WordPress.org

Ready to get started?Download WordPress

Forums

WP User Frontend
[resolved] Restrict users from editing published posts (13 posts)

  1. gpspake
    Member
    Posted 1 year ago #

    Again, Excellent Plugin. Beautiful code!

    I have configured the plugin so that posts are submitted as pending and must be approved and published by an admin from the backend. However, after a post has been published, it still appears in the dashboard, giving the user the freedom to edit an already published post. Obviously this could be a problem as a user could replace a previously approved submission with unapproved content.

    I can't prevent this as the plugin dashboard overrides user capabilities that I already have in place.

    http://wordpress.org/extend/plugins/wp-user-frontend/

  2. Runamok81
    Member
    Posted 1 year ago #

    Try installing the User Role Editor Plugin and removing the edit_published_posts capability from your users.

  3. professor99
    Member
    Posted 1 year ago #

    This issue was mentioned by me on this forum post with a fix provided. My development version includes this fix which is enabled by setting the admin "Others" tab option "User can edit their posts" to "Default"

  4. gpspake
    Member
    Posted 1 year ago #

    @Runamok81 I already have the user role editor plugin installed; wp-user front-end overrides it though. Even if the user has no editing capabilities, they can still edit posts from the front end dashboard.

    @professor99 Thanks for the response, I'm going to check your fix out and see if it works for me. I'll post here with the results.

  5. gpspake
    Member
    Posted 1 year ago #

    Fixed!

    To prevent the edit and delete links from appearing in the dashboard for published posts, you only need to amend two lines in wpuf-dashboard.php...

    Change line 154 from
    <?php if ( wpuf_get_option( 'enable_post_edit' ) == 'yes' ) { ?>
    to
    <?php if ( wpuf_get_option( 'enable_post_del' ) == 'yes' && !in_array( $post->post_status, array('publish') ) ) { ?>

    and change line 164 from
    <?php if ( wpuf_get_option( 'enable_post_del' ) == 'yes' ) { ?>
    to
    <?php if ( wpuf_get_option( 'enable_post_del' ) == 'yes' && !in_array( $post->post_status, array('publish') ) ) { ?>

    Now, this prevents the edit and delete buttons from appearing for published posts for all users. If you would like admins to be able to see the links you would have to alter it some more but anyone who needs to be editing published posts most likely already has back end access.

    I hope this helps someone out there and gets more people to download this great plugin.

    Thanks Tareq and I'll hope you'll consider this issue in future updates.

  6. professor99
    Member
    Posted 1 year ago #

    As mentioned in other responses Version 4.0 of my development release should of fixed this.

    However thanks gpspake for your effort in investigating this. Having this code here is useful for those who want to stay with the official version but want to tighten their security here.

  7. gpspake
    Member
    Posted 1 year ago #

    Ok, It just realized how the fork handles this much better through the backend. Thanks professor99!

  8. ninofrenn
    Member
    Posted 1 year ago #

    this only hide the edit and delete link at the dashboard, but users still can edit and (surely) delete post if they know the post ID...

    I think a few wp conditional tags (publish, draft, or pending) need to implement in wpuf-edit-post.php

  9. professor99
    Member
    Posted 1 year ago #

    Hi ninofrenn,

    Your right about gpspake's code but wrong about the development release. It applies wordpress defaults on the server side as well.

  10. gpspake
    Member
    Posted 1 year ago #

    Yeah, that certainly was not a final solution. This is one of the main features that encouraged me to install the development fork, which fixes this properly.

  11. ninofrenn
    Member
    Posted 1 year ago #

    @professor
    set the "default" for user can edit or delete will disable subscribe to edit or delete their pending/offline post.

    What I need exactly is
    1. User (in any role included subcriber) can edit or even delete their post if the post still pending/unapprove. But if their post have been published/approve then these option (edit & delete) should be disable at all in wpuf default editor ( but any backend accesibility user still could edit published post such admin and editor).

  12. ninofrenn
    Member
    Posted 1 year ago #

    hey, just found a way for my problem
    i added one conditional code in wpuf-edit-post.php

    else if ($post->post_status  == "publish") {
    			$can_edit = 'no';
    			$info = 'You cannot Editing this post anymore! Cheating huh?';
    		}
  13. professor99
    Member
    Posted 1 year ago #

    Thanks ninofrenn,

    That could be a good option to have for subscribers.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags

No tags yet.