Primary

Access Control

Here we are going to explain how to use Groups Restrict Categories to control access with the standard WordPress taxonomy Categories. These are related to posts, so that if we restrict access to a category, the posts that belong to it are also protected.

We will use Categories for our purposes, although you can apply the same for any other supported taxonomy. To follow our examples for Categories, please make sure that access restrictions are enabled for these.

Go to Groups > Restrict Categories, the Category option should be checked. If it isn’t, check that option and hit the Save button.

Starting from Groups 2.x and Groups Restrict Categories 2.x, access control is based directly on groups. The following sections describe how to control access based on groups and alternatively based on capabilities as used previously in Groups 1.x and Groups Restrict Categories 1.x. We recommend to use access control based on groups – alternatively, capabilities are supported when legacy access control is enabled in Groups 2.x with Groups Restrict Categories 2.x or when you are using Groups 1.x with Groups Restrict Categories 1.x.

Access Control based on Groups

This section describes access control based on groups with Groups Restrict Categories 2.x and Groups 2.x. This is the recommended way to control access on posts through categories.

Creating a new restricted Category

To create a new restricted category we simply go through the simple process used to add a category as usual, there’s just an additional field where we can use an existing group to control access and where we can also create a new group for that purpose.

Go to Posts > Categories > Add New Category and you will find the additional field labeled Read. Input at least the new category’s name. Now proceed to choose a group to restrict access:

  • If you are going to use an existing group to restrict access to this new category, click in the field and review the list of existing groups that appears – you must be a member of a group to use it here. You can also start typing part of the name of the desired group to reduce the list of choices. Click the desired group.
  • If you are going to add a new group, simply input its name in the field. The group will be created and your user account will be added to it.

Once you have selected or indicated the group, click the Add New Category button.

Here’s an example where we select the Premium group to control access.We’ve chosen to call this new category Premium as well, and this is how our new entry looks like in the list of categories.As you can see, in the Groups column we can see the name of the group that is required to access posts in this category we have just added: Premium. Just to be clear, we could have chosen any name for our new category, Shoes, Fruit … it doesn’t matter. Let’s add another category which is also protected by the Premium group and see what we get in our list:

Restricting an existing Category

For existing categories, it’s equally simply to set an access restriction based on a group. Simply go to Posts > Categories and click the desired category’s name or hover over the desired entry and you will see the Edit and other links.

Clicking the category’s name or Edit link will take you to the editing screen where you will find the Read field we have already seen when creating a category. You can choose an existing group here or indicate the name of a new one you would like to create to restrict access to posts in this category.In this case we have selected two groups that will grant access to posts in this category, Gold and Premium, so that members of any of these two groups will be allowed to access its posts. After clicking the Update button and going back to the list of categories, we can see that these two groups now appear in the Groups column for this entry.Our category is now restricted to members of these two groups.

Access Control based on Capabilities

The following applies to Groups Restrict Categories 1.x or Groups Restrict Categories 2.x and Legacy Access Control enabled in Groups 2.x. For systems running Groups 2.x and Groups Restrict Categories 2.x, we recommend to use access control based on groups instead.

Enforce read accessLet’s walk through a simple example with a new category. This would be a good example if you have just installed Groups and Groups Restrict Categories. Here we will create a new category, a new group and a new capability in one single step.

Go to Posts > Categories and under Add New Category, input “Premium” (without the quotes) in the Name field. Move down and under “Enforce read Access” you will find two fields. We will use the second field for this example*. The second field is usually showing a placeholder text that says “Quick-create group & capability”. Input “Premium” in that field and then click the “Add New Category” button.

You will find your new category in the list of categories showing premium in the Access Restrictions column.

Assuming that you have just installed Groups and Groups Restrict Categories, you have just created three entities: a new “Premium” category, a new “Premium” group and a new “premium” capability. Only users who belong to the Premium group will be able to access this category and the posts that are in it. If one of those already existed, they would have been re-used and related appropriately.

Edit Category

Note that although in this example the category is named Premium and we have used the quick-create feature to create a group of the same name, we could have used Bunnies in the quick-create field instead. It doesn’t make a difference, although in this case it’s just easier to follow conceptually.

* The first field lets you choose a capability, the second one lets you input a name. If you do not see the second field, or none at all, that means that you do not have sufficient privileges and you will need to ask an administrator to grant access or define the necessary entities for you.

Note that when a taxonomy is restricted ( e.g. a Category) and is also added in the navigation menu, it will appear for all users, but only authorized users can visit and see its contents.

If you already have defined a capability and enabled it for access restriction, then you can choose it in the Enforce read access field. Note that only members of a group that has the capability assigned will be able to access the category.

Restricting an existing Category

Go to Posts > Categories and click Edit for the desired category (if you don’t see the Edit link, move the cursor over the category’s name).

Under “Enforce read access” you will find two fields, the first field allows to choose from existing capabilities that are enabled for access restriction. The second field allows to define a new group and capability on the fly, this second field is only available for Groups administrators, if you do not see this field, you will only be able to apply access restrictions which have already been granted to you by an administrator using the first field. If you are not being offered any access capabilities to restrict a category, you will have to ask an administrator to enable one for you.

Taxonomies and Terms

By default, WordPress provides two taxonomies for which access restrictions can be enabled. These are Categories and Tags, as you may already know, you can assign posts to categories and indicate meaningful tags that are related to the content of a post.

When you create a category in WordPress, you are actually creating a taxonomy term, the same applies for tags and other custom taxonomies. Groups Restrict Categories lets you restrict access to the terms, for example a category or a tag, and to the posts that are related to the term.

taxonomies

The instructions provided for categories apply to any taxonomy as long as the way it is provided is through the standard facilities that WordPress provides. If an extension does not adhere to the way these are handled by WordPress, the restrictions and features described could not apply fully. If that’s the case, it would be a good idea to alert the extension’s author to the fact and ask them to make their taxonomies more WordPress-compliant.