Allow member to have access to custom post type only. Permission to only edit their own posts

OK I’m looking for the best way to attack this.

I’m very comfortable with PHP and making custom post types with custom meta fields in WordPress.

Here is what I’m looking at doing:

  1. User registers and is set at
    subscriber by default.
  2. User requests from admin to have
    permission to custom post type.
  3. Admin assigns user to another
    permission name like “Shop Owner”.
  4. User can now see custom post type
    and can make an entry to this post
  5. User can only see and edit their own

I need help on the following:

  1. How to create a new “Role” called
    “Shop Owner”,
  2. How to give the correct permission
    to said role to only see and have
    access to custom post type.
  3. Only allow user to see and edit
    their own posts to this custom post

Ideally I would prefer this was all done from the wp-admin but I’m guessing that I might need to build a front end for this to get the finite control I’m after.

Any input is greatly appreciated.

Kind Regards


Use Justin Tadlock’s plugin “Members”. It gives you the ability to create new roles and edit existing roles, as well as add custom capabilities. All that work that you’d have to do can be taken down to a few clicks.

I know you said in your comment on ZaMoose’s answer that you are ‘looking to write the functionality myself so I have full control over everything.’ That’s missing the whole point of open source software. Justin Tadlock released his plugin so you could use it precisely so you WOULD have complete control over everything.

If you really really want to reinvent the wheel, potentially wasting hundreds of hours of your own time I can’t stop you, but you could at least save yourself the trouble and use Tadlock’s plugin to learn how to do what you want.

Once you have a plugin that does what you want, you’ll need to change the 'map_meta_cap' flag to true and the 'capability_type' flag in your post type registration function so that it says something other than ‘post’, ‘page’, or any other ‘reserved’ type. Then, duplicate all the capabilities related to posts (e.g. edit_posts, edit_others_posts, publish_posts, etc.), using your capability type instead of posts. Make sure to assign all these permissions to administrators (you won’t be able to see the post type until you do this), then create your role, mimicking the ‘contributor’ role’s abilities for your post type.

For example, say your capability type was foobars, you would want to give ‘shop owners’ the edit_foobars, delete_foobars, and read capabilities. That way they can create their own draft foobars, and delete those drafts, but because they don’t have publish_foobars capabilities, they have to submit them for approval. Because they don’t have edit_published_foobars, all modifications to an approved foobar have to be approved.

Leave a Comment