I need to restrict users from editing custom post types that don’t have a taxonomy or custom meta value matching a hidden value in their WP user meta.
We’ve created a custom post type that is an Organization’s profile. Specific users of that Organization will have their own website logins and should be able to edit their Organization’s post and/or any other custom post types that have the same taxonomy.
The common thread is that we have an organization ID matching a value in both the post (which we could setup as a meta field or taxonomy) and that is part of the user’s profile meta when their account is created via a popular CRM’s Single Sign-On plugin.
Example Scenario:
User A signs into website with SSO plugin. As part of that, a common
Organization ID is stored as a meta value in their WP user profile.
They are the first user to sign in and so our code queries the CRM’s
API to get the Organization’s info and programmatically creates a
custom post of type Organization.User B signs into website with SSO plugin. They are part of the same
organization as above. Our code sees that a post of type Organization
with that Organization ID already exists so it skips trying to create it.Users A and B should both be able to edit the custom post that matches
their Organization ID. They may eventually create (and should share) other custom posts with the same ID. They should not be able to see anyone else’s posts within that (or any) custom post type.
Is it possible to restrict multiple users to only be able to edit a post (or posts) where those users have a custom meta key matching the custom post’s custom taxonomy or meta key?
I’ve seen suggestions like "create a custom post type for each user group and restrict it with a plugin like User Role Editor" but I can’t do that as we have literally thousands of members on this particular site and that would be unwieldy.
I can’t supply code in this case because I’m really just looking for ideas around what mechanisms might exist in WordPress, CPT UI, ACF, and some good ol’ fashioned PHP in functions.php that may accomplish this. I should add, we’re not worried about the front-end as page template conditionals can handle that easily enough, it’s just the admin/dashboard stuff that I need some advice on.