admin管理员组文章数量:1122832
I'm trying to allow Subscriber roles to be allowed to delete their own posts using the following code:
<?php if ($post->post_author == $current_user->ID) { ?>
<div class="col-sm-12 box-delete" style="margin-top: 20px;">
<a class="option" onclick="return confirm('Are you sure you want to delete <?php the_title();?>')" href="<?php echo get_delete_post_link( $post->ID ) ?>">
<i class="fa fa-trash"></i>
<span class="option-text">Delete</span>
</a>
</div>
<?php } ?>
I'm using the User Role Editor, but it only works when I grant access to all the core roles, which gives subscriber access to backend, which I certainly don't want. Any other ideas or solutions to accomplish this?
I'm trying to allow Subscriber roles to be allowed to delete their own posts using the following code:
<?php if ($post->post_author == $current_user->ID) { ?>
<div class="col-sm-12 box-delete" style="margin-top: 20px;">
<a class="option" onclick="return confirm('Are you sure you want to delete <?php the_title();?>')" href="<?php echo get_delete_post_link( $post->ID ) ?>">
<i class="fa fa-trash"></i>
<span class="option-text">Delete</span>
</a>
</div>
<?php } ?>
I'm using the User Role Editor, but it only works when I grant access to all the core roles, which gives subscriber access to backend, which I certainly don't want. Any other ideas or solutions to accomplish this?
Share Improve this question asked May 31, 2017 at 21:44 frshjb373frshjb373 2073 silver badges10 bronze badges3 Answers
Reset to default 2The capability required to delete posts is delete_posts. If you want them to be able to delete their own published posts, the capability is delete_published_posts.
The capability required to view the administration panel is read. Subscribers have this capability natively, so unless you have removed it, subscribers can access the backend.
I would write a simple plugin that upon activation adds the required capabilities to the subscriber role and upon deactivation removes those caps.
Then in your theme, you can check for:
if( current_user_can( 'delete_posts' ) ) {
//* Show delete link
}
Because the subscriber role doesn't have the capability to delete_others_posts, the link will not show on posts that they didn't author, and they will not be able to delete posts that they did not publish.
/**
* Plugin Name: WordPress StackExchange Question 268755
* Description: Allow subscribers to delete their own posts
**/
//* On activation, add the capabilities to the subscriber role
register_activation_hook( __FILE__, 'wpse_268755_activation' );
function wpse_268755_activation() {
$subscriber = get_role( 'subscriber' );
$subscriber->add_cap( 'delete_posts' );
$subscriber->add_cap( 'delete_published_posts' );
}
//* On deactivation, remove the capabilities from the subscriber role
register_deactivation_hook( __FILE__, 'wpse_268755_deactivation' );
function wpse_268755_deactivation() {
$subscriber = get_role( 'subscriber' );
$subscriber->remove_cap( 'delete_posts' );
$subscriber->remove_cap( 'delete_published_posts' );
}
Without giving the user and/or role the capability to delete a post, then they won't be able to do so, even if you show them a delete link. Likewise, a user or role can delete a post if they have the capability even if you don't show a delete link, it will just be more difficult for them.
Use this to block access to wordpress admin with only allowing Delete capabilities
function disable_wp_admin() {
if ( ! is_admin() )
return;
if ( current_user_can( 'manage_options' ) )
return;
if (( current_user_can( 'edit_posts' ) && defined( 'DOING_AJAX' ) && DOING_AJAX ) )
return;
if ( 'post.php' == isset( $_REQUEST['action'] ) && 'delete' == $_REQUEST['action'] && isset( $_REQUEST['post'] ) && isset( $_REQUEST['_wpnonce'] ) )
return;
$redirect_to = home_url();
wp_redirect( $redirect_to );
exit;
}
add_action( 'init', 'disable_wp_admin' );
Then add this to your function to delete post $delink = wp_nonce_url("$url/wp-admin/post.php?action=delete&post=$post->ID", 'delete-post_' . $post->ID);
You should be able to adapt the below to suit your needs, Just make sure to select the option for delete_posts for the subscriber role this will let them only delete their own posts.
The following can be added to your single.php or php file that displays the post so that it gives a delete post button under the content.
// Check the user is author and has a role ID of subscriber as they don't have by default the delete post privilege but you can use the user role editor to allow subscribers to be able to delete there own posts and then add this code into your file where required on the post single page.
if ( get_the_author_meta('ID') == get_current_user_id() && current_user_can('subscriber') )
{
// owner of post and subscriber
get_delete_post_link( $post->ID );
}
if ( get_the_author_meta('ID') != get_current_user_id() && current_user_can('subscriber') )
{
// not the owner of post and subscriber
echo 'Not your post';
}
else
{
// should be ok as not a subscriber and has delete privilages
get_delete_post_link( $post->ID );
}
本文标签: allowing subscriber role to delete their own posts
版权声明:本文标题:allowing subscriber role to delete their own posts 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1736291328a1928700.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论