How can I build “user group” access control into WordPress?
WordPress has some lovely features for storing revisions, editor approval of content, etc.
I'd like to expand on them by creating the concept of a user group/organisation.
- to be able to attach posts to an organisation
- to be able to attach users to an organisation (and ideally make it so that users can invite other users to their same org)
- users can only make changes to posts in the same org as them, everything else is read only.
I can do the first two with a custom post type and an Advanced Custom Fields post object field, but I'm stumbling on the last one and would appreciate some pointers.
I imagine I would need to create a custom role with
add_role(), but I'm not sure what capabilities it should have.
I imagine I'll need to override a hook somewhere to check if the thing the user is trying to edit is in their org.
Only relevant code so far is:
First, on WordPress, the default user system is: admin can do everything, editors can edit every post, authors can only edit their posts.
There are some plugins like https://es.wordpress.org/plugins/user-role-editor/ that may be useful for your needs. Have a look at that!