In your single.php template file:
<?php
if (has_post()) {
the_post();
$user = wp_get_current_user();
$hasPermission = in_array('subscriber', $user->roles);
// or maybe instead of a role, you can check for your custom permission:
// $hasPermission = current_user_can('view_access_codes');
$postTime = get_post_time('U', true);
$timeThreshold = time() - 60 * 60 * 1.5;
$hasTimePassed = $postTime < $timeThreshold;
if (!$hasPermission && $hasTimePassed) {
status_header(\WP_Http::FORBIDDEN);
?>
Only registered users can view this page.
<?php
} else {
// print the post
}
}
or with the PHP DateTime object:
$postDate = new \DateTime(get_post_time(DATE_W3C));
$postDate->modify('+90 minutes');
$hasTimePassed = $postDate < new \DateTime();
Beware that the post still can be accessible by other means, such as the REST API or your RSS feed. For these I’d recommend using the the_content filter.