I’m making a custom post type which is intended to be viewed by logged in users only, I’ve created a single-{postType}.php to override the default rendering and has included a logincheck in the top which redirects to the login page and back, after login.
I’ve not enabled archive for my post type, so I imagine I don’t have to override the custom archive page in addition.
And this seems to work as intended, and easy maintainable without any plugins or whatnot.
But is this enough to make sure the posts won’t be visible for unauthorized users? What possible viewmodes/url-paths does a custom post type have?
Afaik, I have to make the post publicly_queryable = TRUE, as I want it to be visible on the front end, although, only for logged in users. I’m not sure if there is some trickery I can do with the settings for the custom post type, or specific queries I may use in the single-{postType}.php to fetch non public queryable posts?
A simple filter on your post content can do this job easily. Lets try this code
We are applying filter on the post content. If the post type is your custom post type and the user is not logged in, s/he will see “Please login to view this post” instead of original content.
You could also extend the function above into a shortcode that would allow you to specify which parts of a post you would want hidden from users who are not logged-in.