I need some help with capabilities for a CPT. I register a new CPT with a capability type 'agenda'. To do this I use the code below in the register array
'capability_type' => 'agenda'
After that I added two new roles
add_role('owner', 'Eigenaar',
array(
'read' => true,
'publish_agendas' => true,
'edit_agenda' => true,
'edit_agendas' => true,
'delete_agenda' => true,
'delete_others_agendas' => true,
'delete_others_agenda' => true
)
);
add_role('employee', 'Personeel',
array(
'read' => true,
'publish_agendas' => true,
'edit_agenda' => true,
'edit_agendas' => true,
'delete_agenda' => true
)
);
The issue what I have
The employee can delete and edit also the agenda from the owner and this is not the intention.
The employee must be only allowed to edit and delete the own agenda post. The owner had more capabilities and is allowed to edit and delete agenda posts from the employee.
Who can help me in the right direction?
CodePudding user response:
You can try to explicitly deny the capability in your employee user role capabilities.
'delete_others_agendas' => false,
'delete_others_agenda' => false
CodePudding user response:
I solved the issue!
If you create a new CPT with the function register_post_type
You have to add this line in the array with arguments
'map_meta_cap' => true,
Now you can set capabilities to a role like below
add_role('owner', 'Eigenaar',
array(
'read' => true,
'publish_agendas' => true,
'edit_agenda' => true,
'edit_agendas' => true,
'delete_agenda' => true,
'delete_others_agendas' => true,
'delete_others_agenda' => true
)
);
add_role('employee', 'Personeel',
array(
'read' => true,
'publish_agendas' => true,
'edit_agenda' => true,
'edit_agendas' => true,
'delete_agenda' => true,
'delete_others_agendas' => false,
'delete_others_agenda' => false
)
);