Question 353609 in Wordpress Question posted in
The official Wordpress documentation can be found here.

Is there a WordPress hook that fires before post.php, from which I can get the post ID?

I have appointment software and the client data sheets are a custom post type in WordPress. The service provider role cannot read those client data sheets, except when the admin makes an appointment, because at that time the post author for the client sheet is changed to be the user ID of the service provider, which allows them to read and edit their client. But if another appointment is made for that client with a different provider, the first provider loses those rights and gets "Sorry, you are not allowed to edit this item."

I need to hook before the following code runs in post.php, currently line 138
if ( ! current_user_can( 'edit_post', $post_id ) ) { wp_die( __( 'Sorry, you are not allowed to edit this item.' ) ); }

I have a custom function that amends the author ID. It needs the post ID of the client sheet the user is trying to access.

I tried hooking into load-post.php but no arguments are passed.

I tried hooking add_meta_boxes but it fires after post.php executes wp_die()

add_action('add_meta_boxes', 'check_user_cap', 10, 2 );
function check_user_cap($post_type, $post){
// this function is never called, but I would do something like...
if ( ! current_user_can( 'edit_post', $post->ID ) ) {
    if ( verify_provider_against_client($post->ID ) ){
         $addr = get_bloginfo( 'url' ).'/wp-admin/post.php?post='.$post->ID.'&action=edit';
         wp_redirect( $addr );
         wp_die();
    }
}

Can I filter current_user_can()?

Tags:

2

Answers


  1. Chosen as BEST ANSWER
    0

    Here is the final function I used:

    function custom_user_capabilities_check($allcaps, $caps, $args, $user) {
// Check if the current operation is 'edit_post'
if (isset($args[0]) && $args[0] === 'edit_post') {
    $post_id = $args[2];
    $type = get_post_type($post_id);
    switch ($type){
        case 'custom_post_type':
        case 'custom_post_type2':
            if ( ! isset($allcaps['edit_others_custom_post_types'])){
                    if (ensure_provider($post_id, $user->ID)){
                        $allcaps['edit_others_custom_post_types'] = true;
                        $allcaps['edit_published_custom_post_types'] = true;
                        return $allcaps;
                    }
                }
            break;
        case 'custom_post_type3':
            if ( ! isset($allcaps['edit_others_custom_post_type3'])){
                    if (ensure_provider($post_id, $user->ID)){
                        $allcaps['edit_custom_post_type3'] = true;
                        $allcaps['edit_published_custom_post_type3'] = true;
                        return $allcaps;
                    }
                }
            break;              
    }
}
return $allcaps;

    }


  2. 0

    Check this hook user_has_cap Click Here

    You can use this hook to check capabilities as below

    <?php 
add_filter('user_has_cap', 'custom_user_capabilities_check', 10, 4);

function custom_user_capabilities_check($allcaps, $caps, $args, $user) {
    // Check if the current operation is 'edit_post'
    if (isset($args[0]) && $args[0] === 'edit_post') {
        $post_id = $args[2];

        // Check if the user doesn't have the 'edit_post' capability
        if (!isset($allcaps['edit_post']) || !$allcaps['edit_post']) {
            // Check if the user has a custom capability (e.g., 'edit_client_sheet')
            if (current_user_can('edit_client_sheet', $post_id)) {
                // Grant the 'edit_post' capability dynamically
                $allcaps['edit_post'] = true;
            }
        }
    }

    return $allcaps;
}
    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search