Problem
I’m working on a website where we need to be able to put a username in the custom field of a custom post type, and allow the user specified to make changes to that post and only that post. I thought user_has_cap would be the filter hook to use but weirdly it doesn’t seem to be allowing a user to update the post.
The user can see the edit screen for the post and only that post which implies my filter is working correctly, but clicking update gives the error You are not allowed to edit posts as this user. which contradicts this.
The post type has capability_type => post so I feel that shouldn’t be the issue.
Code
function event_cap_filter($all, $cap, $args) {
// if not requesting edit post then return caps
if('edit_post' != $args[0]) return $all;
// if user can already edit others posts then return caps
if($all['edit_others_posts']) return $all;
// if user is the post author then return caps
$post = get_post($args[2]);
if($args[1] == $post->post_author) return $all;
// query to find user in custom field
// and therefore if they are allowed to edit this post
if($can_edit) {
foreach($cap as $c) {
$all[$c] = true;
}
}
return $all;
}
add_filter('user_has_cap', 'event_cap_filter', 10, 3);
Question
If my user can edit the post where he is specified in the custom field I check for, why can he not save his changes? Am I overlooking something?
3 Answers
I’ve been struggling with the same problem…when args[0] is publish, args[2] is not populated. You have to get it from the url.
if(substr($args[0],0,7)=="publish"){
$postid=$_GET["post"];
if(!isset($postid))return $allcaps;
}
else $postid=$args[2];
