Limit a user to have access to only specified pages?

I have several users that I would like to put in user groups. The reason for this is each user group will have access to a specific set of pages or a specific custom post type. I would like to be able to limit each of the user groups to only have access (both by privilege and visibility) to the specific pages and post types that I choose.

I’d like to have a section of checkboxes in each of the pages/posts that has each user group/role listed. If the user group isn’t checked, they won’t be able to see or edit anything else in the admin.

Read More

These changes only apply to the admin. I want everyone to have access on the front end.

Here’s the code I have so far. I’m creating two different roles and assigning to them only specific capabilities. The intent here is for each of the roles to only be able to see/edit pages to which they are given explicit access. In other words, I’d like the admin to be completely empty for them with the exception of the pages they are allowed to edit. I don’t even want them to be able to see the other pages in the admin.

The code below adds the roles and assigns each of them the capabilities correctly, but they can both see all of the pages, and neither of them can edit any of the pages. I have custom meta associated with the pages they should be able to edit (i.e. ‘allow_access’), and the meta returns an array of user ids that are allowed to edit the page. The meta works correctly and returns the array correctly, but the users are still not able to edit the page.

add_action('init', 'taylors_add_roles');
function taylors_add_roles() {
    if(!$GLOBALS['wp_roles']->life_stages_children) {
        add_role(
            'life_stages_children',
            __( 'Life Stages - Children' ),
            array(
                'read'         => true,
                'edit_posts'   => false,
                'delete_posts' => false,
            )
        );
    }
    if(!$GLOBALS['wp_roles']->life_stages_students) {
        add_role(
            'life_stages_students',
            __( 'Life Stages - Students' ),
            array(
                'read'         => true,
                'edit_posts'   => false,
                'delete_posts' => false,
            )
        );
    }
}

add_action('init', 'taylors_add_cap');
function taylors_add_cap() {
    $custom_cap['life_stages_children'][] = 'edit_life_stages_children_pages';
    $custom_cap['life_stages_children'][] = 'delete_life_stages_children_pages';
    $custom_cap['life_stages_children'][] = 'delete_others_life_stages_children_pages';
    $custom_cap['life_stages_children'][] = 'read_life_stages_children_pages';
    $custom_cap['life_stages_children'][] = 'read_private_life_stages_children_pages';
    $custom_cap['life_stages_children'][] = 'edit_others_life_stages_children_pages';
    $custom_cap['life_stages_students'][] = 'edit_life_stages_students_pages';
    $custom_cap['life_stages_students'][] = 'delete_life_stages_students_pages';
    $custom_cap['life_stages_students'][] = 'delete_others_life_stages_students_pages';
    $custom_cap['life_stages_students'][] = 'read_life_stages_students_pages';
    $custom_cap['life_stages_students'][] = 'read_private_life_stages_students_pages';
    $custom_cap['life_stages_students'][] = 'edit_others_life_stages_students_pages';

    foreach ($custom_cap as $role => $caps){
        foreach ($caps as $cap){
            if(!$GLOBALS['wp_roles']->role_objects[$role]->has_cap($cap)) {
                $GLOBALS['wp_roles']->role_objects[$role]->add_cap($cap);
            }
        }
    }

}

add_filter( 'map_meta_cap', 'taylors_map_meta_cap', 10, 4 );
function taylors_map_meta_cap( $caps, $cap, $user_id, $args ) {

    /* If editing, deleting, or reading a page, get the post and post type object. */
    if ( 'edit_pages' == $cap || 'delete_pages' == $cap || 'read_pages' == $cap ) {
        $post = get_post( $args[0] );
        $post_access = get_post_meta($post->ID, 'allow_access', true); //an array containing the users allowed to access this post.
        $post_type = get_post_type_object( $post->post_type );

        /* Set an empty array for the caps. */
        $caps = array();
    }

    /* If editing a page, assign the required capability. */
    if ( 'edit_pages' == $cap && $post->post_type == 'page' && in_array(get_current_user_id(), $post_access) ) {
        if ( $user_id == $post->post_author )
            $caps[] = $post_type->cap->edit_life_stages_children_pages;
        else
            $caps[] = $post_type->cap->edit_others_life_stages_children_pages;
    }

    /* If deleting a page, assign the required capability. */
    elseif ( 'delete_pages' == $cap && $post->post_type == 'page' && in_array(get_current_user_id(), $post_access) ) {
        if ( $user_id == $post->post_author )
            $caps[] = $post_type->cap->delete_life_stages_children_pages;
        else
            $caps[] = $post_type->cap->delete_others_life_stages_children_pages;
    }

    /* If reading a private page, assign the required capability. */
    elseif ( 'read' == $cap && $post->post_type == 'page' && in_array(get_current_user_id(), $post_access) ) {

        if ( 'private' != $post->post_status )
            $caps[] = 'read';
        elseif ( $user_id == $post->post_author )
            $caps[] = 'read';
        else
            $caps[] = $post_type->cap->read_private_life_stages_children_pages;
    }

    /* Return the capabilities required by the user. */
    return $caps;
}

Related posts

1 comment

Comments are closed.