Restrict frontend view to post author (and administrator) - wordpress

I have a custom post type (audits). I am trying to make the each post only viewable in the frontend by the post author, and the administrator. So, essentially a private post only for logged in users that match the post author id and admin.
I've seen many answers for how to restrict the posts in the admin dashboard, but none for front end, since most posts are usually public.
Any help is greatly appreciated!

I would say that the approach depends on what you want the user to see if they are denied access to the post. Would you want to display a message saying you cannot view this post? Or throw a 404?
If you wanted to throw a 404, you could use the template_redirect action hook.
add_action('template_redirect', 'hide_from_unauth_users');
function hide_from_unauth_users() {
$author = get_the_author();
$user = wp_get_current_user();
$is_author = "some logic to determine if this is the author";
if( current_user_can('administrator') || ! is_user_logged_in() || ! $is_author ) {
//throw 404 and include 404.php template
}
}
If you wanted to display a message to the user, then you would simply run the exact same logic above on the actual single.php template and display an authorized message instead of the post title, content, etc.
Hope this points you in the right direction.

Related

Wordpress errors from shortcodes being executed on edit page

I am writing a wordpress plugin.
I have noticed in my debug log that i get a lot of PHP errors thrown because my shortcodes are being executed on the admin edit pages and therefore the relevant data is not available because the shortcode is loading dynamic data based upon the user front end. For example i have a function:
function myFunction_availability() {
if (is_admin()) return; // tried adding this but still get the issue
$product = $this->myFunction_get_current_product();
return "<div class='product-availability'>{$product->availability}</div>";
}
Works fine from the front end, but whenever i load the edit page from admin area i get in my log:
PHP Warning: Attempt to read property "availability" on null in /home/vagrant/yodahwp/wp-content/plugins/yodah/class.yodah.php on line 1602
As you can see from my code, i tried adding is_admin() to exit out of the function if viewing an admin page (i.e. the edit post page) but this does not seem to work.
Do any wordpress whizzes have an answer for this? I am a bit surprised that shortcodes are executed on the admin edit pages, or am I missing something?!
Thanks
This is an old question. Usually, this happens when using visual builders.
One solution is to write a condition to check if the product exists.
If using woocommerce you can try:
$product = wc_get_product( get_the_ID() );
if($product){
//continue
}
In your case, you should edit your myFunction_get_current_product() method and verify there if the product exists.

Rewrite custom post type URL in search

I have a website in which I have a custom post type (guest authors from CoAuthors Plus). With a plugin I managed to make post of custom type "guest author" searchable by WordPress legacy search.
Now, the authors are correctly shown in search results. Although, they are linked to a wrong page, /?post_type=guest-author&p=2148, which brings to a 404.
I'd like to be able to get the URL, interprete it, and redirect to the correct page (which is in the form of /archives/author/name-surname/.
I'm trying to get it working with a rewrite URL, but I'm not able to catch the data and formulate the rewrite.
The following code changes the permalinks for guest-authors. It uses the methods from the CoAuthor plugin that output the guest authors link.
At least now you have the correct links according to the plugin's intentions.
They will be in the form:
{site_url}/author/{author_slug}
Here is the code to include in functions.php:
function adjust_permalink($permalink, $post){
$post_type = get_post_type($post);
if($post_type === 'guest-author'){
global $coauthors_plus;
$author = $coauthors_plus->get_coauthor_by('ID', $post->ID);
$permalink = get_author_posts_url( $author->ID, $author->user_nicename );
}
return $permalink;
}
add_filter('post_type_link','adjust_permalink',10,2);
Now, you should be able to create your template php file for author in your theme: author.php

Redirect draft/preview URL to permalink AFTER post is published

I've experienced a problem several times where a draft/preview URL for a post is being widely circulated by accident, and I am unable to edit/correct the link (ex. sent in an email newsletter) to the permalink. When someone tries to visit the draft/preview URL, they are not able to access the post, even after it has been published and made public.
Are there solutions that would take anyone trying to access a post using a draft/preview URL and redirect them to the public permalink URL for the post IF said post has been published?
I'd really appreciate any ideas from the community.
You need to submit the reference code for better help.
Anyway, if you have or can get the post id than you may try redirect using get_post_status() function.
<?php
// get the post id from your draft/preview url
global $post;
$id = $post->ID;
// check if the post for the id is published
if ( 'publish' == get_post_status( $id )) {
wp_redirect(get_permalink($id));
exit;
}
?>

WordPress not recognizing user is logged in

I want ONLY users who are logged in to view my WordPress site and the code I'm using is:
add_action('template_redirect', 'admin_redirect');
function admin_redirect() {
if ( !is_user_logged_in()) {
auth_redirect();
}
}
PROMLEM: if I send a hyperlink every time the user clicks it they are asked to sign in again.
Can you not just put
auth_redirect();
into your functions.php file?
This should redirect users who aren't logged in to the log in page but remember which page they were trying to access. Then when they log in it should redirect them to their destination page.
Is this not working?
From my understanding of auth_redirect(), you shouldn't have to place that check around it. The function actually handles that check itself as shown in the Codex
Also, I'd recommend moving this function into your header. By simply calling auth_redirect() in your header (which should be called on each and every page anyways), you can check if the user is logged in. If not, they should be bounced to the wp-login page.
Edit:
add_action( 'template_redirect', function() {
is_user_logged_in() || auth_redirect();
});
The folks over at the WordPress Exchange are much better with this sort of stuff. Found this link here.

Wordpress secure way to have Private/Public posts

I've asked a few questions trying to solve this simple problem, but nothing seems to work.
Whats the recommended way to have private/public posts? I want to have a site that if an author/editor/administrator are logged in every private post and public post are viewable/searchable. If the user is not logged in only public posts a viewable.
I have thought about/tried doing this a number of ways. A simple way I achieved this way using a WP_Query to include/excluded all posts with a custom field "Private" when logged in/out.
While this worked fine I have two problems with it, how secure is it? and It requires a custom field, when Wordpress already has private post functionality.
The other way I have tried is to use Wordpress built in Private post feature but I cant get the private post to show up on the front-end. They show up in the edit screen for allowed users and in the loop(front-end) for admins but not editors or authors....
Using wordpress built in functions is my perferrred method but just cant get it to work correctly.
any suggestions or help? Someone must have done this without the need for a custom field?
thanks
You dont need to use a meta field to get private posts, its available on the wp query post_status parameter.
$args = array( 'post_status' => array( 'publish' ) ); // regular users
if ( is_user_logged_in() ) {
// signed in users
$args['post_status'][] = 'private';
}
$query = new WP_Query( $args);
I believe the most appropriate in your case is to use WordPress capabilities. Editors are already able to view private posts/pages on the front-end if logged in (because they have the read_private_posts capability).
Here's an example of how you would make private posts/pages viewable by author user role.
function so0805_init_theme_add_capabilities(){
/* allow authors to view private posts and pages */
$role_author = get_role('author');
$role_author->add_cap('read_private_pages');
$role_author->add_cap('read_private_posts');
}
add_action('init', 'so0805_init_theme_add_capabilities');
Paste this code inside functions.php of your theme.

Resources