I'm creating a wordpress site where the registered user has the ability to create his own post via wp_editor() on the frontend, but just one post.
Now I want to restrict the user to be able to only see his uploaded media. I use the following script in the functions.php, which works in the backend. So if a user goes to the media section in the backend he will only see his uploaded media.
But if the user goes to "insert media" pop-up on the frontend wp_editor he can still see the uploaded media from all the users.
function restricted_media_view( $wp_query ) {
if ( strpos( $_SERVER[ 'REQUEST_URI' ], '/wp-admin/upload.php' ) !== false
|| strpos( $_SERVER[ 'REQUEST_URI' ], '/wp-admin/edit.php' ) !== false ) {
if ( !current_user_can( 'level_5' ) ) {
global $current_user;
$wp_query->set( 'author', $current_user->id );
}
}
}
add_filter('parse_query', 'restricted_media_view' );
Do you have any idea hot to solve this annoyance? Thank you!
You might try this plugin: http://wordpress.org/extend/plugins/view-own-posts-media-only/
Alternatively try this:
add_action('pre_get_posts','ml_restrict_media_library');
function ml_restrict_media_library( $wp_query_obj ) {
global $current_user, $pagenow;
if( !is_a( $current_user, 'WP_User') )
return;
if( 'admin-ajax.php' != $pagenow || $_REQUEST['action'] != 'query-attachments' )
return;
if( !current_user_can('manage_media_library') )
$wp_query_obj->set('author', $current_user->ID );
return;
}
Source: http://wpsnipp.com/index.php/functions-php/restricting-users-to-view-only-media-library-items-they-upload/#comment-810649773
alternatively since WordPress 3.7
add_filter( 'ajax_query_attachments_args', "user_restrict_media_library" );
function user_restrict_media_library( $query ) {
global $current_user;
$query['author'] = $current_user->ID ;
return $query;
}
I use API/Filter Reference/ajax query attachments args for WP 4.3.1 and works
add_filter( 'ajax_query_attachments_args', 'show_current_user_attachments', 10, 1 );
function show_current_user_attachments( $query = array() ) {
$user_id = get_current_user_id();
if( $user_id ) {
$query['author'] = $user_id;
}
return $query;
}
just add on functions.php
or check this link WP Codex
Related
I have a woocommerce store.
Its an affiliate store.
I want that when clicked on the featured image on the shop page it goes to an external website
I have added below code to my function.php its working fine just need to know what code and where is to be added to open it in a new tab
**<?php // Do not include this if already open!
/**
* Code goes in theme functions.php.
*/
add_action( 'template_redirect', 'redirect_external_products' );
function redirect_external_products() {
global $post;
if ( is_singular( 'product' ) && ! empty( $post ) && ( $product = wc_get_product( $post ) ) && $product->is_type( 'external' ) ) {
wp_redirect( $product->get_product_url() );
exit;
}
}**
There is no way to redirect in a new tab, I will suggest adding "target='_blank'" to the tag where you display the featured image with probably the same condition as in the function above. The hacky way maybe
add_action( 'template_redirect', 'redirect_external_products' );
function redirect_external_products() {
global $post;
if ( is_singular( 'product' ) && ! empty( $post ) && ( $product = wc_get_product( $post ) ) && $product->is_type( 'external' ) ) {
echo "<script> window.open(" . $product->get_product_url() . ", '_blank') </script>";
}
}
But I strongly suggest you not to go this way!!
I need to rehash the password which the user entered during Wordpress registration (I use WooCommerce)
Im successfully able to do this with
add_action( 'user_register', 'myplugin_registration_save', 10, 1 );
function myplugin_registration_save( $user_id ) {
if ( isset( $_POST['password'] ) ) {
update_user_meta($user_id, 'user_pass2', password_hash($_POST['password'], PASSWORD_DEFAULT));
}
}
however I need to do this for 2 more occasions , profile update and reset password
I wrote
function my_profile_update( $user_id ) {
if ( ! isset( $_POST['password'] ) || '' == $_POST['password'] ) {
return;
}
update_user_meta($user_id, 'user_pass2', password_hash($_POST['password'], PASSWORD_DEFAULT));
$x = $_POST['password'];
echo '<script language="javascript">';
echo 'alert('.$x.')';
echo '</script>';
// password changed...
}
add_action( 'profile_update', 'my_profile_update' );
it doesnt work at all
function my_profile_update( $user_id ) {
if ( ! is_admin() ) {
update_user_meta($user_id, 'user_pass2', (string) $_POST['password_1']);
}
// password changed...
}
add_action( 'profile_update', 'my_profile_update' );
What hooks would I use for the functions file in order to make it so that all non-admin users can't see all posts with a specific custom post_status in the wp-admin back-end. BUT it is still able to be queried and looped through the WordPress post loop?
With pre_get_posts you should be able to get started (to hide posts from the admin screen). You may also want to check the post type, etc.
function filter_posts( $wp_query ) {
if ( is_admin() ) {
$user = wp_get_current_user();
$post_status = 'draft';
if ( ! in_array( 'administrator', $user->roles ) ) {
$wp_query->set( 'post_status', $post_status );
}
}
}
add_action( 'pre_get_posts', 'filter_posts', 10 );
To disallow users to edit posts with that specific status, you should do:
function restrict_post_editing(){
global $post;
$post_status = 'draft';
if ( get_post_status( $post ) == $post_status ) {
$user = wp_get_current_user();
if ( ! in_array( 'administrator', $user->roles ) ) {
do_action('admin_page_access_denied');
wp_die( __('You cannot modify or delete this entry.') );
exit;
}
}
}
add_action('edit_post', 'restrict_post_editing', 10, 1);
add_action('wp_trash_post', 'restrict_post_editing', 10, 1);
add_action('before_delete_post', 'restrict_post_editing', 10, 1);
I am trying to add a custom stylesheet to the TinyMCE editor in a WordPress plugin I am developing. The WP codex tells me to use the mce_css filter, but it does not seam to work.
As soon, as I use the filter, all the theme's custom stylesheets disappears from the editor, but my custom stylesheet is still not there.
See the following two screenshots, the first without the filter, the second with the filter activated:
Here is my code:
class test_plugin {
function __construct($args = array()){
if ( is_admin() ){
add_action('admin_head', array( $this, 'admin_head') );
add_action( 'admin_enqueue_scripts', array($this , 'admin_enqueue_scripts' ) );
}
}
function admin_head() {
if ( !current_user_can( 'edit_posts' ) && !current_user_can( 'edit_pages' ) ) {
return;
}
if ( 'true' == get_user_option( 'rich_editing' ) ) {
add_filter( 'mce_css', 'plugin_mce_css' );
}
}
function admin_enqueue_scripts(){
// wp_enqueue_style('fa_icon_shortcode', plugins_url( 'css/mce-button.css' , __FILE__ ) );
}
function plugin_mce_css( $mce_css ) {
if ( ! empty( $mce_css ) )
$mce_css .= ',';
$mce_css .= plugins_url( 'editor.css', __FILE__ );
return $mce_css;
}
}
new test_plugin();
Any idea what goes wrong here?
It actually was a pretty simple solution. Since I am using OOP, I had to add the filter with
add_filter( 'mce_css', array( $this , 'plugin_mce_css' ) );
instead of
add_filter( 'mce_css', 'plugin_mce_css' );
Works like charm!
I am using the Yoast SEO plugin in WordPress and wanted to know if there was a way to make it only visible to one specific user in the db or in the functions.php file? Not a role, an actual user.
I tried an universal solution to simply add "plugin-name" and disable it, but failed.
But, to show WPSEO only to a specific user (ID equals 2), the following works:
add_action( 'plugins_loaded', 'seo_so_25654837' );
function seo_so_25654837()
{
if ( '2' == get_current_user_id() )
return;
remove_action( 'plugins_loaded', 'wpseo_admin_init', 15 );
}
Don't add the code to functions.php, use it as a normal plugin.
The following is also needed to remove the SEO menu from the admin bar:
add_action( 'wp_before_admin_bar_render', 'bar_so_25654837' );
function bar_so_25654837()
{
if ( '2' == get_current_user_id() )
return;
global $wp_admin_bar;
$nodes = $wp_admin_bar->get_nodes();
foreach( $nodes as $node )
{
if( !$node->parent )
{
if( 'wpseo-menu' === $node->id )
$wp_admin_bar->remove_menu( $node->id );
}
}
}
You can hook to pre_current_active_plugins to remove elements from the table before it is displayed. Using get_current_user_id() within the function will let you selectively hide a plugin.
function hide_plugins_by_user( $all_plugins=false ) {
global $wp_list_table;
// if the current user ID is not 1, hide it.
if ( 1 != get_current_user_id() ){
// the active plugins from the table
$plugins = $wp_list_table->items;
// loop through them
foreach ( $plugins as $key => $val ) {
// use the dir + filename of the plugin to hide
if ( $key == 'plugindir/plugin.php' ) {
unset( $wp_list_table->items[$key] );
}
}
}
}
add_action( 'pre_current_active_plugins', 'hide_plugins_by_user' );
This code is working fine (Credits goes to Hislop):
// Returns true if user has specific role
function check_user_role( $role, $user_id = null ) {
if ( is_numeric( $user_id ) )
$user = get_userdata( $user_id );
else
$user = wp_get_current_user();
if ( empty( $user ) )
return false;
return in_array( $role, (array) $user->roles );
}
// Disable WordPress SEO meta box for all roles other than administrator and seo
function wpse_init(){
if( !(check_user_role('seo') || check_user_role('administrator')) ){
// Remove page analysis columns from post lists, also SEO status on post editor
add_filter('wpseo_use_page_analysis', '__return_false');
// Remove Yoast meta boxes
add_action('add_meta_boxes', 'disable_seo_metabox', 100000);
}
}
add_action('init', 'wpse_init');
function disable_seo_metabox(){
remove_meta_box('wpseo_meta', 'post', 'normal');
remove_meta_box('wpseo_meta', 'page', 'normal');
}
Just place it in the functions.php file.
To disable the Yoast for all the users and enable it for just for few or specific, just add the following piece of code to your function.php file.
function remove_wpseo(){
/* if you want to keep it enabled for user with id 2 */
if ( '2' == get_current_user_id() ) {
return;
}
global $wpseo_front;
if(defined($wpseo_front)){
remove_action('wp_head',array($wpseo_front,'head'),1);
}
else {
$wp_thing = WPSEO_Frontend::get_instance();
remove_action('wp_head',array($wp_thing,'head'),1);
}
}
add_action('template_redirect','remove_wpseo');
Reference: https://makersbyte.com/disable-yoast-seo-plugin-specific-page/