admin管理员组

文章数量:1414934

Problem

I'm working on a website where we need to be able to put a username in the custom field of a custom post type, and allow the user specified to make changes to that post and only that post. I thought user_has_cap would be the filter hook to use but weirdly it doesn't seem to be allowing a user to update the post.

The user can see the edit screen for the post and only that post which implies my filter is working correctly, but clicking update gives the error You are not allowed to edit posts as this user. which contradicts this.

The post type has capability_type => post so I feel that shouldn't be the issue.

Code

function event_cap_filter($all, $cap, $args) {
    // if not requesting edit post then return caps
    if('edit_post' != $args[0]) return $all;
    // if user can already edit others posts then return caps
    if($all['edit_others_posts']) return $all;

    // if user is the post author then return caps
    $post = get_post($args[2]);
    if($args[1] == $post->post_author) return $all;

    // query to find user in custom field
    // and therefore if they are allowed to edit this post

    if($can_edit) {
        foreach($cap as $c) {
            $all[$c] = true;
        }
    }

    return $all;
}
add_filter('user_has_cap', 'event_cap_filter', 10, 3);

Question

If my user can edit the post where he is specified in the custom field I check for, why can he not save his changes? Am I overlooking something?

Problem

I'm working on a website where we need to be able to put a username in the custom field of a custom post type, and allow the user specified to make changes to that post and only that post. I thought user_has_cap would be the filter hook to use but weirdly it doesn't seem to be allowing a user to update the post.

The user can see the edit screen for the post and only that post which implies my filter is working correctly, but clicking update gives the error You are not allowed to edit posts as this user. which contradicts this.

The post type has capability_type => post so I feel that shouldn't be the issue.

Code

function event_cap_filter($all, $cap, $args) {
    // if not requesting edit post then return caps
    if('edit_post' != $args[0]) return $all;
    // if user can already edit others posts then return caps
    if($all['edit_others_posts']) return $all;

    // if user is the post author then return caps
    $post = get_post($args[2]);
    if($args[1] == $post->post_author) return $all;

    // query to find user in custom field
    // and therefore if they are allowed to edit this post

    if($can_edit) {
        foreach($cap as $c) {
            $all[$c] = true;
        }
    }

    return $all;
}
add_filter('user_has_cap', 'event_cap_filter', 10, 3);

Question

If my user can edit the post where he is specified in the custom field I check for, why can he not save his changes? Am I overlooking something?

  • filters
  • wp-admin
Share Improve this question asked Feb 17, 2014 at 20:50 txatxa 311 silver badge3 bronze badges
Add a comment  | 

3 Answers 3

Reset to default 3

I think you are encountering a bug in _wp_translate_postdata() that makes it check edit_others_posts without providing any context for map_meta_cap and other filters to use in situations like yours (where you want a user to be able to edit specific posts that aren't theirs):

https://core.trac.wordpress/ticket/30452#comment:5

It specifically has the effect that the affected user will be able to log into the post editor (implying it worked) but attempts to save changes will fail completely (which sounds like your problem).

The ticket includes a solution from Daniel Bachuber that others can likely convert for their own purposes.

Hopefully the bug is fixed soon.

I've been struggling with the same problem...when args[0] is publish, args[2] is not populated. You have to get it from the url.

if(substr($args[0],0,7)=="publish"){
    $postid=$_GET["post"];
    if(!isset($postid))return $allcaps;
}
else $postid=$args[2];

I had a similar problem, needed to have a custom field to give specific people permission to edit some posts, pages and custom post types created by other users. I have an acf array field with users. Solved it getting the post id using $_POST['post_ID'] and the code below:

function author_cap_filter( $allcaps, $cap, $args ) 
    {    

        if(isset($_POST['post_ID']))
        {
            $post_id = $_POST['post_ID'];
            $users = get_post_meta($post_id, 'add_people', TRUE);

            if(is_array($users) && in_array(wp_get_current_user()->ID,$users))
                $allcaps['edit_others_posts']=TRUE;

        }

        return $allcaps;
    }   

add_filter( 'user_has_cap', 'author_cap_filter', 10, 3 );

本文标签: wp adminuserhascap filter allows edit but will not allow save

版权声明:本文标题:wp admin - user_has_cap filter allows edit but will not allow save 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1745149136a2644838.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。