Wordpress secure way to have Private/Public posts - wordpress

I've asked a few questions trying to solve this simple problem, but nothing seems to work.
Whats the recommended way to have private/public posts? I want to have a site that if an author/editor/administrator are logged in every private post and public post are viewable/searchable. If the user is not logged in only public posts a viewable.
I have thought about/tried doing this a number of ways. A simple way I achieved this way using a WP_Query to include/excluded all posts with a custom field "Private" when logged in/out.
While this worked fine I have two problems with it, how secure is it? and It requires a custom field, when Wordpress already has private post functionality.
The other way I have tried is to use Wordpress built in Private post feature but I cant get the private post to show up on the front-end. They show up in the edit screen for allowed users and in the loop(front-end) for admins but not editors or authors....
Using wordpress built in functions is my perferrred method but just cant get it to work correctly.
any suggestions or help? Someone must have done this without the need for a custom field?
thanks

You dont need to use a meta field to get private posts, its available on the wp query post_status parameter.
$args = array( 'post_status' => array( 'publish' ) ); // regular users
if ( is_user_logged_in() ) {
// signed in users
$args['post_status'][] = 'private';
}
$query = new WP_Query( $args);

I believe the most appropriate in your case is to use WordPress capabilities. Editors are already able to view private posts/pages on the front-end if logged in (because they have the read_private_posts capability).
Here's an example of how you would make private posts/pages viewable by author user role.
function so0805_init_theme_add_capabilities(){
/* allow authors to view private posts and pages */
$role_author = get_role('author');
$role_author->add_cap('read_private_pages');
$role_author->add_cap('read_private_posts');
}
add_action('init', 'so0805_init_theme_add_capabilities');
Paste this code inside functions.php of your theme.

Related

Change Wordpress User Roles with access to Private Pages

I have a user role called Student and would like to allow them access to Private pages (currently only admin and editor roles can do this). I would like to create a function to do so. I found a post that said to add this to the functions.php in my child theme:
// Allow Students to see Private posts and pages
$subRole = get_role( 'Student' );
$subRole->add_cap( 'read_private_posts' );
$subRole->add_cap( 'read_private_pages' );
But it doesn't seem to do anything. Is there a way to change the ability to access private pages?
Also above it says 'read_private_pages' I want to be sure that they can submit the form on that page as well (not just read the page).
Do you can use plugins? If yes, try the plugin Capability Manager Enhanced.
This plugin is a way to manage WordPress role definitions.
More easy that edit direct in the code.

Restrict frontend view to post author (and administrator)

I have a custom post type (audits). I am trying to make the each post only viewable in the frontend by the post author, and the administrator. So, essentially a private post only for logged in users that match the post author id and admin.
I've seen many answers for how to restrict the posts in the admin dashboard, but none for front end, since most posts are usually public.
Any help is greatly appreciated!
I would say that the approach depends on what you want the user to see if they are denied access to the post. Would you want to display a message saying you cannot view this post? Or throw a 404?
If you wanted to throw a 404, you could use the template_redirect action hook.
add_action('template_redirect', 'hide_from_unauth_users');
function hide_from_unauth_users() {
$author = get_the_author();
$user = wp_get_current_user();
$is_author = "some logic to determine if this is the author";
if( current_user_can('administrator') || ! is_user_logged_in() || ! $is_author ) {
//throw 404 and include 404.php template
}
}
If you wanted to display a message to the user, then you would simply run the exact same logic above on the actual single.php template and display an authorized message instead of the post title, content, etc.
Hope this points you in the right direction.

wp_insert_post not saving custom taxonomy on devices

I've faced a weird problem on my wordpress website.
I am using the wp_insert_post on front end to save a custom post type and its custom taxonomy. On PC it saves perfectly the custom taxonomy, but when I try to submit on mobile or ipad, then its not saving it.
here's my code:
$post = array(
'post_title'=>$_POST['message_title'],
'post_status'=>'pending',
'post_type'=>'mondd_el',
'tax_input'=>array('me_kategoria'=>$cat_id),
'post_content'=>$_POST['my_message']
);
$postid = wp_insert_post($post);
Thanks
ARE YOU SURE THE CURRENT USER HAVE CAPABILITY ON WORKING WITH TAXONOMY ? PLEASE CHECK THAT... THIS IS WHAT YOU GET FROM WORDPRESS DOCUMENTATION
"tax_input: Equivalent to calling wp_set_post_terms() for each custom taxonomy in the array. If the current user doesn't have the capability to work with a taxonomy, then you must use wp_set_object_terms() instead."

Wordpress post to user relation ship

Is there any way to connect post to specific user in wordpress. Is there any plugin available. Or any one know the code for doing that.I have a custom post type stories. When adding stories i need to chose the corresponding users from user list. Please help
Install Post2post https://wordpress.org/plugins/posts-to-posts/
Then in your function.php write this code
p2p_register_connection_type ( array(
'name' => 'releated_user',
'from' => 'story',
'to' => 'user'
) );
here story is your custom post type slug. related_user is just a connection name.You can name it as what you like.
Then in your post type section you can see an option for selecting corresponding user.
In the custom post type setup, you first need to ensure that this post type allows for authors to be set.
This comes in from the arguments when registering the post type.
$args = array('supports'=>array('author'=>true));
If you have an admin account, you can set who the author is using the quick edit function or by allowing to see it under screen options on the full edit page.
Other than that, you can make your own complete post meta box to allow for multiple authors. I cant see a plugin on the wordpress plugin directory so creating your own to fit your needs and wants will be your best bet.

Wordpress permalink from the database?

I am trying to access selected post information from my WordPress database to display on a second website which is not a WordPress site nor is it php, it is in fact an asp.net website that i want to display the information on.
I have a WordPress blog at blog.domain.com and another website at domain.com both running on different servers and I need to display the excerpt, title with link on my asp.net website for selected posts. I can easily grab the excerpt and title from the blog's database but the only problem is that the permalink is not in the database.
I had the idea that maybe if I place a short piece of code on every blog to insert the permalink to a new table, i could then grab that to use over on the other website. But that didnt work, perhaps I am not doing it right. This is the code I used;
<?php
global $wpdb;
$table_name = $wpdb->prefix . "posts_pages_url";
$wpdb->insert($table_name , array('post_id' => the_ID(), 'url' => the_permalink()));
?>
Some might say, "why dont you just use an RSS Feed?" Well if it comes down to it, I just might have to, but i would prefer not to as connecting to the database directly to access my selected posts is much more flexible.
I would be very grateful if anyone had any suggestions on how I can access the permalink via a database call.
Many thanks
You could use get_permalink() in your code, or link to the guid value in the DB - not ideal I know, but it should at least work.
EDIT:
Same goes for the_ID() - it should be changed to get_the_ID().
This code will get it for you if using Yoast
$q = "SELECT * FROM wp_yoast_indexable yi
WHERE object_type = 'post'
AND object_id = '$ref'";
$yis = $scDb->select($q);
$permaLink = "";
if(isset($yis[0]))
{
$permaLink = $yis[0]->permalink;
}

Resources