I’m trying to implement what seemed like a relatively straight forward idea, basically I am building an access control plugin to control viewing and editing of a custom post type (in this case ‘Projects’).
How I intend for it to work is that there are multiple users who either have read-only access or read/write access to specific ‘Projects’.
There are multiple Projects in the system and read access is controlled by enabling checkboxes for the specific Projects within the User Profile settings on the site (shown below):
So you assign access to these Projects via this interface then code on the actual Projects page restricts the content from being viewed if the ID of the Project does not match any of the IDs of the checked Projects.
That is all working fine, however, I need to also allow edit capabilities in the same way. So I could enable a user to read a specific page but also to edit that specific page. The problem I am having is that what I’m after doesn’t seem to fit into the regular Roles and Capabilities as basically I just want all users to have the same Role (basically just the Subscriber Role). But I want to add edit capability to a specific user for a specific page, whereas Roles are generally about adding Capabilities to a ‘type’ of user.
Hopefully I’ve managed to explain what I’m trying to here, I’m struggling to find the correct code / function for doing this although I’m sure it must be possible as there are Plugins out there that can enable access to specific pages etc, but obviously in this case I don’t want to rely on a plugin as what I’m building is a plugin itself!
Update: I’ve persevered further trying to resolve this, but so far I still can’t see how to enable access to specific posts / pages etc without resorting to creating a custom-role / capability for each specific page, but this seems a bit overkill and I’m not even sure that would work.
Update 2: I’ve added a bounty to this question now to hopefully inspire someone! 😉 I’ve looked further into this but even though I’ve found other plugins that seem to be capable of what I need (along with loads of other features I don’t need!) I just haven’t managed to figure out what code is required to restrict specific instances of a post type to a specific user.
Update 31st Oct:
I’ve been able to get something running thanks to the code that @alexey posted. I now have two lists of IDs, one of which controls Read access and one for Edit access. I’m using current_user_can('read_projects')
to limit viewing of the page content, however, I’ve got a problem in it takes two page loads before it actually restricts the content. The first time I click on a page the content shows, but if I reload the page then the content is hidden correctly. It seems to be something to do with the timing of when user_has_cap
is being triggered but I can’t seem to track anything down, as far as I can tell this should be triggered before the page content is rendered. I’m not going to post any further code here in this update as if there’s no simple reason why this isn’t working then I’d be better posting a new question rather than continuing this one.
I can suggest another method.
First of all: grant full access to projects post type (Example).
At the user profile add allowed posts’ id.
Then use below filter to restrict access if post id isn’t allowed.