[Résolu] Post by User role hidden from other user roles of the same type

[Auteur]

Publications

[MargeP6083]

I'm trying to hide a post type (Talent Profile CPT) from other Talent user roles. So the user role Talent would only see their Talent Profile. ( as default)

Then the Talent user can select a checkbox with Talent user role if they want to allow other Talent users to view their profile. (I think there is another support post about this, but I can't find it.)

Is there any documentation that you are following? https://toolset.com/forums/topic/show-content-dynamically-based-on-authors-role/

lien caché

Thank you!

[Waqar]

Hi Marge,

Thank you for contacting us and I'd be happy to assist.

Based on what you've shared, I'll assume that for every user with the "Talent" role, your website has exactly one post in "Talent Profile" CPT and that user is also set as the post author.

If that is correct, you can include a new custom field "visible to others" with "Talent Profile" CPT. While editing this "Talent Profile" post you can allow your talent role users to either select yes/no option, that will decide if other talent users can view their profile or not.

For actually showing or hiding that post's content, you can use a conditional output block that checks for that new custom field value:
https://toolset.com/documentation/user-guides/views/conditional-html-output-in-views/checking-types-fields-and-custom-fields/

For example, suppose that you have a select type custom field with slug "visible-to-others".
( screenshot: lien caché )

In that case, the conditional blocks will look like this:

[wpv-conditional if="( '[wpv-post-author format='meta' meta='ID']' eq '[wpv-user field='ID']' ) OR ( $(wpcf-visible-to-others) eq 'yes' )"]
You're allowed to view this content!
[/wpv-conditional]

[wpv-conditional if="( '[wpv-post-author format='meta' meta='ID']' ne '[wpv-user field='ID']' ) AND ( $(wpcf-visible-to-others) ne 'yes' )"]
You're not allowed to view this content!
[/wpv-conditional]

The first block will check whether the current post author ID is the same as the currently logged-in user's ID or if the value of the "wpcf-visible-to-others" field is set to "yes". If any of these two conditions is true, the enclosed content will show.

Likewise, the other block will show the enclosed content, only if the post author is not the same as the logged-in user and the value of the "wpcf-visible-to-others" is also not set to "yes".

I hope this helps and please let me know if you need any further assistance around this.

regards,
Waqar

[MargeP6083]

Thanks!

How can I make the entire profile post hidden? Talent only can see their own profile.

[Waqar]

Thanks for writing back.

If you're using a content template to show the content on the single post pages of this profile CPT, you can wrap that content in the conditional blocks, shared in the last message.

In case you've set the profile posts differently, you're welcome to share temporary admin login details, along with the link to the profile page, so that I can suggest the best way forward accordingly.

Note: Your next reply will be private and please make a complete backup copy, before sharing the access details.

[Waqar]

Thank you for sharing the admin access.

I'm currently running some tests with a similar set up on my test website, to suggest the next steps.

I'll update you with my findings, as soon as this testing completes.

Thank you for your patience.

[MargeP6083]

Any update? Thank you!

[Waqar]

Thank you for waiting and I apologize for the delay in getting back on this.

To achieve this through post groups, you'll need to programmatically assign or change the post group set to each "Talent Profile" CPT post.

The Toolset Access plugin stores the information about the assigned post group to each post through the value stored in a custom field with key "_wpcf_access_group".
( more info: https://toolset.com/documentation/user-guides/access-control/using-access-to-hide-certain-posts-from-view-results/#get-the-post-group-id )

You can create two new post groups:

a). Talent Private:
This group will be set by default for all "Talent Profile" posts so that they can only be accessed by that original talent user.

b). Talent Public:
This group will be set to those "Talent Profile" posts where the Talent user has allowed other Talent users to view their profile.

The first step would be to note down the Post Group IDs or the value of "_wpcf_access_group" field for both these post groups.
( ref: https://toolset.com/documentation/user-guides/access-control/using-access-to-hide-certain-posts-from-view-results/#get-the-post-group-id )

After that, you can use "cred_save_data" hook to programmatically set the "Talent Private" post group to a new "Talent Profile" post when it is created through a Toolset Form:
https://toolset.com/documentation/programmer-reference/cred-api/#cred_save_data

Likewise, you can attach another function to this same "cred_save_data" hook to programmatically set the "Talent Public" post group, when the edit form for the "Talent Profile" post is submitted and a "talent" user decides to make his talent profile visible to other "talent" users.

I hope this helps and please let me know if any specific point or step is not clear.

regards,
Waqar

[MargeP6083]

Hi I'm starting on this. The first step is I setup the Post group private (no access) to this post type. I gave access to two other User types and left the Talent user unticked. lien caché

The Talent Profiles are still viewable by other Talent users. They are not private, even though the Post Group is not giving access to them.

If I remove "Read" in Access, the "edit" and "delete" go away. lien caché

I'm unable to hide this Talent Profile from other Talent Users. How can I do this to start?

Thanks!

[Nigel]

Hi Marge

Waqar is on vacation for a while, so let me take over here.

Responding just to your last update, I didn't have any problems restricting access to some posts (in a Post Group) to some role.

I added a "Talent" custom role (copied from author).

My post type is brought under Access control. I didn't change the defaults (I chose author because the defaults match what I need, that such users can publish and edit their own posts and read posts of that type).

I went to the Post Groups tab and created a new group for this post type and added several posts to the group. In the settings for this post group I removed read rights for the Talent role.

I copied the URL for one of the restricted posts and logged in as a Talent user in another browser tab, then pasted the post URL. That gave me a 404 error, confirming that the Access restrictions are working. (I copied in the URL of an unresricted post and could see it, again, as expected.)

However, I'm not sure how this helps.

Scanning Waqar's proposed solution, I don't understand how it can work.

It appears to require dividing the profile posts into two Post Groups, one of which allows Talent users to read them, the other of which prevents Talent users from reading them.

But how are Talent users in the second, restricted group, supposed to read their own profile posts?

A conditional block isn't going to help if Access has already denied read rights.

Let me have a think about this myself and then I'll come back to you again.

[Nigel]

I took another look at this, and the only way to implement it via Toolset-alone is to set the talent role so that they can read the profile posts (meaning they can read any) and then, as Waqar suggested, using wpv-conditional shortcodes (or conditional blocks) to hide the profile content from talent users who are not the author, except where the profile post is marked as public.

If your experience is that this doesn't work (there is a limit to the amount of content that can be wrapped in this way which arises from PHP) then I think the best solution is probably to add a little custom code that performs a redirect on the profile posts when visited by users that shouldn't be able to see them.

Something like this (I didn't test; you'll need to edit for the post type, the custom role, and the custom field that determines if the posts are public, and which I assume saves '1' if it is):

add_action( 'template_redirect', 'ts_redirect', 5 );
function ts_redirect(){

    // Edit
    $post_type = 'profile';
    $role = 'talent';
    $field = 'wpcf-public'; // custom field slug including wpcf- prefix

    if ( is_singular( $post_type ) ){

        $user = wp_get_current_user();
        $roles = $user->roles;

        if ( in_array( $role, $roles ) ){

            global $post;
            $public = get_post_meta( $post->ID, $field, true );

            if ( ( $user->ID != $post->post_author ) && $public != 1 ){
                // not permitted, redirect
                wp_redirect( home_url() );
                die;
            }
        }
    }
}

Can you try that?