Your Location is: Home > Php

How can I build “user group” access control into WordPress?

From: Tarawa View: 4839 parasomnist 

Question

WordPress has some lovely features for storing revisions, editor approval of content, etc.

I'd like to expand on them by creating the concept of a user group/organisation.

I want:

  • to be able to attach posts to an organisation
  • to be able to attach users to an organisation (and ideally make it so that users can invite other users to their same org)
  • users can only make changes to posts in the same org as them, everything else is read only.

I can do the first two with a custom post type and an Advanced Custom Fields post object field, but I'm stumbling on the last one and would appreciate some pointers.

I imagine I would need to create a custom role with add_role(), but I'm not sure what capabilities it should have.

I imagine I'll need to override a hook somewhere to check if the thing the user is trying to edit is in their org.

Only relevant code so far is:

register_post_type("organisation");

Best answer

First, on WordPress, the default user system is: admin can do everything, editors can edit every post, authors can only edit their posts.

There are some plugins like https://es.wordpress.org/plugins/user-role-editor/ that may be useful for your needs. Have a look at that!