Setting permissions by Custom Post Type

written by: Jeff McNear

Most membership and restricted content plugins focus on the limitation of of access to front end content where a validated user is able to see content that is denied to the non-validated user. The approach to most is to restrict content by taxonomy term, specific pages or posts, sections of templates that are coded to require validation but surprisingly not often by Custom Post Type.

This plugin: https://wordpress.org/plugins/capability-manager-enhanced/ is extension of a paid membership plugin, but it does not require it in order to function. The capability manager enhanced extension allows access permissions to be allowed by user level and set restrictions by post type.

In a use case where a certain user level is given the capability to edit only certain types of content using the above plugin can be very useful. Capabilities can be further restricted to content where the logged in user only has rights of editing to the contact assigned to that user as the author.

NOTE: in creating the custom post type it is important to specify that the “author” capability like this:

'supports' => array( 'title' , 'thumbnail' , 'excerpt' , 'editor', 'author'),

In my use case the back-end permission restriction needed to differ for each post & user type, but on the front-end it would be perfectly fine for any validated user to access that content. So I could simply prevent non-validated users from seeing the protected content by wrapping the relevant section in code like this:

<?php if ( is_user_logged_in() ) { ?>
<!-- protected content goes here -->
<?php  } ?> <!-- ending restriction -->

This use case also did require additional user levels, but they are finite so there would be not reason to have a plugin that created user levels via an interface. Rather we could simply add the new user levels via a simple bespoke plugin like this:

<?php
/**
 * @package client-type
 * @version 1.2
 */
/*
Plugin Name: Client Post Type
Plugin URI: http://plasterdog.com
Author: Jeff McNear
Author URI: http://plasterdog.com
Description: Client Post Type - please note: you may need to bump the permalink settings after initial activation
Version: 1.2
Author URI: http://plasterdog.com
*/

// Register Custom Post Type
function client_type() {

$labels = array(
'name' => _x( 'Clients', 'Post Type General Name', 'text_domain' ),
'singular_name'         => _x( 'Client', 'Post Type Singular Name', 'text_domain' ),
'menu_name'             => __( 'Client', 'text_domain' ),
'name_admin_bar'        => __( 'Client', 'text_domain' ),
'archives'              => __( 'Client Archives', 'text_domain' ),
'attributes'            => __( 'Client Attributes', 'text_domain' ),
'parent_item_colon'     => __( 'Parent Item:', 'text_domain' ),
'all_items'             => __( 'All Clients', 'text_domain' ),
'add_new_item'          => __( 'Add New Client', 'text_domain' ),
'add_new'               => __( 'Add New Client', 'text_domain' ),
'new_item'              => __( 'New Client', 'text_domain' ),
'edit_item'             => __( 'Edit Client', 'text_domain' ),
'update_item'           => __( 'Update Client', 'text_domain' ),
'view_item'             => __( 'View Client', 'text_domain' ),
'view_items'            => __( 'View Clients', 'text_domain' ),
'search_items'          => __( 'Search Client', 'text_domain' ),
'not_found'             => __( 'Client Not found', 'text_domain' ),
'not_found_in_trash'    => __( 'Not found in Trash', 'text_domain' ),
'featured_image'        => __( 'Featured Image', 'text_domain' ),
'set_featured_image'    => __( 'Set featured image', 'text_domain' ),
'remove_featured_image' => __( 'Remove featured image', 'text_domain' ),
'use_featured_image'    => __( 'Use as featured image', 'text_domain' ),
'insert_into_item'      => __( 'Insert into Client', 'text_domain' ),
'uploaded_to_this_item' => __( 'Uploaded to this item', 'text_domain' ),
'items_list'            => __( 'Items list', 'text_domain' ),
'items_list_navigation' => __( 'Items list navigation', 'text_domain' ),
'filter_items_list'     => __( 'Filter Client list', 'text_domain' ),
);

$rewrite = array(
'slug'                  => 'client',
'with_front'            => true,
'pages'                 => true,
'feeds'                 => true,
);

A final piece to this puzzle was to restrict access to specific ACF fields within the custom post type. This plugin: https://wordpress.org/plugins/user-role-field-setting-for-acf/ does just that!

Adding this plugin to the mix allows to restrict visibility and editorial access to specific fields within any field group by user level