35

OK I'm looking for the best way to attack this.

I'm very comfortable with PHP and making custom post types with custom meta fields in WordPress.

Here is what I'm looking at doing:

  1. User registers and is set at subscriber by default.
  2. User requests from admin to have permission to custom post type.
  3. Admin assigns user to another permission name like "Shop Owner".
  4. User can now see custom post type and can make an entry to this post type.
  5. User can only see and edit their own post.

I need help on the following:

  1. How to create a new "Role" called "Shop Owner",
  2. How to give the correct permission to said role to only see and have access to custom post type.
  3. Only allow user to see and edit their own posts to this custom post type.

Ideally I would prefer this was all done from the wp-admin but I'm guessing that I might need to build a front end for this to get the finite control I'm after.

Any input is greatly appreciated.

Kind Regards

Improve this question

5 Answers 5

Reset to default
22

Use Justin Tadlock's plugin "Members". It gives you the ability to create new roles and edit existing roles, as well as add custom capabilities. All that work that you'd have to do can be taken down to a few clicks.

I know you said in your comment on ZaMoose's answer that you are 'looking to write the functionality myself so I have full control over everything.' That's missing the whole point of open source software. Justin Tadlock released his plugin so you could use it precisely so you WOULD have complete control over everything.

If you really really want to reinvent the wheel, potentially wasting hundreds of hours of your own time I can't stop you, but you could at least save yourself the trouble and use Tadlock's plugin to learn how to do what you want.

Once you have a plugin that does what you want, you'll need to change the 'map_meta_cap' flag to true and the 'capability_type' flag in your post type registration function so that it says something other than 'post', 'page', or any other 'reserved' type. Then, duplicate all the capabilities related to posts (e.g. edit_posts, edit_others_posts, publish_posts, etc.), using your capability type instead of posts. Make sure to assign all these permissions to administrators (you won't be able to see the post type until you do this), then create your role, mimicking the 'contributor' role's abilities for your post type.

For example, say your capability type was foobars, you would want to give 'shop owners' the edit_foobars, delete_foobars, and read capabilities. That way they can create their own draft foobars, and delete those drafts, but because they don't have publish_foobars capabilities, they have to submit them for approval. Because they don't have edit_published_foobars, all modifications to an approved foobar have to be approved.

Improve this answer
3
  • OK im using Members plugin now to get a jist of how member permissions work. I have set 'map_meta_cap' => true and 'capability_type' => 'shopowner' on my custom post type. I have created a new role called ShopOwner and given it the capabilities of read, edit_shopowner, delete_shopowner. Set a user to the role of ShopOwner and logged in with that user. That user cannot see the custom post type. Have I missed something?
    – Scott
    Commented Apr 12, 2011 at 16:33
  • 2
    change those to edit_shopowners and delete_shopowners. edit_shopowner and delete_shopowner are meta capabilities that are never actually checked against. They're checked when somebody tries to edit or delete a specific item, and end up checking things like "Can this user delete these types of items? Can they only delete their own or others too? can they delete published items?" etc.
    – John P Bloch
    Commented Apr 12, 2011 at 16:43
  • I couldnt make any sense of that... but I got the functionality I'm after by setting capabilities in my custom post type and creating those capabilities in members plugin. I've awarded you the answers as your post was the most useful for me to piece a solution together. Thanks
    – Scott
    Commented Apr 12, 2011 at 17:03
21

The register post type has a parameter called "capabilities" so you can have for instance 

'capability' => 'organize_shop',

http://codex.wordpress.org/Function_Reference/register_post_type

To create a new user/role/capability you can use add_role, add_cap, for a simple example to get you started:

// Add the role to WordPress list of roles
// Then add the capability 'organize_shop' to the 'shop_owner' role
$role = add_role( 'shop_owner', 'Shop Owner', ['edit_posts' => true]));
$role->add_cap( 'organize_shop' );


// If 'shop_owner' already exists make `$wp_roles` visible then 
// add the capability 'organize_shop' to the 'Show Owner' role
public $wp_roles;
$wp_roles->add_cap( 'shop_owner', 'organize_shop' );
Improve this answer
7
  • hmm... I'm a bit confused what's the difference between 2 and 3 lines? :S Doesn't it add the same capability to the 'Shop Owner'role?
    – dashaluna
    Commented Sep 13, 2011 at 11:36
  • Yes they are the the same but they show diff ways to do it, first one includes the role as first parameter ( Shop Owner), second one just the cap since it is using $role.
    – Wyck
    Commented Sep 13, 2011 at 11:43
  • 3
    Are you supposed to translate a capability/permission? that's __('');
    – Svetoslav Marinov
    Commented Nov 4, 2015 at 16:55
  • @SvetoslavMarinov I edited the answer to remove the translation.
    – MikeSchinkel
    Commented Feb 24, 2019 at 3:41
  • @dashaluna I edited the answer to clarify it.
    – MikeSchinkel
    Commented Feb 24, 2019 at 3:51
1

Have you considered looking at Gravity Forms or TDO Mini Forms to handle the actual content submission? They each have functionality that would get you well down the road towards sanely handling user-submitted content.

Improve this answer
1
  • Thanks for replying but these are not what I'm looking for. Mainly because these are plugins. I am looking to write the functionality myself so I have full control over everything.
    – Scott
    Commented Apr 12, 2011 at 14:09
0

An easier and efficient way how this can be achieved by installing a plugin called "Advance Access Manager" , you will not have to write the functionality but still have decent level of control on the users , roles and what they can do . Most of the stuff you want can be achieved by this plugin .

Improve this answer
0

I know this is quite the corner-case, but it cost me an hour to figure this out.

I had the plugin: WP Custom Admin Interface enabled, where you can customize the admin-menu for specific users. If you register a custom post type, after having enabled and customized the menu, then there is a button in 'Custom Admin Interface' >> 'Admin Menu', that is called 'Add newly added menu items'. Then press 'Save' after that, and if the menu point is accessible for that user type, then it'll work after that.

Improve this answer

Not the answer you're looking for? Browse other questions tagged or ask your own question.