Skip Navigation

[Resolved] Split: Access Control for single posts

This is the technical support forum for Toolset - a suite of plugins for developing WordPress sites without writing PHP.

Everyone can read this forum, but only Toolset clients can post in it. Toolset support works 6 days per week, 19 hours per day.

This topic contains 5 replies, has 2 voices.

Last updated by SeanR4675 6 months ago.

Assigned support staff: Waqar.

Author
Posts
#2028453

Ok, I'll check it out.

Another question about permissions: I have all my views set up so that users will only see posts they've created, but it logged-in users can still access anyone else'ss post if they have the direct link. Is there any solution for this?

#2028457

Waqar
Supporter

Languages: English (English )

Timezone: Asia/Karachi (GMT+05:00)

Hi,

Using the Toolset Access control settings for post types, you can have absolute control over which user roles can access which type of content:
https://toolset.com/course-lesson/setting-access-control/

I hope this helps and please let me know if you need any further assistance around this.

regards,
Waqar

#2028923

Waqar, thanks for your response.

I have gone through this page and set permissions the best I can figure out. But I can't figure out how to set custom post types so they are only accessible by the user who created them.

#2028933

Waqar, thanks for your response.

I've gone through and set those permissions as best I can figure out, but I still don't know how to set custom post types so that they are only accessible by the person who created them. As it is now, I can log in as a second user, and using the direct URL, I can access posts made by other users.

#2029385

Waqar
Supporter

Languages: English (English )

Timezone: Asia/Karachi (GMT+05:00)

Thanks for writing back and I apologize for the confusion.

In Toolset Access control for the post types, there is a general option for "read", but not for "read own" or "read others".

To restrict the access to the single post page's content, so it can only be accessed by the users with the "administrator" roles and the user who is the post author, you can follow these steps.

1. Please go to WP Admin -> Toolset -> Content Templates and create a new content template named "No Read Access". You can add any text or message in this template like "You're not allowed access to this page".

2. Next, you can add a custom function attached to the "wpv_filter_force_template" filter, which can force the "No Read Access" template when the visitor is neither an admin and nor the author of the current post:
( ref: https://toolset.com/documentation/programmer-reference/views-filters/#wpv_filter_force_template )


add_filter( 'wpv_filter_force_template', 'dynamic_template_override_own_posts', 99, 3 );
function dynamic_template_override_own_posts( $template_selected, $id, $kind ) {
	$target_post_types = array('book', 'review');

	if ( in_array(get_post_type( $id ), $target_post_types) ) {
		$current_user_id = get_current_user_id();
		$author_id = get_post_field( 'post_author', $id );
		if ( ( !current_user_can('administrator') ) && ($current_user_id != $author_id) )
			$template_selected = 12345;
		}
	return $template_selected;
}

Please replace 'book', 'review' with the slugs of your target post types that you need to restrict and "12345" with the actual ID of your template "No Read Access".

The above code snippet can be included through either Toolset's custom code feature ( ref: https://toolset.com/documentation/adding-custom-code/using-toolset-to-add-custom-code/ ) or through the active theme's "functions.php" file.

#2031229

My issue is resolved now. Thank you!