IT Nursery
  • 1010 Avenue of the Moon
    New York, NY 10018 US.
  • Mon - Sat 8.00 - 18.00
    Sunday: Closed
  • Get A Quote
  • WordPress

    • Restrict post edit/delete based on user ID and custom field

    • IT Nursery
    • May 9, 2022
    • 0

    I’ve been able to prevent deletion and editing of posts based on user ID and page ID however, I need to restrict access to editing and deleting based on a custom field.

    Not sure how to go about doing this.

    Current working code for restricting user ID from editing/deleting based on page ID:

    function restrict_post_deletion($post_ID){
    $user = get_current_user_id();
    $restricted_users = array(1,2,3,4,5,6,25,54,19);
    $restricted_pages = array(2,21,52,64);

    if(in_array($user, $restricted_users) && in_array($post_ID, $restricted_pages)){
    do_action('admin_page_access_denied');
    wp_die( __('You cannot modify or delete this entry.') );
    }
}
add_action('edit_post', 'restrict_post_deletion', 10, 1);
add_action('before_edit_post', 'restrict_post_deletion', 10, 1);
add_action('wp_trash_post', 'restrict_post_deletion', 10, 1);
add_action('before_delete_post', 'restrict_post_deletion', 10, 1);

    So we’ll say custom field is: $customstatus

    $customstatus is already defined within the post through a dropdown with two options ‘available’ and ‘protected’.

    In this example, restricted_pages and post_ID are no longer relevant since I’m not restricting based on a custom field.

    I would like the restrict_post_deletion function to prevent editing/deleting of posts based on the user ID AND $customstatus == ‘protected’.

    The following is not working:

    function restrict_post_deletion($post_ID){
        $user = get_current_user_id();
        $customstatus = get_option('wp_customstatus');
        $restricted_users = array(1,2,3,4,5,6,25,54,19);

        if(in_array($user, $restricted_users) && $customstatus == 'protected'){
        do_action('admin_page_access_denied');
        wp_die( __('You cannot modify or delete this entry.') );
        }
    }
    add_action('edit_post', 'restrict_post_deletion', 10, 1);
    add_action('before_edit_post', 'restrict_post_deletion', 10, 1);
    add_action('wp_trash_post', 'restrict_post_deletion', 10, 1);
    add_action('before_delete_post', 'restrict_post_deletion', 10, 1);

    Where am I going wrong? Some help would be greatly appreciated.

    1 Answer
    1

    Through a lot more research and some trial and error, I figured out the correct code to use that will restrict a post from being edited based on the user ID AND a custom meta field.

    $user = get_current_user_id();
$super_users = array(1);

    The first two pieces of code within the function are important for restricting users from editing/deleting base on their user ID. 1 being the primary admin. You can always expand the array to include additional users based on their ID.

    It’s easier to provide access and block everyone else rather than block certain users. This way new users don’t accidentally get access to editing/deleting specific posts.

    global $post;

    In order to grab the information from custom field, you need to define $post, and use the following code to grab the fields from the array.

    $customstatus = get_post_meta( $post->ID, 'protected_value', true );

    I adjusted the if statement so that rather than restricting certain users, it only allows the users defined by $super_users using the following code:

    if(!in_array($user, $super_users) && $customstatus == 'Protected'){
            do_action('admin_page_access_denied');
            wp_die( __('You cannot modify or delete this entry.') );
            exit;
        }

    The code will return the with the admin_page_access_denied with a line of text stating that the post cannot be edited or trashed. You then add the following actions for what the restrict_post_deletion affects.

    add_action('edit_post', 'restrict_post_deletion', 10, 1);
add_action('wp_trash_post', 'restrict_post_deletion', 10, 1);
add_action('before_delete_post', 'restrict_post_deletion', 10, 1);

    Here is the full code that goes into your themes functions.php

    function restrict_post_deletion(){
    $user = get_current_user_id();
    $super_users = array(1);
    global $post;

    $customstatus = get_post_meta( $post->ID, 'protected_value', true );

    if(!in_array($user, $super_users) && $customstatus == 'Protected'){
        do_action('admin_page_access_denied');
        wp_die( __('You cannot modify or delete this entry.') );
        exit;
    }
}
add_action('edit_post', 'restrict_post_deletion', 10, 1);
add_action('wp_trash_post', 'restrict_post_deletion', 10, 1);
add_action('before_delete_post', 'restrict_post_deletion', 10, 1);

    Tags:

    Leave a Reply

    Your email address will not be published. Required fields are marked *