Skip Navigation

[Resolved] Restrict viewing of posts to post creators and admin only

This is the technical support forum for Toolset - a suite of plugins for developing WordPress sites without writing PHP.

Everyone can read this forum, but only Toolset clients can post in it. Toolset support works 6 days per week, 19 hours per day.

Tagged: 

This topic contains 8 replies, has 2 voices.

Last updated by Shane 1 month, 3 weeks ago.

Assigned support staff: Shane.

Author
Posts
#1658265

Hi there. I hope you can help with this request.

I need to do the following:
• Logged in users can create posts to the custom post type "briefings" from the front end using a Toolset Post Form (I can do this part)
• Once submitted, that post must ONLY be visible to site Admins and the original user who created the post
• Nobody else at all – neither random visitors to the site, or other logged in users – should be able to view the post.

The use case is that we want to accept client briefings for projects on the site using Toolset Forms. But with it being a private brief, it's important that the content of the post is entirely private between the client and us as site admins.

Please can you tell me if I can do this and, of so, how?

Many thanks for your time.
Andrew.

#1658973

Shane
Supporter

Languages: English (English )

Timezone: America/Jamaica (GMT-05:00)

Hi Andrew,

Thank you for getting in touch.

Not sure if you have already taken a look at our Access plugin's documentation but if not then you should have a look below.
https://toolset.com/documentation/user-guides/access-control/setting-access-control/

With our Access plugin you should be able to setup the user permissions that you desire.

Once you've correctly setup your permissions then your site should be exactly how you want it where only the Owners and Admins can see their respective posts.

Please let me know if this helps.
Thanks,
Shane

#1659637

Hi Shane,

And if I do that, then it is absolute that nobody AT ALL will be able to view posts other than the post author and admins?

Even if someone accidentally stumbled on the link: they would not be able to see the post content?

Thanks for your time,
Andrew.

#1660239

Can I have a follow-up on this? There is no ability – that I can see – to limit the ability to read only an author's own posts. Just the ability to read or not read all posts in that post type.

Am I missing something?

#1660307

Shane
Supporter

Languages: English (English )

Timezone: America/Jamaica (GMT-05:00)

Hi Andrew,


And if I do that, then it is absolute that nobody AT ALL will be able to view posts other than the post author and admins?

Given that your users would be all under the same role then you won't be able to apply a read only type setting given that the read permissions apply to all users.

What you can do is to use the conditional statement to check the author of the post.
https://toolset.com/documentation/user-guides/views/conditional-html-output-in-views/

If you create a frontend template for your post you can utilize the conditional output to setup the display of the content to check if the user is the current author or if they are an admin and display the post content based on that.

However if this is on the backend if you de-select the edit any option then they won't be able to preview the other users post on the backend.

Please let me know if this provides a bit more clarity for you.

Thanks,
Shane

#1660481

So it does not, in fact, help my case? Because the settings for Access don't allow to only Read OWN posts? Is that correct?

#1660629

Shane
Supporter

Languages: English (English )

Timezone: America/Jamaica (GMT-05:00)

Hi Andrew,

That is Correct, given that the user roles for wordpress itself doesn't include a Read Own permission then it's not possible to set this up.

However what i'm not clear on is if this is for the backend or for the frontend. Is it that you don't want other user's seeing the content itself on the Frontend? Because if you remove the Edit Any permissions and select the Edit Own permissions then only the owners of the Posts can preview/edit the posts on the Backend.

However for the frontend you will need to use the conditional code mentioned in my previous thread to check the post author.

Are you building a custom page template for your posts on the frontend ? If so are you using the Gutenburg editor to create the frontend template?

The reason for asking is because we have a conditional block that you can use to essentially wrap the entire template in a conditional statement.

The conditional will essentially achieve the same goal as a Read Own permission if setup correctly.

Please let me know if this clarifies the issue for you and I will be more than happy to continue assisting with this one.

Thanks,
Shane

#1662979

This is for the front end. The intent is that Users can edit posts on the frontend, and that other users must be prevetned from seeing content that is not their own. No users (other than the site admin) will have any backend access whatsoever.

I am building page templates for the custom posts on the front end, and doing so using Elementor.

How will that all work?

#1663521

Shane
Supporter

Languages: English (English )

Timezone: America/Jamaica (GMT-05:00)

Hi Andrew,

This will be quite tricky given that you will need to use the Post Content widget from Elementor in order to display the content of your post.

With this widget we won't be able to wrap it in a conditional shortcode. So you won't be able to restrict the post content from being seen.

What you can try doing is using the [wpv-post-body] shortcode to display the contents of your post.

Then wrap it in the conditional code like this.

[wpv-conditional if=" ('[wpv-post-author format='meta' info='ID']' eq '[wpv-current-user format='meta' info='id']' ]

[wpv-post-body]

[/wpv-conditional]

Please let me know if this helps.
Thanks,
Shane