Problem
I'm working on a website where we need to be able to put a username in the custom field of a custom post type, and allow the user specified to make changes to that post and only that post. I thought user_has_cap would be the filter hook to use but weirdly it doesn't seem to be allowing a user to update the post.
The user can see the edit screen for the post and only that post which implies my filter is working correctly, but clicking update gives the error You are not allowed to edit posts as this user. which contradicts this.
The post type has capability_type => post so I feel that shouldn't be the issue.
Code
function event_cap_filter($all, $cap, $args) {
// if not requesting edit post then return caps
if('edit_post' != $args[0]) return $all;
// if user can already edit others posts then return caps
if($all['edit_others_posts']) return $all;
// if user is the post author then return caps
$post = get_post($args[2]);
if($args[1] == $post->post_author) return $all;
// query to find user in custom field
// and therefore if they are allowed to edit this post
if($can_edit) {
foreach($cap as $c) {
$all[$c] = true;
}
}
return $all;
}
add_filter('user_has_cap', 'event_cap_filter', 10, 3);
Question
If my user can edit the post where he is specified in the custom field I check for, why can he not save his changes? Am I overlooking something?
Problem
I'm working on a website where we need to be able to put a username in the custom field of a custom post type, and allow the user specified to make changes to that post and only that post. I thought user_has_cap would be the filter hook to use but weirdly it doesn't seem to be allowing a user to update the post.
The user can see the edit screen for the post and only that post which implies my filter is working correctly, but clicking update gives the error You are not allowed to edit posts as this user. which contradicts this.
The post type has capability_type => post so I feel that shouldn't be the issue.
Code
function event_cap_filter($all, $cap, $args) {
// if not requesting edit post then return caps
if('edit_post' != $args[0]) return $all;
// if user can already edit others posts then return caps
if($all['edit_others_posts']) return $all;
// if user is the post author then return caps
$post = get_post($args[2]);
if($args[1] == $post->post_author) return $all;
// query to find user in custom field
// and therefore if they are allowed to edit this post
if($can_edit) {
foreach($cap as $c) {
$all[$c] = true;
}
}
return $all;
}
add_filter('user_has_cap', 'event_cap_filter', 10, 3);
Question
If my user can edit the post where he is specified in the custom field I check for, why can he not save his changes? Am I overlooking something?
Share Improve this question asked Feb 17, 2014 at 20:50 txatxa 311 silver badge3 bronze badges3 Answers
Reset to default 3I think you are encountering a bug in _wp_translate_postdata() that makes it check edit_others_posts without providing any context for map_meta_cap and other filters to use in situations like yours (where you want a user to be able to edit specific posts that aren't theirs):
https://core.trac.wordpress/ticket/30452#comment:5
It specifically has the effect that the affected user will be able to log into the post editor (implying it worked) but attempts to save changes will fail completely (which sounds like your problem).
The ticket includes a solution from Daniel Bachuber that others can likely convert for their own purposes.
Hopefully the bug is fixed soon.
I've been struggling with the same problem...when args[0] is publish, args[2] is not populated. You have to get it from the url.
if(substr($args[0],0,7)=="publish"){
$postid=$_GET["post"];
if(!isset($postid))return $allcaps;
}
else $postid=$args[2];
I had a similar problem, needed to have a custom field to give specific people permission to edit some posts, pages and custom post types created by other users. I have an acf array field with users. Solved it getting the post id using $_POST['post_ID'] and the code below:
function author_cap_filter( $allcaps, $cap, $args )
{
if(isset($_POST['post_ID']))
{
$post_id = $_POST['post_ID'];
$users = get_post_meta($post_id, 'add_people', TRUE);
if(is_array($users) && in_array(wp_get_current_user()->ID,$users))
$allcaps['edit_others_posts']=TRUE;
}
return $allcaps;
}
add_filter( 'user_has_cap', 'author_cap_filter', 10, 3 );
发布者:admin,转转请注明出处:http://www.yc00.com/questions/1745149136a4613786.html
评论列表(0条)