Welcome to the Treehouse Community

Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.

Looking to learn something new?

Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.

Start your free trial

PHP

Boris Kamp
Boris Kamp
16,660 Points
Posted by Boris Kamp
Boris Kamp
16,660 Points

Restrict access based on custom field and BuddyPress extended profile field

Im using Buddypress to create an easy user management system in Wordpress. I added an extra extended field to this to assign them to a group. I can get the current logged in user's group by using this: $usergroup = bp_get_profile_field_data( 'field=usergroup' );.

Ok next thing, I have a Custom Post Type called News, this News post type exists out out custom fields only and one of them is the target group. Lets say I can select 3 target groups in the publish post section, A (A group users), B (b group users) & C (C group users).

Now I need to restrict access for user group A & B to view a News post with target group C, and A to view B & C, you get it right? the solution that comes to my mind is some kind of an if statement. How would you guys approach this? Thanks!

Andrew Shook
Andrew Shook
31,709 Points
Andrew Shook
Andrew Shook
31,709 Points

Boris, so what you want is to limit viewing access to posts published to groups other then the one the user is in?

Boris Kamp
Boris Kamp
16,660 Points
Boris Kamp
Boris Kamp
16,660 Points

Exactly Andrew! Sorry for my late reply though! forgot about it. Do you have any suggestions?

1 Answer

Andrew Shook
Andrew Shook
31,709 Points
Andrew Shook
Andrew Shook
31,709 Points

Boris, I would check the profile field against the custom field. I would create a custom post type archive template for displaying all the News items. Look [here])(http://codex.wordpress.org/Post_Type_Templates) for more info on custom post type templates. Inside the loop of the template, I would create a custom WP_Query and preform a meta_query to limit the query's returned post to those posts who's custom field does not equal the profile field of the current user. You can look here for more information on meta queries.

This code should give you a good starting point for creating the custom query I'm talking about. If you need more help just let me know.

<?php 
    $usergroup = bp_get_profile_field_data( 'field=usergroup' );
    $args = array(
        'post_type' => 'news',  // or whatever the slug is for your custom post type.
        'meta_query' => array(
            array(
                'key'     => 'CUSTOM FIELD SLUG',
                'value'   => $usergroup,
                'compare' => 'NOT LIKE',
            ),
        ),

    );
    $query = new WP_Query( $args );
?>
<?php if ( $query->have_posts() ) : ?>

  <!-- the loop -->
  <?php while ( $query->have_posts() ) : $query->the_post(); ?>
    <h1> PUT YOUR CUSTOM DISPLAY CODE FOR YOUR CUSTOM POST TYPE</h1>
  <?php endwhile; ?>
  <!-- end of the loop -->

  <?php //wp_reset_postdata(); ?>

<?php else:  ?>

<?php endif; ?>

I've never used BuddyPress, so I'm not sure if you'll nee to pass the bp_get_profile_field_data() function the user's ID if your not on the profile page.

Boris Kamp
Boris Kamp
16,660 Points
Boris Kamp
Boris Kamp
16,660 Points

I think you're onto something different. Let me try to elaborate a little bit more. There are four 'user' groups:

  1. Public site visitors (not logged in)
  2. Fund 01 visitors (logged in users)
  3. Fund 02 Visitors (logged in users)
  4. The Site Admin

There are four news categories, in the brackets is shown who is allowed to view the article:

  1. Public News (Everybody)
  2. Fund 01 News (Fund 01 visitors & Site Admin)
  3. Fund 02 News (Fund 02 visitors & Site Admin)
  4. General Fund News (Fund 01 visitors & Fund 02 visitors & Site Admin)

Fund 01 & Fund 02 & General Fund News articles are only shown (as links in a list) from a special user page where logged in users will be redirected to when they log in. This means, in theory, that Fund news (all three categories) can never be accessed from the front-end by public visitors, because they have no links to the articles. And Fund 01 visitors can never access Fund 02 news, because they have no link to the articles.... But thats just theory, what if they find out the url somehow (which is very unlikely)? then a Fund 01 or Public visitor is able to view a Fund 02 news article.

So I just need an extra layer of protection to ensure that WP will check a user's role against the news article's category. if they match, display the article, if not (else) display a custom message. In my opinion this has to be done with some kind of if statement, and not with the WP_Query.

Do you understand where Im getting? It's not about displaying content by loop, but about checking if a user is allowed to view the page he's at.

Thanks for trying to help me out! Im sure you'll be able to help me out