WordPress 3.0 introduces an easy way to add Custom Post Types to your site. It’s super easy to do and has been explained in plenty of tutorials already.
However, not many have explained how to restrict this Custom Post Type to users with certain permissions. In this tutorial, I will show you how to use the excellent Members plugin to restrict your newly created Custom Post Type to only be available for Administrators.
By default, when registering a post type, it inherits the same permissions as Posts. This is fine if you want all users that can publish a Post to be able to publish your Custom Post Type. In my case, though, I only wanted Admins to publish.
Register Post Type
register_post_type('podcasts', array( 'label' => __('Podcasts'), 'singular_label' => __('Podcast'), 'public' => true, 'supports' => array('title', 'editor', 'custom-fields'), 'capability_type' => 'podcast' ) );
The last argument ‘capability_type’ is what we are most interested in for this tutorial. I am using ‘podcast’ to be consistent with the post type, but it can be anything you want. If you were to refresh your site, you will notice that Podcasts doesn’t display. This is because we have not created or assigned the correct capabilities to the Admin role.
Create and Assign Capabilities
Before continuing, make sure you have enabled the “Edit Roles” Members Component and assigned the “edit_roles” capability to the Administrator role.
On the screen where you edit the Administrator role, scroll to the bottom to the New Capabilities section and add the following capabilities:
After you add those capabilities and Update Role, you should now see the Podcasts section is displayed underneath Comments on the left column. Podcasts will only be displayed for users with Administrator access.
Why not create a new Role?
I’m sure there are some of you that are saying “Why not just create a new role and assign the capabilities to that?” Well, you can do that if you want! But, I didn’t want to go to the trouble of reassigning Admin users to my new role just so they could manage the Podcasts. For my purposes, it was a lot easier and faster to edit an existing role.
Role Inheritance coming with WordPress 3.1
Andrew Nacin, a lead WordPress developer, commented on Justin Tadlock’s Meta capabilities for custom post types (a similar tutorial to this one) that register_post_type in WordPress 3.1 will probably have the ability to map to a particular role’s capabilities and you won’t have to follow the steps in this tutorial. But, there’s no hard time line on 3.1 and, until then, you will need to follow the steps outlined in this tutorial.
Hopefully, this makes working with WordPress 3.0 Custom Post Types a little bit easier. Questions or comments welcome.