Try installing the User Role Editor Plugin and removing the edit_published_posts capability from your users.
This issue was mentioned by me on this forum post with a fix provided. My development version includes this fix which is enabled by setting the admin “Others” tab option “User can edit their posts” to “Default”
@runamok81 I already have the user role editor plugin installed; wp-user front-end overrides it though. Even if the user has no editing capabilities, they can still edit posts from the front end dashboard.
@professor99 Thanks for the response, I’m going to check your fix out and see if it works for me. I’ll post here with the results.
Fixed!
To prevent the edit and delete links from appearing in the dashboard for published posts, you only need to amend two lines in wpuf-dashboard.php…
Change line 154 from
<?php if ( wpuf_get_option( ‘enable_post_edit’ ) == ‘yes’ ) { ?>
to
<?php if ( wpuf_get_option( ‘enable_post_del’ ) == ‘yes’ && !in_array( $post->post_status, array(‘publish’) ) ) { ?>
and change line 164 from
<?php if ( wpuf_get_option( ‘enable_post_del’ ) == ‘yes’ ) { ?>
to
<?php if ( wpuf_get_option( ‘enable_post_del’ ) == ‘yes’ && !in_array( $post->post_status, array(‘publish’) ) ) { ?>
Now, this prevents the edit and delete buttons from appearing for published posts for all users. If you would like admins to be able to see the links you would have to alter it some more but anyone who needs to be editing published posts most likely already has back end access.
I hope this helps someone out there and gets more people to download this great plugin.
Thanks Tareq and I’ll hope you’ll consider this issue in future updates.
As mentioned in other responses Version 4.0 of my development release should of fixed this.
However thanks gpspake for your effort in investigating this. Having this code here is useful for those who want to stay with the official version but want to tighten their security here.
Ok, It just realized how the fork handles this much better through the backend. Thanks professor99!
this only hide the edit and delete link at the dashboard, but users still can edit and (surely) delete post if they know the post ID…
I think a few wp conditional tags (publish, draft, or pending) need to implement in wpuf-edit-post.php
Hi ninofrenn,
Your right about gpspake’s code but wrong about the development release. It applies wordpress defaults on the server side as well.
Yeah, that certainly was not a final solution. This is one of the main features that encouraged me to install the development fork, which fixes this properly.
@professor
set the “default” for user can edit or delete will disable subscribe to edit or delete their pending/offline post.
What I need exactly is
1. User (in any role included subcriber) can edit or even delete their post if the post still pending/unapprove. But if their post have been published/approve then these option (edit & delete) should be disable at all in wpuf default editor ( but any backend accesibility user still could edit published post such admin and editor).
hey, just found a way for my problem
i added one conditional code in wpuf-edit-post.php
else if ($post->post_status == "publish") {
$can_edit = 'no';
$info = 'You cannot Editing this post anymore! Cheating huh?';
}
Thanks ninofrenn,
That could be a good option to have for subscribers.
