im trying to get this code to work. in admin id like to only show posts assigned to current user, only in certain post types like: shop_order, pages, posts. But show all posts in other post types like: product, events.

How can I fix this code?

Thanks!

add_action( 'load-edit.php', 'posts_for_current_author' );
function posts_for_current_author() {
    global $user_ID;

    /*if current user is an 'administrator' do nothing*/
    //if ( current_user_can( 'add_users' ) ) return;

    /*if current user is an 'administrator' or 'editor' do nothing*/
    if ( current_user_can( 'add_users' ) && is_post_type('product')) return;

    if ( ! isset( $_GET['author'] ) ) {
        wp_redirect( add_query_arg( 'author', $user_ID ) );
        exit;
    }

}

im trying to get this code to work. in admin id like to only show posts assigned to current user, only in certain post types like: shop_order, pages, posts. But show all posts in other post types like: product, events.

How can I fix this code?

Thanks!

add_action( 'load-edit.php', 'posts_for_current_author' );
function posts_for_current_author() {
    global $user_ID;

    /*if current user is an 'administrator' do nothing*/
    //if ( current_user_can( 'add_users' ) ) return;

    /*if current user is an 'administrator' or 'editor' do nothing*/
    if ( current_user_can( 'add_users' ) && is_post_type('product')) return;

    if ( ! isset( $_GET['author'] ) ) {
        wp_redirect( add_query_arg( 'author', $user_ID ) );
        exit;
    }

}

• custom-post-types
• admin
• author
• limit

1 Answer 1

Roles and capabilities are used to control access and normally you should use them. For example, capabilities edit_other_posts and edit_published_posts are needed to edit other user's posts. It's the same with othe types (pages -> edit_other_pages, edit_published_pages).

Since, besides limiting the right to change other user's posts, you also want them to be invisible, you probably need to use the solution as above.

Function se333732_pre_get_post is used to filter the list of posts in the administration, while the se333732_load_post redirects the user if he opened the edit page (guessing post number) but he doesn't have access to it.

add_action( 'pre_get_posts', 'se333732_pre_get_post' );
add_action( 'load-post.php', 'se333732_load_post' );

function se333732_pre_get_post( $query )
{
    if ( !is_admin() )
        return;

    $cfg_limited_access = se333732_roles_and_types();
    if ( $query->is_main_query() && in_array($query->query_vars['post_type'], $cfg_limited_access['post_types']) )
    {
        $user = wp_get_current_user();
        if ( !array_intersect( $cfg_limited_access['privileged_roles'], $user->roles ) )
            $query->query_vars['author'] = get_current_user_id();
    }
}

function se333732_load_post()
{
    if ( isset($_GET['post']) && (int)$_GET['post'] == $_GET['post'] )
    {
        $post_id = (int)$_GET['post'];
        $post = get_post( $post_id );
        if ( $post )
        {
            $author_id = $post->post_author;
            $post_type = $post->post_type;
            $user = wp_get_current_user();
            $cfg_limited_access = se333732_roles_and_types();

            if ( $author_id != $user->ID 
                    && in_array( $post_type, $cfg_limited_access['post_types'] ) 
                    && !array_intersect( $cfg_limited_access['privileged_roles'], $user->roles ) )
            {
                wp_redirect( admin_url("edit.php?post_type=$post_type") );
            }
        }
    }
}

function se333732_roles_and_types()
{
    return [
        'privileged_roles'  => [ 'editor', 'administrator' ],
        'post_types'        => [ 'page', 'post', 'shop_order' ],
    ];
}