Term
Syntax
Term:<taxonomy-slug>:<term-ID|term-slug>Term:<taxonomy-slug>:<term-ID|term-slug>:posts
Definition
Redefine how other users can access any term or posts associated with it (either tagged or assigned to it). The term is a general definition for a category, tag, or any term that belongs to a custom taxonomy.
Each term identifies by three attributes:
- taxonomy. For example,
categoryorpage_category. - numeric ID (e. g. 34, 14, 78).
- slug. For example,
uncategorized,science, etc.
When defining the Term resource, you should provide taxonomy, and either term ID or slug. For example if you need to restrict ability to assign any posts to the "Houses" category (slug houses) you can define following statement:
{
"Statement": [
{
"Effect": "deny",
"Resource": "Term:category:houses",
"Action": "Assign"
}
]
}
The Term resource supports several actions that allow defining more granular access to what users can/cannot do with a term. This way, you can ensure that the term of the specific taxonomy is protected, disregarding the post type it belong to (in WordPress core, when registering taxonomy, there is a way to specify a list of associated post types).
Browse Action
Manage the ability to browse a term directly. In other words - see the list of posts that belong to the term. This is typically used to organize content on the frontend where a user can navigate to a link like /category/science and see the list of all pages that are tagged with the "Science" category.
The following statements deny access to browse all categories except one - the "Free Courses".
{
"Statement": [
{
"Effect": "deny",
"Resource": "Taxonomy:category:terms",
"Action": [
"Browse"
]
},
{
"Effect": "allow",
"Resource": "Term:category:free-courses",
"Action": [
"Browse"
]
}
]
}
List Action
Manage term’s visibility. In other words - hide the term however, allow direct access with URL. In the example statement below, we hide the "Private" order category if the request is a RESTful API.
{
"Statement": [
{
"Effect": "deny",
"Resource": "Term:order_category:private",
"Action": [
"List"
],
"Condition": {
"Equals": {
"(*bool)${CONST.REST_REQUEST}": true
}
}
}
]
}
Edit Action
Manage the ability to edit a term. The sample statements below allow editing the "History" category if a user has the email domain example.com.
{
"Statement": [
{
"Effect": "deny",
"Resource": "Term:category:history",
"Action": [
"Edit"
],
"Condition": {
"NotLike": {
"${USER.user_email}": "*@example.com"
}
}
}
]
}
Delete Action
Manage the ability to delete a term. The sample statement restricts the ability to delete the "Favorite" image category that has ID 7.
{
"Statement": [
{
"Effect": "deny",
"Resource": "Term:image_category:7",
"Action": "Delete"
}
]
}
Assign Action
Manage the ability to assign a term to posts. It is a helpful constraint if you do not want your users to assign posts to any given term. For example, the statement below restricts the ability to assign regular WordPress posts only to the "Uncategorized" category.
{
"Statement": [
{
"Effect": "deny",
"Resource": "Taxonomy:category:terms",
"Action": [
"Assign"
]
},
{
"Effect": "allow",
"Resource": "Term:category:uncategorized",
"Action": [
"Assign"
]
}
]
}
Term Posts
The Term resource is a good option to target all the posts that are tagged or assigned to a specific term. In this case, you can use all supported Post resource actions.
For example, the following statement denies the ability to see, directly access, and comment on posts that belong to the "Courses" category.
{
"Statement": [
{
"Effect": "deny",
"Resource": "Term:category:courses:posts",
"Action": [
"List",
"Read",
"Comment"
]
}
]
}