I have a WordPress-Site where some people (non-expert clients) need to create/manage users. The site uses multiple custom post types and each user is assigned permissions for one or several of those cpt’s. At the moment i see two ways to handle this and i’m not very happy with any of them.
(1) User roles:
If i have four custom post types (A,B,C,D) then i would need a lot of User Roles to cover all combinations of capabilities. (Role A, Role AB, Role ABD …). That’s not very convenient for the client to manage.
(2) Capability Management Plugin: If it was me to manage the users i would use a plugin like “User Role Editor”. But that is quite complicated to handle for my non-expert clients and the risk of messing up the system is high.
What i think of is to have simple checkboxes (at least when creating a new user) where the client can choose the custom post types the new user should be able to access. Like: this user will be able to do everything with cpt A and B and D.
Is there a way to do this and is this even something you should do with WordPress?
UPDATE
@RyanLoremIpsum pointed me in the right direction so i was able to write a little plugin that is as simple as i need it to be. Looks something like that:
You don’t necessarily have to assign roles to manage the user’s capabilities.
First, register your custom post types with their respective capabilities.
See capabilities under Function Reference/register post type – Parameters
Managing User Capabilities
You can use add_cap or remove_cap to add or remove user capabilities for a specific user.
This is handy because it allows you to grant a user capabilities that do not belong to the user’s assigned role.
For example, you may create a form with check boxes for each post type like you were saying. For each box checked, it would grant a given user ID the capabilities you created when you registered that post type. Likewise, unchecking a box could remove the capabilities.