Hi,
I have a custom post type sdm_downloads that links to files.
I want to control what registered users can download using capabilities.
First I assign them differently to different user roles like this:
{
"Version": "1.0.0",
"Dependency": {
"wordpress": ">=5.3.2",
"advanced-access-manager": ">=6.2.2"
},
"Statement": [
{
"Effect": "allow",
"Resource": [
"Capability:descarga-manuales",
"Capability:descarga-documentacion-de-montaje",
"Capability:descarga-fichas-tecnicas"
]
}
],
"Param": []
}
Now I have a global policy that denies correctly or allow me to read the custom post correctly. The problem is that direct access to file (.../wp-content/uploads/2020/05/file.pdf) is denied:
{
"Version": "1.0.0",
"Dependency": {
"wordpress": ">=5.3.2",
"advanced-access-manager": ">=6.2.2"
},
"Statement": [
{
"Effect": "deny",
"Resource": [
"PostType:sdm_downloads:posts"
],
"Action": [
"List",
"Read",
"Comment"
]
},
{
"Effect": "allow",
"Enforce": true,
"Resource": [
"PostType:sdm_downloads:term:sdm_categories:%s:posts => ${USER.capabilities}",
"PostType:sdm_downloads:term:media_category:%s:posts => ${USER.capabilities}"
],
"Action": [
"Read"
]
}
]
}
I tried with Term resource in allow part without success too. For example, any of these worked:
"Term:sdm_categories:%s:posts => ${USER.capabilities}",
"Term:media_category:%s:posts => ${USER.capabilities}"
"Term:category:%s:sdm_downloads => ${USER.capabilities}"
"Term:sdm_categories:%s:sdm_downloads => ${USER.capabilities}"
"Term:sdm_categories:%s => ${USER.capabilities}"
"Term:sdm_categories:%s:posts => ${USER.capabilities}"
There is a better way? Or any clues to solve this?