I have a custom post type, that can be editable by more than one user. Each post of that type has a field with the user ids who can edit it (kinda like co-authors). But since many users have permissions to the post, I am not sure how to prevent deletion by other users (not in the co-authors' list).
Right now the problem is only present in the REST API which is used to delete from the frontend.
Is there a pre delete hook in which I can check for permissions and block the deletion if the user is not allowed to delete that specific post?
I have a custom post type, that can be editable by more than one user. Each post of that type has a field with the user ids who can edit it (kinda like co-authors). But since many users have permissions to the post, I am not sure how to prevent deletion by other users (not in the co-authors' list).
Right now the problem is only present in the REST API which is used to delete from the frontend.
Is there a pre delete hook in which I can check for permissions and block the deletion if the user is not allowed to delete that specific post?
Share Improve this question asked Oct 3, 2020 at 16:02 CaptainNemoCaptainNemo 1054 bronze badges 5 |1 Answer
Reset to default 2pre_delete_post
hook filters whether a post deletion should take place. So callback function must return a boolean value: true
- whether to go forward with deletion, false
- if not.
pre_trash_post
hook filters whether a post trashing should take place. So callback function must return a boolean value: true
- whether to go forward with trashing, false
- if not.
add_filter( 'pre_delete_post', 'filter_function_name', 10, 2 );
add_filter( 'pre_trash_post', 'filter_function_name', 10, 2 );
function filter_function_name( $delete, $post ) {
// You have a field with user IDs for the post, get them as array of IDs
$authors = array(1, 2, 3);
// Get current user ID, who attempts to delete the post
$current_user_ID = get_current_user_id();
// make a check if the current user ID is among the co-authors IDs
if ( !in_array( $current_user_ID, $authors ) ) {
// If so, return false to prevent post deletion
return false;
}
// else do nothing, and return default value
return $delete;
}
pre_delete_post
hook? developer.wordpress/reference/hooks/pre_delete_post – geouser Commented Oct 3, 2020 at 16:31