User Content Privacy
Learn to ensure privacy of the lecture notes created by different teachers.
Lecture note feature for teachers
We will let teachers create lecture notes on the website. First we will create a new role, teacher, and then give that role access to the Lecture Notes feature developed in the previous lesson. We will also make the lecture notes private so they are accessible only by the teacher who created them.
The "Teacher" role will only have access to the Lectures feature. They will be able to create, edit and delete outlines for their lectures.
Right now only administrators and editors are allowed to create lecture posts. To create a new role, we need to separate the lecture post type from the generic blog posts by adding the following lines when registering the lecture post type in the school-custom-post-types.php file in mu-plugins folder:
<?php$lectureArgs = array(//...'capability_type' => 'lecture','map_meta_cap' => true);
By default custom post types inherit permissions from the default post type. The name of the capability_type does not need to match the post type name. By setting capability type to something unique (other than post) we are effectively setting up brand new permissions that are only applied to this post type. map_meta_cap set to true enforces and requires the permissions for the post type at the right time and place.
Create teacher role
To add a new role, from the admin dashboard sidebar go to "Members," then "Add New Role." The name of the role is Teacher. We want to give the teacher permission to work with the lecture post type. From the "Edit Capabilities" section, choose "Lectures." Since we want lecture notes to be private, only grant the following permissions:
"publish_lectures" to let a teacher create lecture notes.
"edit_lectures" to let a teacher edit notes. This lets the teacher edit the draft versions.
"edit_published_lectures" to let them edit the finalized or published notes
"delete_lectures" to delete their own notes. This will let them delete rough drafts.
"delete_published_lectures" to let them delete the finalized or published notes.
With these five permissions from "Lectures," add the role.
Also remember to edit the Administrator role and grant all capabilities listed in "Lectures." This is because we have separated the Lecture post type from the generic posts and unless the permissions are specifically granted, the "Lectures" option will not appear in the admin dashboard of the administrator.