[Resolved] Using Access control to limit access to a content template for a CPT
This support ticket is created 4 years, 6 months ago. There's a good chance that you are reading advice that it now obsolete.
This is the technical support forum for Toolset - a suite of plugins for developing WordPress sites without writing PHP.
Everyone can read this forum, but only Toolset clients can post in it. Toolset support works 6 days per week, 19 hours per day.
No supporters are available to work today on Toolset forum. Feel free to create tickets and we will handle it as soon as we are online. Thank you for your understanding.
If you want to control the content template display on the frontend, I think in this case the above hook could help. You should add check-in conditions to the hook to check if the user falls in criteria then assign the content template ID you desired to display otherwise you can change the content template ID to a different one which shows just the message.
You made me realize that in the end, I want to lock it up at the CPT level.
So, for the "profile" CPT, I ned to make it fully available to the roles of MANAGER and ADMINISTRATORS, that's easy, BUT can I lock the CPT for the author only with the role of STUDENT ?
So, add this view to your single post type post body or content template you created and add all information within the view's loop editor section. Does this makes sense?
Ok, I think I see what you mean by "So, add this view to your single post type post body or content template you created and add all information within the view's loop editor section. Does this makes sense?"
So far I was using a Content Template attached to "Profile (Single)..
That CT was built using Gutenberg blocks..
I'm not sure how to drag all of that infrastructure into a View loop..
If you can share access details and the Content Template URL I would like to check first how you build the content template using blocks.
Please share admin access details as well as one student user login details so I can perform the test.
*** Please make a FULL BACKUP of your database and website.***
I would also eventually need to request temporary access (WP-Admin and FTP) to your site. Preferably to a test site where the problem has been replicated if possible in order to be of better help and check if some configurations might need to be changed.
I have set the next reply to private which means only you and I have access to it.
Yes - sure, please send me the problem URL where you want to hide the things?
As far as I can see, you want to control the content on the following page - correct?
=> hidden link
But it seems to me this is a public page where every-one can see the page. Do you want that only logged-in users can see that page?
I have set the next reply to private which means only you and I have access to it.
I checked the page as non-loggedin user and it displays the error page and then I also checked the page loggedin as admin as well as the Tina Aliante user and I can see its working. Can you please confirm it works at your end as well and this is your expected results.
It this is working, then I just added the capability to the Author role to Profile post type from access control.
I've created the following content template which displays the message when user has no permission to access the profile - you can adjust the message or add whatever you want as per your requirement.
=> hidden link
I've added the following code to "Custom Code" section offered by Toolset within the "toolset-custom-code" snippet:
=> hidden link
add_filter( 'wpv_filter_force_template', 'prefix_fixed_content_for_visitors', 99, 3 );
function prefix_fixed_content_for_visitors( $template_selected, $id, $kind ) {
global $current_user;
global $post;
if(in_array('administrator',$current_user->roles) or in_array('manager',$current_user->roles) or (in_array('student',$current_user->roles) and $post->post_author == $current_user->ID)
){
$template_selected = 484; // assign a fixed Content Template with ID 123 that contains a static text
}else{
$template_selected = 1158;
}
return $template_selected;
}
And now if you try to access the page: hidden link
It will display the content template 1158 (which is the one which displays the error message) otherwise if the user is logged in as administrator or manager or student and student is author of the profile then it will display the content template 484 (which you already setup)
I hope the above solution will help you to resolve your issue 🙂 Glad to help.
Please let me know if this is still not the expected result.
Ok - I've modified the code as given under as I can not able to assign the assigned content template ID.
add_filter( 'wpv_filter_force_template', 'prefix_fixed_content_for_visitors', 99, 3 );
function prefix_fixed_content_for_visitors( $template_selected, $id, $kind ) {
global $current_user;
global $post;
if((in_array('student',$current_user->roles) and $post->post_author != $current_user->ID) and (!in_array('administrator',$current_user->roles) or !in_array('manager',$current_user->roles))
){
$template_selected = 1158;
}
return $template_selected;
}
I've checked it works for both administrator, for author of the profile post and if user is not author of the profile post, it will display the another content template 1158.
Thanks, that looks sooo close.. My initial test worked, but then discovered I couldn't access other pages.. The scope was too wide? It should only be applied to the single "profile" CPT?
I've tried to refine it but still have not managed to make it work. I've just put back your latest version of the code and flushed the Kinsta cache..
