Imagine an organization with a few departments. Each worker should be capable to read the posts of its own department plus the posts general for all organization. Some workers of each department should be capable to create/edit posts of their own department only. Guests (not logged-in visitors) should view only general posts and should not view restricted posts related to the departments.
Such task difficult for the “just-from-the-box” WordPress may be resolved easy with User Role Editor Pro content view and edit restrictions add-ons configured together.
To make these add-ons available you should activate them 1st from the User Role Editor Pro Settings page:
We will use posts categories to mark to which department every post belongs. Pay attention on the ID value written to the right from a category name. We will use it in the permissions settings later.
Go to “Users->User Role Editor” and create separate roles for every department. Make new role as a copy of the base WordPress ‘subscriber’ role:
I created 3 roles for our example: Deparment 1, Department 2 and Department 3. Restrict posts available for reading to the users of every department by setting “Posts View” restrictions for every role.
For the 1st department I used ‘block not selected’ model. If you select to show error message in case of try to view the content of blocked post, blocked posts titles will still be listed, but error message configured at User Role Editor Settings page will be shown instead of post content.
As an alternative it’s possible to use another “block selected” model. Look at the restrictions set for the “Department 2” role. Pay attention that as we selected “Return HTTP 404 error” for this role, blocked posts will be unavailable at all – excluded from any listing and try to access such post via direct URL will return 404 HTTP ‘page not found’ error.
Now go to the “Users” page and assign them secondary roles to link them to the correspondent departments to realize our example content access restrictions model.
I created users with reader, author and editor permissions for every department. Author user from Department 1 has primary role ‘Author’ and secondary role ‘Department 1’. The same editor user: primary role – ‘Editor’, secondary role – ‘Department 1’. Reader user has the only ‘Department 1’ role.
In addition to the secondary department related role we allow to users, who can edit posts (authors and editors), make this for the specific category only: Department 1 users are allowed to edit post just inside ‘Department 1’ category (use category ID=3):
To finish setup of our content access restriction model we should mark posts which belong to departments as available for reading by logged-in only users – block it for the users without role:
In order “Content View Restrictions” section will be available to a user his role should contain ‘ure_view_posts_access’ capability.
After setting up this content view restriction for all posts with private content it’s time to check how our models works.
This is a full list of test posts available for the administrator at WordPress backend:
This is a full list of posts from frontend:
This is a list of posts available for the Department 1 author 1 user with ‘Author’ permissions (backend) – 1 post for which he is an author and has permission to edit:
This is a list of posts available for the Department 1 author 1 user with ‘Author’ permissions (frontend) – all posts belongs to the “Deparment 1” category and other posts without reading restrictions:
This is a list of posts available for editing to Department 2 author 2 user (backend):
This is a list of posts available for the Department 2 author 2 user (frontend). Pay attention on access error message under the post title for the post which belongs to the other Department:
Our example in action: