I have created a custom post type in wordpress and as admin I can do anything with this. But I want to create a role “Client” that can only add, edit and remove things of this custom post type, so he may not post a regular post, edit it or delete it and the same with pages.
These are my arguments of my custom post type
$args = array( 'labels' => $labels, 'public' => true, 'has_archive' => true, 'publicly_queryable' => true, 'query_var' => true, 'rewrite' => true, 'capability_type' => 'post', 'hierarchical' => false, 'supports' => array( 'title', 'thumbnail' ), 'capabilities' => array( 'edit_post' => 'edit_portfolio', 'edit_posts' => 'edit_portfolios', 'edit_others_posts' => 'edit_others_portfolios', 'publish_posts' => 'publish_portfolios', 'read_post' => 'read_portfolios', 'read_private_posts' => 'read_private_portfolios', 'delete_post' => 'delete_portfolio', ), 'map_meta_cap' => true, 'menu_icon' => 'dashicons-screenoptions', 'menu_position' => 5, 'show_ui' => true, 'exclude_from_search' => false );
and these is the role i have created
add_role("client", "Client", array( 'read' => true, // allows this capability, dashboard 'upload_files'=>true, //allows user to upload files 'edit_posts' => false, // denies user to edit their own posts 'edit_pages' => false, // denies user to edit pages 'edit_others_posts' => false, // denies user to edit others posts not just their own 'create_posts' => false, // denies user to create new posts 'manage_categories' => false, // denies user to manage post categories 'publish_posts' => false, // denies the user to publish 'edit_themes' => false, // false denies this capability. User can't edit your theme 'install_plugins' => false, // User cant add new plugins 'update_plugin' => false, // User can't update any plugins 'update_core' => false, // user cant perform core updates 'edit_portfolios' => true, // allows editing of the user's own portfolio 'edit_others_portfolios' => true, // allows the user to edit everyone else's portfolio 'delete_portfolios' => true, // allows to delete portfolio written by that user 'delete_others_portfolios' => true, // allows to delete portfolio written by other users 'publish_portfolios' => true // allows the user to publish portfolio, otherwise posts stays in draft mode ));
The effect now is that they can see the posts in the dashboard, but not change or click on it, can not delete and when they post a message they end up on a error screen that says they should not see this.
Thanks in advance
Read more here: WordPress Custom Post type roles