Wordpress - Creating "static" taxonomies to choose from, inside custom post type?

There's a much simplier (and more secure way*) way than hiding the user interface (show_ui=false) and adding a custom metabox to only display terms: removing the user's ability to manage terms.

If you remove the capability of the user to manage terms not only do you have a secure solution, but user interface takes care of itself. As part of the register_taxonomy() you can specify the capabilities the user must have to manage/edit/delete and assign terms.

 register_taxonomy( 
    'categories',
    array( 'blurb' ),
    array( 
      ...
      'show_ui' => true,
      'capabilities' => array(
        'manage_terms' => 'a_capability_the_user_doesnt_have',
        'edit_terms'   => 'a_capability_the_user_doesnt_have',
        'delete_terms' => 'a_capability_the_user_doesnt_have',
        'assign_terms' => 'edit_posts'
      ),
      ...
    )
 )

For the first three you'll want to set the capability to something the user doesn't have. In fact, leaving it as above will probably do. If you still want to manage/edit/delete terms you can always use a capability that you have but your client does (can they manage_options, for instance?). That will allow you to create and maintain the 'static' list. Or you can simply do that before you make the above changes.

Lastly you'll want to give a capability to assign_terms the user does have. By default, it is edit_posts, so you're probably ok to leave it at that. However you may want to create a new capability edit_blurb, so that you can allow your user to edit blurbs, but not posts.

WordPress, then handles the rest. As the user cannot manage/edit/delete terms, the admin menu is gone. Furthermore the metabox on the edit blurb page displays only existing terms, and the user cannot add/remove or edit any.

*Remember that hiding UI doesn't remove the user's ability to edit, and delete terms, it just hides it.


  1. Make it show_ui => false

    Then to show it on the post edit screen add the box manually

    add_action('add_meta_boxes', 'meta_boxes_function');

function meta_boxes_function() {
     add_meta_box('categoriesdiv', 'categories', 'post_categories_meta_box', 'blurb', 'side', null, array('taxonomy' => 'categories'));
}

  2. use this code for every static term

    if(!term_exists('term1', 'categories'))
    wp_insert_term('term1', 'categories');

Tags:

Customization

Taxonomy

Categories

Custom Post Types

Menus

Related

Wordpress - Define WP_DEBUG conditionally / for admins only / log errors (append query arg for all links?) Wordpress - check if registered sidebar is active & has widget content Wordpress - How to obtain the user ID of the current profile being edited in WP-Admin? Wordpress - Hook for post and page load Wordpress - How to delete post revisions? Wordpress - Add Custom User Capabilities Before or After the Custom User Role has Been Added? Wordpress - Where does the Media Library live in the database? Wordpress - Most efficient way to add javascript file to specific post and/or pages? Wordpress - Shortcode output always showing at top of page Wordpress - register_post_status and show_in_admin_all_list Wordpress - Remove some pages from search Wordpress - Why doesn't wp_update_post() update the post_status field?

Recent Posts