Access control for custom post types – no read access

  • Resolved ghrasko

    (@ghrasko)


    9 years ago

    Hi,

    I am trying to create a custom post type (let’s say “podcasts”) potentially later with custom fields. I would like to assign users a special role that allows them read the whole site, but be able to add only this post type content and only modify and delete their own posts of this type.

    First I tried with CPT UI (v1.2.4) and with Members (v1.1.1), but Members can’t see the post type created by CPT UI.

    As a second try I tried to manually register the post type, which nearly worked. But the “read” capability is not appearing with the new post type (it appears with the standard “post” and “page” types). I can create the role in Members and create posts of this new type, but the posts can’t be viewed even for the administrator. I get the “Ooops! That page can’t be found.” message.

    I am new in WP so I might have made several errors. I created a test child template for the twentysixteen template and work with that with as few modifications as possible. For the manual registration I created the following code in functions.php (mostly based on this information):


    add_action( 'init', 'create_post_type' );
    function create_post_type() {
    // Labels
    $labels = array(
    'name' => __( 'Podcasts' ),
    'singular_name' => __( 'Podcast' )
    );

    // Capabilities
    $capabilities = array(
    // meta caps (don't assign these to roles)
    'edit_post' => 'edit_podcast',
    'read_post' => 'read_podcast',
    'delete_post' => 'delete_podcast',
    // primitive/meta caps
    // primitive caps used outside of map_meta_cap()
    'edit_posts' => 'edit_podcasts',
    'edit_others_posts' => 'edit_others_podcasts',
    'read_private_posts' => 'read_private_podcasts',
    // primitive caps used inside of map_meta_cap()
    'read' => 'read',
    'delete_posts' => 'delete_podcasts',
    'delete_private_posts' => 'delete_private_podcasts',
    'delete_published_posts'=> 'delete_published_podcasts',
    'delete_others_posts' => 'delete_others_podcasts',
    'publish_posts' => 'publish_podcasts',
    'edit_private_posts' => 'edit_private_podcasts',
    'edit_published_posts' => 'edit_published_podcasts'
    );

    // Other parameters
    $args = array(
    'labels' => $labels,
    'public' => true,
    'has_archive' => 'ecso_podcasts',
    'supports' => array( 'title', 'editor' ),
    'map_meta_cap' => true,
    'capability_type' => 'podcast',
    'capabilities' => $capabilities
    );

    register_post_type( 'ecso_podcast', $args );
    }`

    I see this in the edit role admin screen: screenshot

    Keeping in mind the goals described in the first paragraph, what is your recommendation?

    Gabor

Viewing 2 replies - 1 through 2 (of 2 total)
  • Justin Tadlock

    (@greenshady)

    This is because you haven’t flushed your rewrite rules and has nothing to do with Members (or roles/caps).

    Go to Settings > Permalinks in your admin. Just go to that page. No need to save. That will auto-flush your rewrite rules.

    Thread Starter ghrasko

    (@ghrasko)

    Thanks, works!

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Access control for custom post types – no read access’ is closed to new replies.