you can utilize the conditional output to setup the display of the content to check if the user is the current author or if they are an admin and display the post content based on that.
However if this is on the backend if you de-select the edit any option then they won't be able to preview the other users post on the backend.
Please let me know if this provides a bit more clarity for you.
That is Correct, given that the user roles for wordpress itself doesn't include a Read Own permission then it's not possible to set this up.
However what i'm not clear on is if this is for the backend or for the frontend. Is it that you don't want other user's seeing the content itself on the Frontend? Because if you remove the Edit Any permissions and select the Edit Own permissions then only the owners of the Posts can preview/edit the posts on the Backend.
However for the frontend you will need to use the conditional code mentioned in my previous thread to check the post author.
Are you building a custom page template for your posts on the frontend ? If so are you using the Gutenburg editor to create the frontend template?
The reason for asking is because we have a conditional block that you can use to essentially wrap the entire template in a conditional statement.
The conditional will essentially achieve the same goal as a Read Own permission if setup correctly.
Please let me know if this clarifies the issue for you and I will be more than happy to continue assisting with this one.
This is for the front end. The intent is that Users can edit posts on the frontend, and that other users must be prevetned from seeing content that is not their own. No users (other than the site admin) will have any backend access whatsoever.
I am building page templates for the custom posts on the front end, and doing so using Elementor.
