I have created a custom post-type(i.e. Company Profile) I want to allow a user to create or update only the Profile they own. How can I do this?
Also is there a hook or method that can be checked to determine if the user is the author of the content or not, if the user has created the content then redirect on edit profile.
This function might be able to help you.
It checks if the user can edit other peoples post,
and if they can't, only display his/her own posts in the dashboard.
/*only allow editors and admin to see all posts.*/
function posts_for_current_author($query) {
global $pagenow;
if( 'edit.php' != $pagenow || !$query->is_admin )
return $query;
if( !current_user_can( 'edit_others_posts' ) ) {
global $user_ID;
$query->set('author', $user_ID );
}
return $query;
}
add_filter('pre_get_posts', 'posts_for_current_author');
You can play around with a similar approach, to redirect from user profile.
Related
I have different users registered on my WordPress website with different roles. Apart from the rest of users, I want to allow advertisers (users with advertiser role - advertiser is a custom role that I have created) to place their own products on my site and also manage them. But they need to be limited only to manage (create, edit and delete) their own products, not of others.
So far, I have tried the following code but it seems to be not valid. I am sure I can accomplish my goal using pre_get_posts action and the following function can help me but I need some help in resolving the issues with this code. I am not sure about the post type of products.
Here is the code that I am trying to accomplish my goal with:
function show_specific_advertiser_products( $query ) {
$current_user = wp_get_current_user();
if ( is_admin() && in_array ($query->get( 'post_type'), array( 'woocommerce_products' ) ) && !user_can( $current_user, 'administrator' ) ) {
$query->set( 'author__in', $current_user->ID );
}
}
add_action( 'pre_get_posts', 'show_specific_advertiser_products' );
Any help will highly be appreciated.
The error in your code comes from the post_type… for woocommerce products it's simply product. You will have to replace administrator by your custom user role.
So try the following instead:
add_action( 'pre_get_posts', 'show_specific_advertiser_products' );
function show_specific_advertiser_products( $query ) {
$user = wp_get_current_user();
if ( is_admin() && $query->get( 'post_type') === 'product' && in_array('administrator', $user->roles) ) {
$query->set( 'author', $user->ID );
}
}
Code goes in function.php file of your active child theme (or active theme). It should works.
To resolve stupidity with a 3rd-party plugin, I had to give subscriber level users some edit capabilities that I don't want them to actually have. (This does not give them access to edit links, but they could access the edit URL directly if they were clever.) Since my site has only subscriber and administrative users, I can solve the problem by simply amending the capability check in wp-admin/post.php to require an additional capability that subscribers don't have, like so:
if ( ! current_user_can( 'edit_post', $post_id ))
wp_die( __( 'Sorry, you are not allowed to edit this item.' ) );
Becomes:
if ( ! current_user_can( 'edit_post', $post_id ) OR ! current_user_can('edit_pages'))
wp_die( __( 'Sorry, you are not allowed to edit this item.' ) );
This works perfectly, but I know that it will be overwritten and need to be re-done every time Wordpress updates. Is there a way to apply this fix in a more permanent manner via a filter or similar?
You don't need to modify post.php file. Use this code in your functions.php:
add_filter('user_has_cap',function($allcaps,$need_caps, $args) {
if ($_SERVER['SCRIPT_NAME']=='/wp-admin/post.php' && isset($_GET['action']) && $_GET['action']=='edit' && $args[0]=='edit_post' && ! current_user_can('edit_pages')) {
foreach ($need_caps as $cap) {
unset($allcaps[$cap]);
}
}
return $allcaps;
},10,3);
The above comment works.... and so does this, just add either to your functions file.
function authority_check(){
global $pagenow;
if(is_admin() && !current_user_can('manage-capabilities')){
if(in_array($pagenow,array('post.php')) || in_array($pagenow, array('post-new.php'))){
wp_die(__( 'Sorry, you are not allowed to edit this item.'));
}
}
}
add_action('admin_init', 'authority_check');
Can any one please tell me how can i limit a user to edit only his post.I used the role editor plugin but it allow the user to edit all users post.I'm creating a classified site plugin where a user can post(custom post type)and he can edit his post.
You can user advanced access manager plugin for same.
You can limit a user to only edit their own posts using this bit of code.
function my_authored_content($query) {
//get current user info to see if they are allowed to access ANY posts and pages
$current_user = wp_get_current_user();
// set current user to $is_user
$is_user = $current_user->user_login;
//if is admin or 'is_user' does not equal #username
if (!current_user_can('manage_options')){
//if in the admin panel
if($query->is_admin) {
global $user_ID;
$query->set('author', $user_ID);
}
return $query;
}
return $query;
}
add_filter('pre_get_posts', 'my_authored_content');
function remove_menu_items() {
$current_user = wp_get_current_user();
if ( !current_user_can( 'manage_options' ) ) {
//hides comments menu
remove_menu_page( 'edit-comments.php' );
// hides posts menu
remove_menu_page( 'edit.php' );
hides pages menu
remove_menu_page( 'edit.php?post_type=page' );
}
}
add_action( 'admin_menu', 'remove_menu_items' );
Hope this helps you :-)
This goes beyond posts and media. I have several CPT's and a calendar. Is there a way to have wordpress check the user name and only show content they have created?
In the backend, to filter all post types that are shown and restrict the visualization you can use pre_get_posts.
add_action( 'pre_get_posts', 'users_own_content_so_12761756' );
/**
* Show only posts of the current user in the dashboard
* affects posts, pages, media and custom post types
*/
function users_own_content_so_12761756( $wp_query_obj )
{
// Restrict hook to the backend
if( !is_admin() )
return;
global $current_user;
get_currentuserinfo();
// http://php.net/manual/en/function.is-a.php
if( !is_a( $current_user, 'WP_User') )
return;
if( !current_user_can( 'administrator' ) )
$wp_query_obj->set( 'author', $current_user->ID );
}
After applying this code, you'll notice that the post count is not correct: it'll show the total count and not the user count. To adjust that, refer to this Q&A: Update post counts (published, draft, unattached) in admin interface.
You'll need to care about user roles and capabilities as well, blocking the rights to edit someone else's posts/pages/cpts. That's because a user can type in the browser address example.com/wp-admin/post.php?post=POST_ID&action=edit and access the post, if he/she has the rights to do so.
you can try adding this to the loop
<?php $author = get_the_author();
$current_user = wp_get_current_user();
if($author != $current_user->user_nicename) {
echo "permission denied";
break;
} ?>
I use the members plugin to create a custom-defined role for users.
http://wordpress.org/extend/plugins/members/
I have added a few custom roles to my blog. They work fine and the capabilities are as I have specified. The thing is that every user has a list of 'all' the posts in his posts window. He can only edit his own posts but does see posts written by other users.
How can I add a restriction to the role (or any different way) to make sure a user only sees his own posts?
Try pasting this into your functions.php file. Anywhere, likely at the bottom away from other functions. This should restrict user's from seeing posts that don't belong to them.
I hope this works for you! :)
function posts_for_current_author($query) {
global $pagenow;
if( 'edit.php' != $pagenow || !$query->is_admin )
return $query;
if( !current_user_can( 'manage_options' ) ) {
global $user_ID;
$query->set('author', $user_ID );
}
return $query;
}
add_filter('pre_get_posts', 'posts_for_current_author');