View and Edit restrictions – complex example

Imagine an organization with a few departments. Each worker should be capable to read the posts of its own department plus the posts general for all organization. Some workers of each department should be capable to create/edit posts of their own department only. Guests (not logged-in visitors) should view only general posts and should not view restricted posts related to the departments.
Such task difficult for the “just-from-the-box” WordPress may be resolved easy with User Role Editor Pro content view and edit restrictions add-ons configured together.

To make these add-ons available you should activate them 1st from the User Role Editor Pro Settings page:

ure activate add-ons
User Role Editor: Activate additional modules

We will use posts categories to mark to which department every post belongs. Pay attention on the ID value written to the right from a category name. We will use it in the permissions settings later.

posts categories list
Posts categories list

Go to “Users->User Role Editor” and create separate roles for every department. Make new role as a copy of the base WordPress ‘subscriber’ role:

add department role
Add department role

I created 3 roles for our example: Deparment 1, Department 2 and Department 3. Restrict posts available for reading to the users of every department by setting “Posts View” restrictions for every role.

For the 1st department I used ‘block not selected’ model. If you select to show error message in case of try to view the content of blocked post, blocked posts titles will still be listed, but error message configured at User Role Editor Settings page will be shown instead of post content.

department 1 role permissions
Department 1 role permissions

As an alternative it’s possible to use another “block selected” model. Look at the restrictions set for the “Department 2” role. Pay attention that as we selected “Return HTTP 404 error” for this role, blocked posts will be unavailable at all – excluded from any listing and try to access such post via direct URL will return 404 HTTP ‘page not found’ error.

department 2 role posts view permissions
Department 2 role posts view permissions

Now go to the “Users” page and assign them secondary roles to link them to the correspondent departments to realize our example content access restrictions model.

Users list
Users list

I created users with reader, author and editor permissions for every department. Author user from Department 1 has primary role ‘Author’ and secondary role ‘Department 1’. The same editor user: primary role – ‘Editor’, secondary role – ‘Department 1’. Reader user has the only ‘Department 1’ role.

In addition to the secondary department related role we allow to users, who can edit posts (authors and editors), make this for the specific category only: Department 1 users are allowed to edit post just inside ‘Department 1’ category (use category ID=3):

department 1 user profile
Department 1 user profile

To finish setup of our content access restriction model we should mark posts which belong to departments as available for reading by logged-in only users – block it for the users without role:

post level view restrictions
Post level view restrictions

In order “Content View Restrictions” section will be available to a user his role should contain ‘ure_view_posts_access’ capability.

After setting up this content view restriction for all posts with private content it’s time to check how our models works.

This is a full list of test posts available for the administrator at WordPress backend:

full posts list
Full posts list – backend

This is a full list of posts from frontend:

Full posts list - front end
Full posts list – front end

This is a list of posts available for the Department 1 author 1 user with ‘Author’ permissions (backend) – 1 post for which he is an author and has permission to edit:

posts list for department1 author 1 user - backend
Posts list for department1 author 1 user – backend

This is a list of posts available for the Department 1 author 1 user with ‘Author’ permissions (frontend) – all posts belongs to the “Deparment 1” category and other posts without reading restrictions:

posts list available to department 1 author 1 user - frontend
Posts list available to Department 1 author 1 user – frontend

This is a list of posts available for editing to Department 2 author 2 user (backend):

posts available to Department 2 author 2
Posts available to Department 2 author 2

This is a list of posts available for the Department 2 author 2 user (frontend). Pay attention on access error message under the post title for the post which belongs to the other Department:

posts list readable for Department 2 author 1 user
Posts list readable for Department 2 author 1 user

Our example in action:

Share