Restrict Custom Post Type per role in Dashboard

I would like to set up some restrictions on how some roles can access given posts to edit in Dashboard. I have a custom post type affiliates having 2 nested levels. Custom Role User Editor should be able to edit under a level all posts but the normal editor should have access just on items defined by a custom field relation user - post_id Is there an easy way to implement this
Category: Web

Read-Only custom post type

For the contact form of my own theme I have created a Custom Post Type in which the messages of the users are automatically stored. In the administration area the messages can be read similar to comments. By doing this, you can create, change and delete messages in the administration area. All these functionalities should be prevented, so that only the reading of the messages remains possible. I tried to achieve this by giving the custom post type its own …
Category: Web

Locking Down Wordpress Application Password Permissions / Capabilities

I am working on a Wordpress installation where we recently decoupled the frontend into a NextJS application that is no longer hosted on the same domain as the admin. We are accessing data etc through the API. That's been fine for non-logged in users viewing posts etc. But recently we realized that the "preview post" functionality has been broken, because users who are logged in on the admin side are no longer logged in on the frontend. So they can't …
Category: Web

Add a role and give admin priviledges

I am creating a Super Admin role in wordpress Roles. $capabilities=array(); add_role('Administrator', 'Administrator', $capabilities ); add_role('Super Admin', 'Super Admin', $capabilities) ); So while adding a new user I got the Role Option Super Admin. So I added a Super User . Now When I login to wp-admin It gives me error saying: you do not have sufficient permissions to access this page. What more I have to do to make it work. I dont want to use any pluggin. I …
Category: Web

Admin custom option screen not saved unless user manage_options capability

I am running into exactly the problem described by this Trac: https://core.trac.wordpress.org/ticket/14365 I see that one of the devs added a Diff here: https://core.trac.wordpress.org/attachment/ticket/14365/14365.api.diff, which looks like it would add the ability to register the exact capability the user should have, to save the options -- without needing the user to have broad "manage_options" capability which I do not want them to have since it exposes too many other things in Admin. OK, so that Diff looks good to me. …
Category: Web

Disable `create_post` for built-in post type

I have some custom user roles for proofreaders which do not have the capability to create posts of my custom post types. Unfortunately I am unable to find out how to remove that capability for the bulit-in post post type. The Members plugin does not show the create_post argument, so I can't set it do deny (false). Thanks for your help.
Category: Web

Do not allow users to create new posts and pages

I'm defining a new user role called Proofreader and as the name says, users of this group should be able to read and also edit the posts and pages. But I do not want them to create new ones. With my custom post types I can set a capability create_post -> create_{cpt_name} and set it to false for this user group. In the backend they now don't see the add button, but can still edit the posts. That's exactly what …
Category: Web

Getting a List of Currently Available Roles on a WordPress Site?

When writing WordPress plugins there is often a need to set up options for which roles on the site have access to certain functionality or content. To do this a plugin dev needs to fetch the list of roles that exist on the site to use in the option. Because custom roles can be created we cannot assume the default roles are the only ones available. What is the best way to fetch the list?
Category: Web

Remove Custom Capability

I have created a custom post type 'book'. All book post-type are public, so I want to remove some capabilities such as 'delete_private_books', 'read_private_books' etc. How can I achieve this since when I activate member plugin it show all default capabilities including the above mentioned which has nothing to do with my custom post type. I have registered my post type book and added capabilities to it. $labels = array( 'name' => _x( 'Books', 'post type general name' ), 'singular_name' …
Category: Web

Why can my subscribers create new posts for review?

My subscribers seem to have permission to create posts. After reading the documentation on capabilities, this shouldn't be the case. Subscribers should only be able to manage their own profile. I have tested this with all plugins disabled and using the default 2022 theme, and new users are still able to create posts. How do I troubleshoot this, since it doesn't seem to be a theme or plugin issue? Is this a bug in the latest release, perhaps?
Category: Web

How to set "manage categories" capabilities on a post type taxonomy but not on the general categories?

I want to set "manage_categories" capabilities on a post_type taxonomy but not on the general categories? I've added to register_taxonomy: 'manage_terms' => 'manage_categories', 'edit_terms' => 'manage_categories', 'delete_terms' => 'manage_categories', 'assign_terms' => 'read' 'edit_post' => 'edit_video', 'read_post' => 'read_video', 'delete_post' => 'delete_video', 'delete_others_videos' => 'delete_others_videos', 'edit_posts' => 'edit_videos', 'edit_others_posts' => 'edit_others_videos', 'publish_posts' => 'publish_videos', 'read_private_posts' => 'read_private_videos', How do I prevent this user from managing the general site's categories and edit only these post type taxonomies categories? What should I add? …
Category: Web

Restrict access to custom post type based on its taxonomy terms

I'm just beginning to understand the roles and capabilities in Wordpress and I'm not sure that I can do what I would like. I have a custom post type, "cats", that has specific taxonomies such as "status", "age", "breed"... And I have a custom role, "gallerist". I would like the gallerists to be able to create, edit, delete and manage only the "cats" posts that have a specific taxonomy term assigned to them. For example the gallerists would be able …
Category: Web

Allow users with Editor role to edit menus (without a plugin)

I came across the need to have a site Editor to edit menus. I found some answers that suggest the add_cap() approach, to add the edit_theme_options capability to Editor role. This should be done once and then removed from functions.php: // Do this only once. Can go anywhere inside your functions.php file $role_object = get_role( 'editor' ); $role_object->add_cap( 'edit_theme_options' ); The same answer shows a way to hide unwanted Appearance sub-menus. But it also hides those sub-menus to Administrator role. …
Category: Web

re-register custom post type with custom capabilities

I have created custom post type as below. register_post_type( 'connector', array( 'labels' => array( 'name' => __( 'Connectors' ), 'singular_name' => __( 'Connector' ), 'all_items' => __( 'All Connectors' ), 'add_new' => __( 'Add Connector' ), 'add_new_item' => __( 'Add New Connector' ), 'edit' => __( 'Edit'), 'edit_item' => __( 'Edit Connector' ), 'new_item' => __( 'New Connector'), 'view' => __( 'View Connector'), 'view_item' => __( 'View Connector'), 'search_items' => __( 'Search Connectors'), 'not_found' => __( 'No Connectors found' ), …
Category: Web

edit_comment capability for subscriber

I have given my site's subscriber role the following permissions (unserialized DB-query): [subscriber] => Array ( [name] => Reader [capabilities] => Array ( [delete_comment] => 1 [edit_comment] => 1 [level_0] => 1 [quick_edit_comment] => 1 [read] => 1 [reply_comment] => 1 [unfiltered_html] => 1 ) ) I want to make the subscriber be able to edit their comments, but I always get an error "Your are not allowed to edit this comment." I tried the following in debugging (in my …
Category: Web

Wp custom post custom capability not working together

I am trying to make a custom post type editable by a group of people (i.e. The users' department) instead of only the author. I don't want to let them edit posts created by people of other groups(department). I am using the map_meta_cap filter to map the custom capabilities to solve this issue. Which is actually working fine. If I check it like: user_can( $user_id_of_who_is_editing, 'edit_post', $post_id ) It returns true for users of same department. Now, if the non-owner …
Category: Web

Force "submit for review" on update?

I'm trying to force all content to be submitted for review. That means that if a user updates an already published page, that the update would be pending until someone else approves it. I don't see an option when looking at the wp's capabilities. Most role/cap plugins try to do too much and end up creating a mess. Any ideas? I guess, a better question, is if there's a way to save a post as a revision, instead of updating …
Category: Web

Edit and delete permissions pages and posts

Does anybody know if it is possible to protects some pages and posts from editing / deleting unless if the role is admin? Not all posts and pages has to be protected against this! I can not read something about this in the documentation of roles and capabillities. Hope somebody can help me out with this.
Category: Web

About

Geeks Mental is a community that publishes articles and tutorials about Web, Android, Data Science, new techniques and Linux security.