I've created a CPT, added capabilities to it and them to the Subscriber role successfully.
However the mapping is clearly not working because I get errors on publish and a Subscriber cannot edit their own posts (which the function below allows if they are the author). Why won't my map_meta_cap function work?
I've spent all weekend on this so I have to turn to the community. Thanks in advance.
function lst_map_meta_cap( $caps, $cap, $user_id, $args ) {
/* If editing, deleting, or reading an event, get the post and post type object. */
if ( 'edit_lstpost' == $cap || 'delete_lstpost' == $cap || 'read_lstpost' == $cap ) {
$post = get_post( $args[0] );
$post_type = get_post_type_object( $post->post_type );
$caps = array();
switch( $cap ) {
case 'edit_lstpost':
$caps[] = ( $user_id == $post->post_author ) ? $post_type->cap->edit_posts : $post_type->cap->edit_others_posts;
break;
case 'delete_lstpost':
$caps[] = ( $user_id == $post->post_author ) ? $post_type->cap->delete_posts : $post_type->cap->delete_others_posts;
break;
case 'read_lstpost':
$caps[] = ( 'private' != $post->post_status || $user_id == $post->post_author ) ? $caps[] = 'read' : $post_type->cap->read_private_posts;
break;
}
}
return $caps;
}
add_filter( 'map_meta_cap', 'lst_map_meta_cap', 10, 4 );
EDIT: Also adding all caps to the administrator refuses to work the way I understand it to after reading for 2 days about it. I have played with applying/removing each of the caps to the admin/subscriber role with only the ability to view or create (with an error but still works)
Here are the CPT caps:
[edit_post] => edit_lstpost
[read_post] => read_lst
[delete_post] => delete_lstpost
[edit_posts] => edit_lstposts
[edit_others_posts] => edit_lstothers
[publish_posts] => publish_lst
[read_private_posts] => read_privatelst
[delete_posts] => delete_lstposts
[delete_private_posts] => delete_private_lstcapss
[delete_published_posts] => delete_published_lstcapss
[delete_others_posts] => delete_lstothers
[edit_private_posts] => edit_private_lstcapss
[edit_published_posts] => edit_published_lstcapss
[edit_page] => edit_lstpage
[create_posts] => edit_lstposts
I've created a CPT, added capabilities to it and them to the Subscriber role successfully.
However the mapping is clearly not working because I get errors on publish and a Subscriber cannot edit their own posts (which the function below allows if they are the author). Why won't my map_meta_cap function work?
I've spent all weekend on this so I have to turn to the community. Thanks in advance.
function lst_map_meta_cap( $caps, $cap, $user_id, $args ) {
/* If editing, deleting, or reading an event, get the post and post type object. */
if ( 'edit_lstpost' == $cap || 'delete_lstpost' == $cap || 'read_lstpost' == $cap ) {
$post = get_post( $args[0] );
$post_type = get_post_type_object( $post->post_type );
$caps = array();
switch( $cap ) {
case 'edit_lstpost':
$caps[] = ( $user_id == $post->post_author ) ? $post_type->cap->edit_posts : $post_type->cap->edit_others_posts;
break;
case 'delete_lstpost':
$caps[] = ( $user_id == $post->post_author ) ? $post_type->cap->delete_posts : $post_type->cap->delete_others_posts;
break;
case 'read_lstpost':
$caps[] = ( 'private' != $post->post_status || $user_id == $post->post_author ) ? $caps[] = 'read' : $post_type->cap->read_private_posts;
break;
}
}
return $caps;
}
add_filter( 'map_meta_cap', 'lst_map_meta_cap', 10, 4 );
EDIT: Also adding all caps to the administrator refuses to work the way I understand it to after reading for 2 days about it. I have played with applying/removing each of the caps to the admin/subscriber role with only the ability to view or create (with an error but still works)
Here are the CPT caps:
[edit_post] => edit_lstpost
[read_post] => read_lst
[delete_post] => delete_lstpost
[edit_posts] => edit_lstposts
[edit_others_posts] => edit_lstothers
[publish_posts] => publish_lst
[read_private_posts] => read_privatelst
[delete_posts] => delete_lstposts
[delete_private_posts] => delete_private_lstcapss
[delete_published_posts] => delete_published_lstcapss
[delete_others_posts] => delete_lstothers
[edit_private_posts] => edit_private_lstcapss
[edit_published_posts] => edit_published_lstcapss
[edit_page] => edit_lstpage
[create_posts] => edit_lstposts
2 Answers
Reset to default 1Turns out it's a real bad idea to map your own meta capabilities. To solve this problem I ended up going through the steps you would with a map_meta_cap function with TWO plugins.
Use [Map Cap] to automatically map the meta capabilities of my new custom post type to my specific user roles.
Then had to install the Very useful Members Plugin which I manually had to assign the capabilities with add_cap and double check within the plugin for proper cap assigning.
function role_set (){
global $wp_roles;
$role = get_role( 'administrator' );
$role->add_cap( 'publish_POST_TYPE' );
$role->add_cap( 'edit_POST_TYPE' );
$role->add_cap( 'edit_others_POST_TYPE' );
$role->add_cap( 'delete_others_POST_TYPE' );
$role->add_cap( 'read_private_POST_TYPE' );
$role->add_cap( 'manage_POST_TYPE' );
}
add_action('init', 'role_set');
Then double checked it within the members plugin. It took 4 days to get my custom post type capabilities working right with all roles. I do believe WordPress is LONG overdue for some core built roles and caps control. Hope this helps anyone out there.
For anyone also struggling with this issue, there is an awesome tutorial that clearly explains how to do it without relying on plugins: https://3.7designs.co/blog/2014/08/restricting-access-to-custom-post-types-using-roles-in-wordpress/
If you need to create a new role, you must do it on your activation hook using the add_role function.
After that, make sure you have these arguments in your post type registration:
'capability_type' => array('POST_TYPE','POST_TYPES'),
'map_meta_cap' => true,
The last step involves adding the rights to each role in the admin_init hook:
// Add the roles you'd like to administer the custom post types
$roles = array('NEW_ROLE','editor','administrator');
// Loop through each role and assign capabilities
foreach($roles as $the_role) {
$role = get_role($the_role);
$role->add_cap( 'read_POST_TYPE');
$role->add_cap( 'read_private_POST_TYPES' );
$role->add_cap( 'edit_POST_TYPE' );
$role->add_cap( 'edit_POST_TYPES' );
$role->add_cap( 'edit_others_POST_TYPES' );
$role->add_cap( 'edit_published_POST_TYPES' );
$role->add_cap( 'publish_POST_TYPES' );
$role->add_cap( 'delete_others_POST_TYPES' );
$role->add_cap( 'delete_private_POST_TYPES' );
$role->add_cap( 'delete_published_POST_TYPES' );
}