Checking if the current user is able to read private pages fails

Resolved jospo
(@jospo)

3 years ago
Hello,

I am using the Members plugin to create user roles with “read_private_pages” access rights. Then I create new pages, set them as private and limit the access to each page to specific user with that specific role only.

However when I want to programmatically check if the current user is able to read (view) that page, it always returns true, even if the user does not have rights to read that page.

I tried following code to list only pages that current user has access to read:
```
    pages = get_pages(
        array('post_status' => array( 'private' ),
    ));
    foreach ( $pages as $page ) {
      if (current_user_can( 'read_private_pages', $page->ID )) {
          echo "This user can read page " . $page->post_title;
      }
    }
```
I am not sure why this fails. Any help would be much appreciated.

Thank you!

Viewing 2 replies - 1 through 2 (of 2 total)

Plugin Author

Caseproof

(@caseproof)

3 years ago

Hi @jospo

I followed these steps to reproduce this issue:

1. Created user role and granted the “Read Private Pages” capability under Pages tab.
2. Created a new page and checked it as Private.
3. Inserted your code

When I open any page as a not-logged user or as a regular Subscriber, I don’t see any message from this code. I also don’t have access to the private page. Only as a user with role that has “Read Private Pages” capability granted I can visit private pages, and can see the list of all private pages from the code.

It seems that it’s working on my side.

Best

Thread Starter

jospo

(@jospo)

2 years, 12 months ago

Hello, thanks for looking into this issue. I have found a working solution so I am posting it here in case anyone faces the same problem.

$user_roles = $current_user->roles;
        $user_role = array_shift( $user_roles );
        
        /**
          *
          * Check the current user can read private pages.
          *
          */
        $private = current_user_can( 'read_private_pages', $page->ID );
        
        /**
          *
          * Get the roles that have access to the associated page.
          *
          */
        $restricted = get_post_meta( $page->ID, '_members_access_role' );
        
        /**
          *
          * Find and echo only pages where the user has access to private pages and the <code>users role</code> is equal to the <code>role</code> restriction on the page set by MembersPress.
          *
          */
        if( ( $private ) && ( $user_role == in_array( $user_role, $restricted ) ) ) {
                
            echo $page->post_title . "<br/>";
            
        }

This reply was modified 2 years, 12 months ago by jospo.

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Checking if the current user is able to read private pages fails’ is closed to new replies.

Tags