skip to Main Content

I need some help with capabilities for a CPT. I register a new CPT with a capability type ‘agenda’. To do this I use the code below in the register array

'capability_type' => 'agenda'

After that I added two new roles

add_role('owner', 'Eigenaar', 
    array(
        'read'                  => true,
        'publish_agendas'       => true,
        'edit_agenda'           => true,
        'edit_agendas'          => true,
        'delete_agenda'         => true,
        'delete_others_agendas' => true,
        'delete_others_agenda'  => true
    )
);

add_role('employee', 'Personeel', 
    array(
        'read' => true,
        'publish_agendas'       => true,
        'edit_agenda'           => true,
        'edit_agendas'          => true,
        'delete_agenda'         => true
    )
);

The issue what I have

The employee can delete and edit also the agenda from the owner and this is not the intention.

The employee must be only allowed to edit and delete the own agenda post. The owner had more capabilities and is allowed to edit and delete agenda posts from the employee.

Who can help me in the right direction?

2

Answers


  1. Chosen as BEST ANSWER

    I solved the issue!

    If you create a new CPT with the function register_post_type

    You have to add this line in the array with arguments

    'map_meta_cap' => true,
    

    Now you can set capabilities to a role like below

    add_role('owner', 'Eigenaar', 
        array(
            'read'                  => true,
            'publish_agendas'       => true,
            'edit_agenda'           => true,
            'edit_agendas'          => true,
            'delete_agenda'         => true,
            'delete_others_agendas' => true,
            'delete_others_agenda'  => true
        )
    );
    
    add_role('employee', 'Personeel', 
        array(
            'read'                  => true,
            'publish_agendas'       => true,
            'edit_agenda'           => true,
            'edit_agendas'          => true,
            'delete_agenda'         => true,
            'delete_others_agendas' => false,
            'delete_others_agenda'  => false
        )
    );
    

  2. You can try to explicitly deny the capability in your employee user role capabilities.

    'delete_others_agendas' => false,
    'delete_others_agenda'  => false
    
    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search