[wp-hackers] Struggling with capabilities filter

Sat Dec 28 21:20:28 UTC 2013

I'm struggling with a function for my RSVPMaker events scheduling plugin
that is supposed to allow users who to delegate other users to be
collaborators on an rsvpmaker post (an event or event template). In other
words, they grant users who are not otherwise designated as editors editing
rights to specific posts.

I have this working to the point where these "additional editors" can open
a post for editing. However, when an update is posted, I get a an error: *You
are not allowed to edit posts as this user*

The filter function appears to be adding the necessary capabilities, enough
to fool me into thinking I had this solved several times over.

My filter function is loosely based on the example from the codex
http://codex.wordpress.org/Plugin_API/Filter_Reference/user_has_cap

add_filter( 'user_has_cap', 'rsvpmaker_cap_filter', 10, 3 );

function rsvpmaker_cap_filter( $allcaps, $cap, $args ) {

  if(!rsvpmaker_cap_filter_test($cap[0])) // only filter for rsvpmaker
capabilities
return $allcaps;
global $eds;
$user = $args[1];
$post_id = $args[2];
if($allcaps[$cap[0]]) // if already true
return $allcaps;
 if(!$eds[$post_id])
$eds[$post_id] = get_additional_editors($post_id);
 if(!$eds[$post_id])
return $allcaps;

if( in_array($user,$eds[$post_id]) )
{
foreach($cap as $value)
$allcaps[$value] = true;
}
return $allcaps;
}

I traced the error message to this routine in post.php and specifically to
a current_user_can test for the 'edit_others_rsvpmakers' capability.

if ( isset( $post_data['user_ID'] ) && ( $post_data['post_author'] !=
$post_data['user_ID'] )
 && *! current_user_can( $ptype->cap->edit_others_posts ) *) {
if ( $update ) {
if ( 'page' == $post_data['post_type'] )
return new WP_Error( 'edit_others_pages', __( 'You are not allowed to edit
pages as this user.' ) );
else
* return new WP_Error( 'edit_others_posts', __( 'You are not allowed to
edit posts as this user.' ) );*
} else {
if ( 'page' == $post_data['post_type'] )
return new WP_Error( 'edit_others_pages', __( 'You are not allowed to
create pages as this user.' ) );
else
return new WP_Error( 'edit_others_posts', __( 'You are not allowed to
create posts as this user.' ) );
}
}

By adding some debug code into my filter function and to post.php, I
determined that:

* In my filter function, $allcaps["edit_others_rsvpmakers"] is set to 1
before $allcaps is returned

* $ptype->cap->edit_others_posts evaluates to 'edit_others_rsvpmakers'

* current_user_can($ptype->cap->edit_others_posts) does not return either 1
or 0 - it doesn't appear to return anything.

The debug code inserted into post.php looks like this

$hascap = current_user_can( $ptype->cap->edit_others_posts );
print_r($hascap);

where the $hascap output should be, there's nothing so does that mean it's
not returning anything as opposed to returning NULL?

At any rate, I've been beating my head against this for hours and could use
some help.

Where am I screwing up? Or what am I not understanding?

-- 
David F. Carr
Author, Social Collaboration for Dummies
http://www.wiley.com/buy/9781118658543

david at carrcommunications.com

LinkedIn - http://www.linkedin.com/in/davidfcarr
Facebook - http://www.facebook.com/carrcomm