I have appointment software and the client data sheets are a custom post type in WordPress. The service provider role cannot read those client data sheets, except when the admin makes an appointment, because at that time the post author for the client sheet is changed to be the user ID of the service provider, which allows them to read and edit their client. But if another appointment is made for that client with a different provider, the first provider loses those rights and gets "Sorry, you are not allowed to edit this item."
I need to hook before the following code runs in post.php, currently line 138
if ( ! current_user_can( 'edit_post', $post_id ) ) { wp_die( __( 'Sorry, you are not allowed to edit this item.' ) ); }
I have a custom function that amends the author ID. It needs the post ID of the client sheet the user is trying to access.
I tried hooking into load-post.php
but no arguments are passed.
I tried hooking add_meta_boxes
but it fires after post.php executes wp_die()
add_action('add_meta_boxes', 'check_user_cap', 10, 2 );
function check_user_cap($post_type, $post){
// this function is never called, but I would do something like...
if ( ! current_user_can( 'edit_post', $post->ID ) ) {
if ( verify_provider_against_client($post->ID ) ){
$addr = get_bloginfo( 'url' ).'/wp-admin/post.php?post='.$post->ID.'&action=edit';
wp_redirect( $addr );
wp_die();
}
}
Can I filter current_user_can()?
Check this hook user_has_cap
Click Here
You can use this hook to check capabilities as below
<?php
add_filter('user_has_cap', 'custom_user_capabilities_check', 10, 4);
function custom_user_capabilities_check($allcaps, $caps, $args, $user) {
// Check if the current operation is 'edit_post'
if (isset($args[0]) && $args[0] === 'edit_post') {
$post_id = $args[2];
// Check if the user doesn't have the 'edit_post' capability
if (!isset($allcaps['edit_post']) || !$allcaps['edit_post']) {
// Check if the user has a custom capability (e.g., 'edit_client_sheet')
if (current_user_can('edit_client_sheet', $post_id)) {
// Grant the 'edit_post' capability dynamically
$allcaps['edit_post'] = true;
}
}
}
return $allcaps;
}