Allow member to have access to custom post type only. Permission to only edit their own posts

1 Views

OK I’m looking for the best way to attack this.

I’m very comfortable with PHP and making custom post types with custom meta fields in WordPress.

Read More

Here is what I’m looking at doing:

  1. User registers and is set at
    subscriber by default.
  2. User requests from admin to have
    permission to custom post type.
  3. Admin assigns user to another
    permission name like “Shop Owner”.
  4. User can now see custom post type
    and can make an entry to this post
    type.
  5. User can only see and edit their own
    post.

I need help on the following:

  1. How to create a new “Role” called
    “Shop Owner”,
  2. How to give the correct permission
    to said role to only see and have
    access to custom post type.
  3. Only allow user to see and edit
    their own posts to this custom post
    type.

Ideally I would prefer this was all done from the wp-admin but I’m guessing that I might need to build a front end for this to get the finite control I’m after.

Any input is greatly appreciated.

Kind Regards

Post Views: 1

Related posts

Leave a Reply

5 comments

  1. Use Justin Tadlock’s plugin “Members“. It gives you the ability to create new roles and edit existing roles, as well as add custom capabilities. All that work that you’d have to do can be taken down to a few clicks.

    I know you said in your comment on ZaMoose’s answer that you are ‘looking to write the functionality myself so I have full control over everything.’ That’s missing the whole point of open source software. Justin Tadlock released his plugin so you could use it precisely so you WOULD have complete control over everything.

    If you really really want to reinvent the wheel, potentially wasting hundreds of hours of your own time I can’t stop you, but you could at least save yourself the trouble and use Tadlock’s plugin to learn how to do what you want.

    Once you have a plugin that does what you want, you’ll need to change the 'map_meta_cap' flag to true and the 'capability_type' flag in your post type registration function so that it says something other than ‘post’, ‘page’, or any other ‘reserved’ type. Then, duplicate all the capabilities related to posts (e.g. edit_posts, edit_others_posts, publish_posts, etc.), using your capability type instead of posts. Make sure to assign all these permissions to administrators (you won’t be able to see the post type until you do this), then create your role, mimicking the ‘contributor’ role’s abilities for your post type.

    For example, say your capability type was foobars, you would want to give ‘shop owners’ the edit_foobars, delete_foobars, and read capabilities. That way they can create their own draft foobars, and delete those drafts, but because they don’t have publish_foobars capabilities, they have to submit them for approval. Because they don’t have edit_published_foobars, all modifications to an approved foobar have to be approved.

  2. The register post type has a parameter called “capabilities” so you can have for instance 

    'capability' => 'organize_shop',

    http://codex.wordpress.org/Function_Reference/register_post_type

    To create a new user/role/capability you can use add_role, add_cap, for a simple example to get you started:

    // Add the role to WordPress list of roles
// Then add the capability 'organize_shop' to the 'shop_owner' role
$role = add_role( 'shop_owner', 'Shop Owner', ['edit_posts' => true]));
$role->add_cap( 'organize_shop' );


// If 'shop_owner' already exists make `$wp_roles` visible then 
// add the capability 'organize_shop' to the 'Show Owner' role
public $wp_roles;
$wp_roles->add_cap( 'shop_owner', 'organize_shop' );

  4. An easier and efficient way how this can be achieved by installing a plugin called “Advance Access Manager” , you will not have to write the functionality but still have decent level of control on the users , roles and what they can do . Most of the stuff you want can be achieved by this plugin .

  5. I know this is quite the corner-case, but it cost me an hour to figure this out.

    I had the plugin: WP Custom Admin Interface enabled, where you can customize the admin-menu for specific users.
    If you register a custom post type, after having enabled and customized the menu, then there is a button in ‘Custom Admin Interface’ >> ‘Admin Menu’, that is called ‘Add newly added menu items’. Then press ‘Save’ after that, and if the menu point is accessible for that user type, then it’ll work after that.