This goes beyond posts and media. I have several CPT's and a calendar. Is there a way to have wordpress check the user name and only show content they have created?
In the backend, to filter all post types that are shown and restrict the visualization you can use pre_get_posts.
add_action( 'pre_get_posts', 'users_own_content_so_12761756' );
/**
* Show only posts of the current user in the dashboard
* affects posts, pages, media and custom post types
*/
function users_own_content_so_12761756( $wp_query_obj )
{
// Restrict hook to the backend
if( !is_admin() )
return;
global $current_user;
get_currentuserinfo();
// http://php.net/manual/en/function.is-a.php
if( !is_a( $current_user, 'WP_User') )
return;
if( !current_user_can( 'administrator' ) )
$wp_query_obj->set( 'author', $current_user->ID );
}
After applying this code, you'll notice that the post count is not correct: it'll show the total count and not the user count. To adjust that, refer to this Q&A: Update post counts (published, draft, unattached) in admin interface.
You'll need to care about user roles and capabilities as well, blocking the rights to edit someone else's posts/pages/cpts. That's because a user can type in the browser address example.com/wp-admin/post.php?post=POST_ID&action=edit and access the post, if he/she has the rights to do so.
you can try adding this to the loop
<?php $author = get_the_author();
$current_user = wp_get_current_user();
if($author != $current_user->user_nicename) {
echo "permission denied";
break;
} ?>
I use the members plugin to create a custom-defined role for users.
http://wordpress.org/extend/plugins/members/
Related
I have different users registered on my WordPress website with different roles. Apart from the rest of users, I want to allow advertisers (users with advertiser role - advertiser is a custom role that I have created) to place their own products on my site and also manage them. But they need to be limited only to manage (create, edit and delete) their own products, not of others.
So far, I have tried the following code but it seems to be not valid. I am sure I can accomplish my goal using pre_get_posts action and the following function can help me but I need some help in resolving the issues with this code. I am not sure about the post type of products.
Here is the code that I am trying to accomplish my goal with:
function show_specific_advertiser_products( $query ) {
$current_user = wp_get_current_user();
if ( is_admin() && in_array ($query->get( 'post_type'), array( 'woocommerce_products' ) ) && !user_can( $current_user, 'administrator' ) ) {
$query->set( 'author__in', $current_user->ID );
}
}
add_action( 'pre_get_posts', 'show_specific_advertiser_products' );
Any help will highly be appreciated.
The error in your code comes from the post_type… for woocommerce products it's simply product. You will have to replace administrator by your custom user role.
So try the following instead:
add_action( 'pre_get_posts', 'show_specific_advertiser_products' );
function show_specific_advertiser_products( $query ) {
$user = wp_get_current_user();
if ( is_admin() && $query->get( 'post_type') === 'product' && in_array('administrator', $user->roles) ) {
$query->set( 'author', $user->ID );
}
}
Code goes in function.php file of your active child theme (or active theme). It should works.
I have created a custom post-type(i.e. Company Profile) I want to allow a user to create or update only the Profile they own. How can I do this?
Also is there a hook or method that can be checked to determine if the user is the author of the content or not, if the user has created the content then redirect on edit profile.
This function might be able to help you.
It checks if the user can edit other peoples post,
and if they can't, only display his/her own posts in the dashboard.
/*only allow editors and admin to see all posts.*/
function posts_for_current_author($query) {
global $pagenow;
if( 'edit.php' != $pagenow || !$query->is_admin )
return $query;
if( !current_user_can( 'edit_others_posts' ) ) {
global $user_ID;
$query->set('author', $user_ID );
}
return $query;
}
add_filter('pre_get_posts', 'posts_for_current_author');
You can play around with a similar approach, to redirect from user profile.
I am using this tutorial to create a front-end edit page for my blogs posts. I need to add a check to see if the currently logged in user is the author of the post that's being edited. If they aren't then I will be replacing the form with a message.
The problem is for some reason Wordpress is reporting that the admin user ID is the author for all posts, which means my logic is breaking (or rather it is only working if I log in as the admin). The really odd thing is if I edit the posts through the admin dashboard the author is recorded properly (i.e. it's not listed as 'admin' for all posts).
Help!
The post ID is available through a $_GET variable, from the tutorial:
if ( $_GET['post'] == $post->ID )
{
$current_post = $post->ID;
}
The author ID also resides in the post object:
$author_id = $post->post_author;
To compare with the ID of the current user:
if( get_current_user_id() == $author_id ){
// current user is the author of the post
} else {
// current user is NOT the author of the post
}
Compare the current user with the post author with this code,
$author = $post->post_author;
global $current_user;
get_currentuserinfo();
if ($author == $current_user->ID){
echo "You are the author of this post";
}
else
{
echo "You are not the author of this post";
}
?>
I'm building a fairly complex project that has many frontend editing pages. For example, add/edit/list custom post types, edit profile, and so on, all from the frontend.
At the moment I can of course check if user is logged in on each frontend login-walled page. However, this seems like a bad way of solving this problem as I'll have the same conditional on many pages and thus lots of repeated code.
I was thinking perhaps there is a better way where I could authenticate based on some hook (that I can't finds). I hoped I could do something like:
# create array of URLs where login is required
$needLoginArr = array(url1, url2, url3, ...)
# If current requested URL is in above array, then redirect or show different view based on whether or not user is logged in
It might not be practical in future to have conditional on each page as I plan on integrating within different plugins, so would be useful to use URL to authenticate.
I'm probably missing something here so if there's a better way please let me know.
Thanks
You could add your list of page IDs into an option:
$need_login = array(
'page1',
'page1/subpage',
'page2',
// and so forth
);
$need_login_ids = array();
foreach( $need_login as $p ) {
$pg = get_page_by_path( $p );
$need_login_ids[] = $pg->ID;
}
update_option( 'xyz_need_login', $need_login_ids );
Then, to check if your page is in the $need_login group:
add_filter( 'the_content', 'so20221037_authenticate' );
function so20221037_authenticate( $content ) {
global $post;
$need_login_ids = get_option( 'xyz_need_login' );
if( is_array( $need_login_ids ) && in_array( $post->ID, $need_login_ids ) ) {
if( is_user_logged_in() ) {
// alter the content as needs
$content = 'Stuff for logged-in users' . $content;
}
}
return $content;
}
References
get_page_by_path()
is_user_logged_in()
update_option()
get_option()
I have added a few custom roles to my blog. They work fine and the capabilities are as I have specified. The thing is that every user has a list of 'all' the posts in his posts window. He can only edit his own posts but does see posts written by other users.
How can I add a restriction to the role (or any different way) to make sure a user only sees his own posts?
Try pasting this into your functions.php file. Anywhere, likely at the bottom away from other functions. This should restrict user's from seeing posts that don't belong to them.
I hope this works for you! :)
function posts_for_current_author($query) {
global $pagenow;
if( 'edit.php' != $pagenow || !$query->is_admin )
return $query;
if( !current_user_can( 'manage_options' ) ) {
global $user_ID;
$query->set('author', $user_ID );
}
return $query;
}
add_filter('pre_get_posts', 'posts_for_current_author');