[Resolved] Split: Access Control for single posts

[Author]

Posts

[SeanR4675]

Ok, I'll check it out.

Another question about permissions: I have all my views set up so that users will only see posts they've created, but it logged-in users can still access anyone else'ss post if they have the direct link. Is there any solution for this?

[Waqar Supporter Languages: English (English ) Timezone: Asia/Karachi (GMT+05:00)]

Hi,

Using the Toolset Access control settings for post types, you can have absolute control over which user roles can access which type of content:
https://toolset.com/course-lesson/setting-access-control/

I hope this helps and please let me know if you need any further assistance around this.

regards,
Waqar

[SeanR4675]

Waqar, thanks for your response.

I have gone through this page and set permissions the best I can figure out. But I can't figure out how to set custom post types so they are only accessible by the user who created them.

[SeanR4675]

Waqar, thanks for your response.

I've gone through and set those permissions as best I can figure out, but I still don't know how to set custom post types so that they are only accessible by the person who created them. As it is now, I can log in as a second user, and using the direct URL, I can access posts made by other users.

[Waqar Supporter Languages: English (English ) Timezone: Asia/Karachi (GMT+05:00)]

Thanks for writing back and I apologize for the confusion.

In Toolset Access control for the post types, there is a general option for "read", but not for "read own" or "read others".

To restrict the access to the single post page's content, so it can only be accessed by the users with the "administrator" roles and the user who is the post author, you can follow these steps.

1. Please go to WP Admin -> Toolset -> Content Templates and create a new content template named "No Read Access". You can add any text or message in this template like "You're not allowed access to this page".

2. Next, you can add a custom function attached to the "wpv_filter_force_template" filter, which can force the "No Read Access" template when the visitor is neither an admin and nor the author of the current post:
( ref: https://toolset.com/documentation/programmer-reference/views-filters/#wpv_filter_force_template )

add_filter( 'wpv_filter_force_template', 'dynamic_template_override_own_posts', 99, 3 );
function dynamic_template_override_own_posts( $template_selected, $id, $kind ) {
	$target_post_types = array('book', 'review');

	if ( in_array(get_post_type( $id ), $target_post_types) ) {
		$current_user_id = get_current_user_id();
		$author_id = get_post_field( 'post_author', $id );
		if ( ( !current_user_can('administrator') ) && ($current_user_id != $author_id) )
			$template_selected = 12345;
		}
	return $template_selected;
}

Please replace 'book', 'review' with the slugs of your target post types that you need to restrict and "12345" with the actual ID of your template "No Read Access".

The above code snippet can be included through either Toolset's custom code feature ( ref: https://toolset.com/documentation/adding-custom-code/using-toolset-to-add-custom-code/ ) or through the active theme's "functions.php" file.

[SeanR4675]

My issue is resolved now. Thank you!