[wp-hackers] Struggling with capabilities filter

David F. Carr david at carrcommunications.com
Sat Dec 28 22:38:27 UTC 2013


never mind

turns out my mistake was relying on the post id to be passed the $args[2]
as indicated by the example code from the Codex. Looks like usually it is,
but not in the case of an update to a post. So I had to use the global
$post and $post->ID instead.



On Sat, Dec 28, 2013 at 4:20 PM, David F. Carr <david at carrcommunications.com
> wrote:

> I'm struggling with a function for my RSVPMaker events scheduling plugin
> that is supposed to allow users who to delegate other users to be
> collaborators on an rsvpmaker post (an event or event template). In other
> words, they grant users who are not otherwise designated as editors editing
> rights to specific posts.
>
> I have this working to the point where these "additional editors" can open
> a post for editing. However, when an update is posted, I get a an error: *You
> are not allowed to edit posts as this user*
>
> The filter function appears to be adding the necessary capabilities,
> enough to fool me into thinking I had this solved several times over.
>
> My filter function is loosely based on the example from the codex
> http://codex.wordpress.org/Plugin_API/Filter_Reference/user_has_cap
>
> add_filter( 'user_has_cap', 'rsvpmaker_cap_filter', 10, 3 );
>
> function rsvpmaker_cap_filter( $allcaps, $cap, $args ) {
>
>   if(!rsvpmaker_cap_filter_test($cap[0])) // only filter for rsvpmaker
> capabilities
>  return $allcaps;
> global $eds;
> $user = $args[1];
>  $post_id = $args[2];
> if($allcaps[$cap[0]]) // if already true
> return $allcaps;
>  if(!$eds[$post_id])
> $eds[$post_id] = get_additional_editors($post_id);
>  if(!$eds[$post_id])
> return $allcaps;
>
>  if( in_array($user,$eds[$post_id]) )
> {
> foreach($cap as $value)
>  $allcaps[$value] = true;
> }
> return $allcaps;
> }
>
>
> I traced the error message to this routine in post.php and specifically to
> a current_user_can test for the 'edit_others_rsvpmakers' capability.
>
> if ( isset( $post_data['user_ID'] ) && ( $post_data['post_author'] !=
> $post_data['user_ID'] )
>  && *! current_user_can( $ptype->cap->edit_others_posts ) *) {
>  if ( $update ) {
> if ( 'page' == $post_data['post_type'] )
> return new WP_Error( 'edit_others_pages', __( 'You are not allowed to edit
> pages as this user.' ) );
>  else
> * return new WP_Error( 'edit_others_posts', __( 'You are not allowed to
> edit posts as this user.' ) );*
>  } else {
> if ( 'page' == $post_data['post_type'] )
> return new WP_Error( 'edit_others_pages', __( 'You are not allowed to
> create pages as this user.' ) );
>  else
> return new WP_Error( 'edit_others_posts', __( 'You are not allowed to
> create posts as this user.' ) );
>  }
> }
>
> By adding some debug code into my filter function and to post.php, I
> determined that:
>
> * In my filter function, $allcaps["edit_others_rsvpmakers"] is set to 1
> before $allcaps is returned
>
> * $ptype->cap->edit_others_posts evaluates to 'edit_others_rsvpmakers'
>
> * current_user_can($ptype->cap->edit_others_posts) does not return either
> 1 or 0 - it doesn't appear to return anything.
>
> The debug code inserted into post.php looks like this
>
> $hascap = current_user_can( $ptype->cap->edit_others_posts );
> print_r($hascap);
>
> where the $hascap output should be, there's nothing so does that mean it's
> not returning anything as opposed to returning NULL?
>
> At any rate, I've been beating my head against this for hours and could
> use some help.
>
> Where am I screwing up? Or what am I not understanding?
>
> --
> David F. Carr
> Author, Social Collaboration for Dummies
> http://www.wiley.com/buy/9781118658543
>
> david at carrcommunications.com
>
> LinkedIn - http://www.linkedin.com/in/davidfcarr
> Facebook - http://www.facebook.com/carrcomm
>
>


-- 
David F. Carr
Author, Social Collaboration for Dummies
http://www.wiley.com/buy/9781118658543
InformationWeek http://www.informationweek.com/authors/David-Carr

david at carrcommunications.com

Direct: (954) 757-5827
Mobile: (954) 290-6788
LinkedIn - http://www.linkedin.com/in/davidfcarr
Facebook - http://www.facebook.com/carrcomm

David F. Carr
971 NW 124 Ave.
Coral Springs FL 33071-5082


More information about the wp-hackers mailing list