Role scoping & Capabilities

I'm banging my head against the wall on this one. I've tried Role Scoper, Capabilities Manager Enhanced and Member (by Justin T.), but I cannot seem to figure out the best way to approach what I'm trying to do.

We have a website we've built for a client that needs finely detailed role scoping. Like this:

- Webmaster (full, complete access to WordPress backend, unrestricted)
- Manager (access to edit any of the content areas for any CPT, but no WP upgrading, etc)
- Sales People (can edit/update certain things around the site, but not price custom fields)
- Office Clerk (can view/edit the homepage, but nothing else in the system until deemed worthy)

It seems we need to do it at the custom field level, and sales people will need the ability to view, but not edit content in inventory.

We're using ACF for handling custom fields, if it helps. Hope someone out there knows roles really well!

  • Will Ashworth

    Sorry for the late reply. I've been away sick.

    I may not have been clear in my original post. It's not "how" to create roles and capabilities that I'm questioning. It's whether or not we can accomplish this at the custom field level.

    We have certain custom fields we've created where we need to be able to configure view/edit access. For example, our "inventory" custom post type has a "price" custom field. While most sales people will have access to "view" that entire CPT, only certain people will be allowed to "edit" that price field.

    Does that make sense? I apologize if I was vague before :slight_smile:

  • aecnu

    Greetings Will Ashworth,

    Thank you for letting me know and no need to apologize sir, just trying to get my head wrapped around what you are indicating you want to do :slight_smile:

    You are very clear in your last post and I admit that I have no idea how this can be done on a micro management of custom fields.

    With that said, I will see if I can get a lead developer in here with their invaluable insight for their advice/advise for us.

    Though this may take a bit longer then a normal ticket, I will try to get one of them in here asap.

    Cheers, Joe

  • Arnold

    For that level of granularity your going to need to do some custom programming. There's just nothing built in to handle it at that fine a discrimination.

    I don't think your going to be able to insert that into the backend without changing core files. The way I would approach it would be using our CustomPress. The metabox for the custom fields is in a separate file so it can be edited to add capabilities around the various fields.

    You can make up any capability you want and assign it to roles or to individuals. Justin's Member can do that part just fine. Then you need to add conditionals to the field inputs or displays of fields that you want to protect

    if(current_user_can('edit-this-field') {
    <input name="this-field" ..../>
    }

    CustomPress has shortcodes for creating the input blocks so it becomes something like

    echo do_shortcode(
    		'[custom_fields_input]
    		ct_Contact_Email_text_8e87,
    		ct_Home_Page_text_bae1,
    		ct_Portfolio_text_1216
    		[/custom_fields_input]');

    and use contitionals to construct the shortcode including or excludin the fields you want.

  • aecnu

    Greetings Will Ashworth,

    With the lead developers last input, it appears this particular topic is now resolved/closed, if you need any further assistance please let us know.

    If it wasn't resolved, or you have any more questions related to this thread, please feel free to post them below including any new symptoms or errors and tick the 'Mark as Not Resolved (re-open)' box below the post area (or else we'll miss it!)

    Thank you for being a WPMU Dev Community Member!

    Cheers, Joe

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.