Custom Post Types and Roles in Wordpress

This is part 2 of a two part WordPress tutorial describing how to add custom user roles and post types with customized permissions using a customer testimonials example.

Click here for Part 1, which shows how to create a Testimonials post type, and give full create, read, update, and destroy (CRUD) permissions to the Administrator and Editor roles. Here, in the second part, I'll create a custom user role that visitors can use to post and edit their own testimonials.

Create a User Role with add_role()

Call add_role() inside functions.php to create a new WordPress role. I'll call my new role a HappyCustomer in hopes of good testimonials (although visitors will never see their 'HappyCustomer' title).

# /wp-content/themes/theme_name/functions.php
# Create HappyCustomer Role for Testimonials
function happy_customer_setup() {
  add_role( 'happy_customer', 'Happy Customer', );
}
add_action( 'after_setup_theme', 'happy_customer_setup' );

add_role takes three arguments, a programmatic name, a display name, and an associative array of capabilities/permissions. Here, I'm leaving out the array of permissions because I'd like to set up similar permissions for other non-admin roles later on (keep your code DRY). If you'd like to describe specific permissions for the HappyCustomer role, then describe them here in an array similar to the $caps array in the code below.

Add Non-Admin Role Capabilities

A HappyCustomer, and other non-administrative roles should have complete permissions over their own testimonials but not be able to do anything with other's testimonials other than see them.

Here's the code for that:

# /wp-content/themes/theme_name/functions.php
# Give other roles Testimonial Capabilities
function add_testimonial_caps_to_non_admin_roles() {
  # Everyone gets these capabilities:
  $caps = array(
    'read',
    'read_testimonial',
    'read_private_testimonials',
    'edit_testimonials',
    'edit_published_testimonials',
    'publish_testimonials',
    'delete_testimonials',
    'delete_published_testimonials',
    'upload_files',
    'edit_files',
  );
  $roles = array(
    get_role( 'author' ),
    get_role( 'contributor' ),
    get_role( 'subscriber' ),
    get_role( 'happy_customer' ),
  );
  foreach ($roles as $role) {
    foreach ($caps as $cap) {
      $role->add_cap( $cap );
    }
  }
}
add_action( 'after_setup_theme', 'add_testimonial_caps_to_non_admin_roles' );

In this code snippet, I collected all the permissions that were appropriate, collected non-administrative roles, and finally assigned permissions to the roles.

Carefully make a decision for each of these permissions. You might not want your HappyCustomer to publish testimonials, edit published testimonials, or upload and edit files. These will all be content that they created but you might want to moderate the publishing to screen inappropriate material.

Tidbit: Removing Unwanted Permissions

When I was getting HappyCustomer set up, I accidentally gave the role some permissions that I did not want them to have. If this happens, you can always add this code snippet to the function above which uses remove_cap() to remove the undesired permissions:

$bad_caps = array(
  'edit_private_testimonials',
  'edit_others_testimonials',
  'delete_private_testimonials',
  'delete_others_testimonials',
);
$roles = array(
  get_role( 'author' ),
  get_role( 'contributor' ),
  get_role( 'subscriber' ),
  get_role( 'happy_customer' ),
);
foreach ($roles as $role) {
  foreach ($bad_caps as $cap) {
    $role->remove_cap( $cap );
  }
}

That's it for now. Let me know if you have any questions or suggestions in the comments :)

References

• WordPress Roles and Capabilities - The Basics
• Ultimate Guide to Roles and Capabilities
• Justin Tadlock's Members Plugin

Check out my next post on Setting Up Ruby on Rails Applications