I would like to set up some restrictions on how some roles can access given posts to edit in Dashboard. I have a custom post type affiliates having 2 nested levels. Custom Role User Editor should be able to edit under a level all posts but the normal editor should have access just on items defined by a custom field relation user - post_id Is there an easy way to implement this
For the contact form of my own theme I have created a Custom Post Type in which the messages of the users are automatically stored. In the administration area the messages can be read similar to comments. By doing this, you can create, change and delete messages in the administration area. All these functionalities should be prevented, so that only the reading of the messages remains possible. I tried to achieve this by giving the custom post type its own …
I am working on a Wordpress installation where we recently decoupled the frontend into a NextJS application that is no longer hosted on the same domain as the admin. We are accessing data etc through the API. That's been fine for non-logged in users viewing posts etc. But recently we realized that the "preview post" functionality has been broken, because users who are logged in on the admin side are no longer logged in on the frontend. So they can't …
I am creating a Super Admin role in wordpress Roles. $capabilities=array(); add_role('Administrator', 'Administrator', $capabilities ); add_role('Super Admin', 'Super Admin', $capabilities) ); So while adding a new user I got the Role Option Super Admin. So I added a Super User . Now When I login to wp-admin It gives me error saying: you do not have sufficient permissions to access this page. What more I have to do to make it work. I dont want to use any pluggin. I …
I am running into exactly the problem described by this Trac: https://core.trac.wordpress.org/ticket/14365 I see that one of the devs added a Diff here: https://core.trac.wordpress.org/attachment/ticket/14365/14365.api.diff, which looks like it would add the ability to register the exact capability the user should have, to save the options -- without needing the user to have broad "manage_options" capability which I do not want them to have since it exposes too many other things in Admin. OK, so that Diff looks good to me. …
I have some custom user roles for proofreaders which do not have the capability to create posts of my custom post types. Unfortunately I am unable to find out how to remove that capability for the bulit-in post post type. The Members plugin does not show the create_post argument, so I can't set it do deny (false). Thanks for your help.
I'm defining a new user role called Proofreader and as the name says, users of this group should be able to read and also edit the posts and pages. But I do not want them to create new ones. With my custom post types I can set a capability create_post -> create_{cpt_name} and set it to false for this user group. In the backend they now don't see the add button, but can still edit the posts. That's exactly what …
When writing WordPress plugins there is often a need to set up options for which roles on the site have access to certain functionality or content. To do this a plugin dev needs to fetch the list of roles that exist on the site to use in the option. Because custom roles can be created we cannot assume the default roles are the only ones available. What is the best way to fetch the list?
I have created a custom post type 'book'. All book post-type are public, so I want to remove some capabilities such as 'delete_private_books', 'read_private_books' etc. How can I achieve this since when I activate member plugin it show all default capabilities including the above mentioned which has nothing to do with my custom post type. I have registered my post type book and added capabilities to it. $labels = array( 'name' => _x( 'Books', 'post type general name' ), 'singular_name' …
My installed Wordpress have 4 custom post type and 1 default post type. Basically what i want is that the author can also access particular one custom post type. Author must not see other post types.
My subscribers seem to have permission to create posts. After reading the documentation on capabilities, this shouldn't be the case. Subscribers should only be able to manage their own profile. I have tested this with all plugins disabled and using the default 2022 theme, and new users are still able to create posts. How do I troubleshoot this, since it doesn't seem to be a theme or plugin issue? Is this a bug in the latest release, perhaps?
I want to set "manage_categories" capabilities on a post_type taxonomy but not on the general categories? I've added to register_taxonomy: 'manage_terms' => 'manage_categories', 'edit_terms' => 'manage_categories', 'delete_terms' => 'manage_categories', 'assign_terms' => 'read' 'edit_post' => 'edit_video', 'read_post' => 'read_video', 'delete_post' => 'delete_video', 'delete_others_videos' => 'delete_others_videos', 'edit_posts' => 'edit_videos', 'edit_others_posts' => 'edit_others_videos', 'publish_posts' => 'publish_videos', 'read_private_posts' => 'read_private_videos', How do I prevent this user from managing the general site's categories and edit only these post type taxonomies categories? What should I add? …
I'm just beginning to understand the roles and capabilities in Wordpress and I'm not sure that I can do what I would like. I have a custom post type, "cats", that has specific taxonomies such as "status", "age", "breed"... And I have a custom role, "gallerist". I would like the gallerists to be able to create, edit, delete and manage only the "cats" posts that have a specific taxonomy term assigned to them. For example the gallerists would be able …
I came across the need to have a site Editor to edit menus. I found some answers that suggest the add_cap() approach, to add the edit_theme_options capability to Editor role. This should be done once and then removed from functions.php: // Do this only once. Can go anywhere inside your functions.php file $role_object = get_role( 'editor' ); $role_object->add_cap( 'edit_theme_options' ); The same answer shows a way to hide unwanted Appearance sub-menus. But it also hides those sub-menus to Administrator role. …
I have given my site's subscriber role the following permissions (unserialized DB-query): [subscriber] => Array ( [name] => Reader [capabilities] => Array ( [delete_comment] => 1 [edit_comment] => 1 [level_0] => 1 [quick_edit_comment] => 1 [read] => 1 [reply_comment] => 1 [unfiltered_html] => 1 ) ) I want to make the subscriber be able to edit their comments, but I always get an error "Your are not allowed to edit this comment." I tried the following in debugging (in my …
I am trying to make a custom post type editable by a group of people (i.e. The users' department) instead of only the author. I don't want to let them edit posts created by people of other groups(department). I am using the map_meta_cap filter to map the custom capabilities to solve this issue. Which is actually working fine. If I check it like: user_can( $user_id_of_who_is_editing, 'edit_post', $post_id ) It returns true for users of same department. Now, if the non-owner …
For example, if I create a post type called "destinations" does that automatically create capabilities like "edit_destinations" or "delete_destinations"?
I'm trying to force all content to be submitted for review. That means that if a user updates an already published page, that the update would be pending until someone else approves it. I don't see an option when looking at the wp's capabilities. Most role/cap plugins try to do too much and end up creating a mess. Any ideas? I guess, a better question, is if there's a way to save a post as a revision, instead of updating …
Does anybody know if it is possible to protects some pages and posts from editing / deleting unless if the role is admin? Not all posts and pages has to be protected against this! I can not read something about this in the documentation of roles and capabillities. Hope somebody can help me out with this.