In WordPress, the user permissions are defined by Roles and their deriving Capabilities. This Role-based model allows the Administrator – which is also a role – to determine the privileges assigned to each user. These privileges, in turn, are expressed through capabilities where each one of them determines a specific permission for the user.
Furthermore, through the Roles API, new roles and capabilities can be added to serve various permission-oriented use cases.
For example, the Groups plugin allows you to restrict access to content for specific user-groups. However, by default these content restrictions can be specified only by an Administrator.
But what if we wanted to allow other underprivileged roles to apply such restrictions, such as Contributors or even Subscribers?
Let’s examine the first case, Contributors. Later on in this guide, we will describe how this can be done for Subscribers.
Protect your posts as a Contributor
For this process we need to create a new group called ie Access Control, which will be used to group all those Contributors, that should be able to set access restrictions on their posts.
Let’s go to Groups > Groups, where we can see a list of existing groups and create new ones.
There we should hit the New Group button on top, that takes us to the new group form page.
Next we should specify at least a Name for this group, in our case Access Control and the necessary Capabilities, in this case, groups_access and groups_restrict_access.
As you can imagine, these capabilities will allow Access Control members to set restrictions on their posts.
Once we hit the Add button, the new group is created and we are redirected back to the groups overview.
We follow the same process, only this time we create a new group called ie Restricted Posts, without defining any capabilities and then we hit the Add button. This group will restrict access to posts only for its members.
After that, our list of groups should look something like this.
Finally, we should go to Users > All users to add our Contributor(s) to the proper group. This process is pretty straight forward and can be done for all the Contributors in bulk.
- Select the user(s)
- Choose Access Control and Restricted Posts group
- Select the option to Add to group
- Hit the Apply button
After these four steps, our Contributor(s) would be able to write their posts, as their role indicates, and also decide which user-groups can read their posts on the frontend. This is possible while writing a post as a Contributor, by specifying the Restricted Posts in the Groups metabox as shown below.
In the next section, we will show how to set up our Subscribers and give them a similar permission.
Protect your posts as a Subscriber
It is worth mentioning, that users with a Subscriber role can only visit the Dashboard and their Profile. Using Groups and Capabilities, we will allow them to write their own posts and to be able to set access permissions.
Let’s create a new group called ie Subscriber Posts, assigning the following capabilities:
- edit_posts
- groups_access
- groups_restrict_access
and hit the Add button.
Next we need to add those Subscribers that are supposed to have additional capabilities to this new group.
The process is the same as in the previous case of Contributors, only this time we will add the user(s) to Subscriber Posts and Restricted Posts groups in bulk.
This way, any Subscriber that is added to the Subscriber Posts and Restricted Posts group will be able to create new posts and restrict access to the frontend only to Restricted Posts group users.
Using the Groups plugin and its features, makes it easy to extend the existing permissions provided by WordPress.
Photo Credits – Groups settings by me. Featured image by Patrick Robert Doyle
No comments yet.