Deny read access to all posts EXCEPT posts they created

  • Resolved skinner009

    (@skinner009)


    1 year, 6 months ago

    This is a slick plugin, I like the logic and it’s really A to B, the challenge we’ve got is an install where each “Customer” has their own posts, but we do not want them to see any other posts, that access is restricted to a level up from Customer. So they still need to be able to preview or edit or see their own live post, but not anyone else’s. We can’t figure out how to tweak that, but thanks for a great asset.

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Daniel Iser

    (@danieliser)

    @skinner009 – Hmm interesting use case. We have a massive rewrite nearing release as v2 which will add block controls as well as a new restriction editor.

    We are revamping some conditions etc, but this sounds like it would require a custom condition I’m not sure would be useful outside your use case.

    Just so happens though adding a condition isn’t to terribly difficult if your handy with code.

    You simply need a function that returns true/false based on what your needs are. You can then using a filter register a new condition in the boolean editor with your function as the callback

    Here is the filter in question, and you can see the basic registration needed for a simple true/false function: https://github.com/code-atlantic/content-control/blob/master/classes/Conditions.php#L425-L451

    The new version will be slightly different, but we have tried to make sure old registerd conditions will still function fine, they just might not read properly (sentence structure) in the new editor which aims to read more like a series of sentences.

    Hope that helps.

    Thread Starter skinner009

    (@skinner009)

    Thanks for the idea. Gave it a lot of thought and was still worried about editing capabilities, so I think the short path is to use permalinks to assign a really unique URL string to each of the posts, all restricted to Logged In and above to read. This way they will technically be readable to anyone at Logged In (Customer) and above, but no one will be able to guess the string (/second/month/ID/title) even if they know the title of the post. The access point to the posts is above Customer.

    And now there is no way the author of each won’t be able to edit it. We shut off RSS and archive and won’t allow Google indexing, and are hiding search except above Customer, so I think the posts will remain hidden except to above Customer. Knowing the ID of a post and how to view it would be a backdoor but this isn’t critical info and who out there would bother to do that for no gain. Anyway, been a really interesting puzzle, thanks much.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Deny read access to all posts EXCEPT posts they created’ is closed to new replies.