Ok, I have to apologize for overlooking an important detail on the plugin page. I missed the fact that filters must be applied to restrict editing capabilities to the author only.
Now I just have to understand how the filters work. I’m not much good with PHP beyond very simple editing. Any assistance with creating a filter that restricts editing a post to the post’s author only would be greatly appreciated.
Thanks,
Tom
It turns out this was far more simple than I anticipated. Just change the ‘update’ setting from ‘default’ to ‘author’ as shown below:
$gform_update_post = new GFUpdatePost();
class GFUpdatePost
{
public $options = array(
'request_id' => 'gform_post_id'
,'post_status' => 'default'
,'capabilities' => array(
'update' => 'author'
,'delete' => 'disable'
It wasn’t initially obvious to me (but I blame that on my current /scared of PHP status) so maybe this will help someone else out in the future.
Best,
Tom
Hi,
I was also struggling with this issue until I got to the post. Thanks for the help.
Now, users can only edit their posts, but when I try to edit another user post, the gravity forms loads, although with no data. Can I redirect a user to another page when he tries to edit another user post?
Example:
1.Author creates post with ID=36
a: He tries to edit using this URL: site.com/edit-page?gform_post_id=36–> RESULT: ok
b: He tries to edit another user post (ID 333): site.com/?gform_post_id=333 (RESULT: Form loads in blank. I want to automatically redirect the user to another page when the URL is submitted)
Thank you
There may be a cleaner way to do this, but what I did was I created a custom page template in my theme and added this at the top:
if( !is_user_logged_in( ) ) {
nocache_headers();
header("HTTP/1.1 302 Moved Temporarily");
header('Location: ' . get_settings('siteurl') . '/wp-login.php?redirect_to=' . urlencode($_SERVER['REQUEST_URI']));
header("Status: 302 Moved Temporarily");
exit();
}
$tmp = get_post( $_GET['gform_post_id'] );
$author = $tmp->post_author;
$user = get_current_user_id();
if( $_GET['gform_post_id'] <= 0 || $user != $author ) {
echo "HERE";
nocache_headers();
header("HTTP/1.1 302 Moved Temporarily");
header('Location: ' . get_settings('siteurl') . '/access-denied/');
header("Status: 302 Moved Temporarily");
exit();
}
The first if statement redirects to the login page if the user is not logged in.
The second if statement redirects to an “Access Denied” page if the user is not the author of the post id passed in gform_post_id.
Like I said there may be a better way to do this, but the above works for me.
Hi,
I also stumbled across this needing help with the same issue.
I am also not so great at PHP.
Can you let me know where to paste the code above? Is it into my functions.php or is it in the code of the plugin somewhere?
$gform_update_post = new GFUpdatePost();
class GFUpdatePost
{
public $options = array(
'request_id' => 'gform_post_id'
,'post_status' => 'default'
,'capabilities' => array(
'update' => 'author'
,'delete' => 'disable'
sorry, should of just checked the code before posting this silly question!