[Resolved] Restricting View Access based on Author’s User Role

[Author]

Posts

[christineH-9]

About 6 months ago we opened this ticket to ask about restricting access to content generated by a user when their membership has expired: https://toolset.com/forums/topic/set-content-read-view-permissions-based-on-content-creators-access-level/

Since then we have finished the website, and applied the code restricting access, but it doesn't seem to be working. I would like some help modifying this custom code.

I've added this custom code snippet to the Toolset settings, and set it to always run on the front end.
Here is an example of an 'event' post type where the author does not currently have a Professional user role:
hidden link

The code as written is set to only restrict 'event' post types, but once we can confirm that it is working we will also need it to block access to 'profile' and 'facilitator-profile' post types.

Thank you for your help with this.

<?php
/**
* New custom code snippet (replace this with snippet description).
*/

toolset_snippet_security_check() or die( 'Direct access is not allowed' );

// Put the code of your snippet below this comment.

function restrict_guest_event_access( $allcaps, $cap, $args, $user_id ) {
if ( $cap === 'read_post' ) {
if ( isset( $args[0] ) ) {
$post_id = $args[0];
$post = get_post( $post_id );

if ( $post && $post->post_type === 'event' ) {
$author_id = get_post_field( 'post_author', $post_id );
$author = get_user_by( 'id', $author_id );

if ( $author ) {
$author_roles = (array) $author->roles;
//check if author has the professional role
if ( in_array( 'professional', $author_roles) ) {
// Check if current user (guest) has the capability to view professional events
if( ! current_user_can( 'view_professional_events' ) ) {
$allcaps['read_post'] = false;
}

} else {
// Check if current user (guest) has the capability to view general events
if ( ! current_user_can( 'view_general_events' ) ) {
$allcaps['read_post'] = false;
}
}

}
}
}
}
return $allcaps;
}
add_filter( 'user_has_cap', 'restrict_guest_event_access', 10, 4 );

[Minesh]

Hello. Thank you for contacting the Toolset support.

What if you try to add the code you shared to your current theme's functions.php file and remove that from the Toolset custom code section. Does that helps?

[christineH-9]

Thank you for the suggestion. I've added the same code to the theme's functions.php, and I'm still not seeing any difference. The workshop I linked is still accessible.

[Minesh]

Ok - I will have to check what could be the possible solution in your case.

Can you please send me admin access details.

*** Please make a FULL BACKUP of your database and website.***
I would also eventually need to request temporary access (WP-Admin and FTP) to your site. Preferably to a test site where the problem has been replicated if possible in order to be of better help and check if some configurations might need to be changed.

I have set the next reply to private which means only you and I have access to it.

[Minesh]

I see you have a custom role "Professional Member".

how you want to restrict the user?

Do you want to restrict the guest user to access event post? or you want that if post author is "Professional Member". I tried couple of solution but somehow its not working.

Maybe you can get in touch with "yootheme" support and check for possible solution with them.

[christineH-9]

Yes, I have the role "Professional Member" set up with Toolset, and WooCommerce will switch users into that role when they have an active membership. It will downgrade them to the "Customer" role when their membership expires.

I would like to restrict public users so they are allowed to view page content created by users with the "Professional Member" role, but they are not allowed to view content created by users with the "Customer" role.

The access restriction code put into functions.php should work regardless of the YooTheme template. Correct?
It should also work if placed in the Toolset - Settings - Custom Code. Isn't that right?

I will search for a relevant plugin or custom code outside of Toolset that may help.

[christineH-9]

I revised the code that I applied to the Custom Code, and it began to work. Thank you for your help.

function restrict_content_by_author_role() {
// 1. Check if we are viewing a single post/custom post type
if ( is_singular( array( 'event', 'profile' ) ) ) {
// Customize the array() above with the slug(s) of your custom post types
// for events and profiles (e.g., 'event', 'profile', 'my_cpt_slug').

$post_id = get_queried_object_id();
$author_id = get_post_field( 'post_author', $post_id );

// 2. Get the author's user object
$author_user = get_userdata( $author_id );

// 3. Define the required role
$required_role = 'professional_member'; // Use the actual slug of your role

// 4. Check if the author has the required role
// The $author_user->roles is an array of roles the user has.
if ( ! in_array( $required_role, (array) $author_user->roles ) ) {

// 5. If the author is NOT a Professional Member, force a 404 error
global $wp_query;

$wp_query->set_404();
status_header( 404 );
nocache_headers();
include( get_query_template( '404' ) );
exit; // Stop further execution
}
}
}
add_action( 'template_redirect', 'restrict_content_by_author_role' );