admin管理员组

文章数量:1122832

Restrict backend.

add_action( 'init', 'blockusers_init' );
function blockusers_init() {
    if ( is_admin() && ! current_user_can( 'administrator' ) && !( defined( 'DOING_AJAX' ) && DOING_AJAX ) ) {
        wp_redirect( home_url() );
        exit;
    }
}

This code will restrict backend for all users roles except for admin which is what I want. However, I want to allow Authors to delete their posts from front-end using http://localhost:8888/wordpress/wp-admin/post.php?action=delete&post=63&_wpnonce=c67eff49b7 link on Delete button.

Is it possible to exclude that link for the redirect? So authors can delete their posts from front-end?

Restrict backend.

add_action( 'init', 'blockusers_init' );
function blockusers_init() {
    if ( is_admin() && ! current_user_can( 'administrator' ) && !( defined( 'DOING_AJAX' ) && DOING_AJAX ) ) {
        wp_redirect( home_url() );
        exit;
    }
}

This code will restrict backend for all users roles except for admin which is what I want. However, I want to allow Authors to delete their posts from front-end using http://localhost:8888/wordpress/wp-admin/post.php?action=delete&post=63&_wpnonce=c67eff49b7 link on Delete button.

Is it possible to exclude that link for the redirect? So authors can delete their posts from front-end?

  • plugins
  • user-roles
  • front-end
  • content-restriction
Share Improve this question edited Jul 7, 2016 at 12:55 cjbj 15k16 gold badges42 silver badges89 bronze badges asked Dec 14, 2015 at 23:47 OhsikOhsik 4071 gold badge9 silver badges24 bronze badges
Add a comment  | 

2 Answers 2

Reset to default 0

This will allow you to access post.php and still restrict the back-end. You need have action, action name as delete, post key and value, and wpnonce kay and value. Otherwise, it will redirect you to homepage.

function disable_wp_admin() {

    if ( ! is_admin() )
        return;

    if ( current_user_can( 'manage_options' ) )
        return;

    if (( current_user_can( 'edit_posts' ) && defined( 'DOING_AJAX' ) && DOING_AJAX ) )
        return;

    if ( 'post.php' == isset( $_REQUEST['action'] ) && 'delete' == $_REQUEST['action'] && isset( $_REQUEST['post'] ) && isset( $_REQUEST['_wpnonce'] ) )
        return;

    $redirect_to = home_url();
    wp_redirect( $redirect_to );
    exit;
}
add_action( 'init', 'disable_wp_admin' );

Deleting posts with restriction to admin work as how suggested by Ohsik. Just using the link below then, delete works! Thanks Man

$delink = wp_nonce_url("$url/wp-admin/post.php?action=delete&post=$post->ID", 'delete-post_' . $post->ID);

本文标签: pluginsRestrict backend but allow to use postphpactiondeleteamppostPOSTID from frontend

版权声明:本文标题:plugins - Restrict backend but allow to use post.php?action=delete&post=POSTID from front-end 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1736291340a1928703.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。