Delete custom post type from frontend registered user

sheol77
(@sheol77)

1 year, 8 months ago
Hello everybody

I am using your plugin to create a private area for registered users. I created a form (with cf7) for posting (in a Custom post type) from the frontend only for registered users . Everything works, but if I want to allow the single registered user to delete his posts from the frontend I am obliged to set “delete_users” among the capabilities of his role. Without it cannot erase. The problem is that if this ability is enabled, the user has access to the backend even if the check in the role settings has not been checked.
This is the function I use to delete from the frontend:
```
// Delete post
function delete_post(){
    global $post;
    $deletepostlink= add_query_arg( 'frontend', 'true', get_delete_post_link( get_the_ID() ) );
    if (current_user_can('edit_post', $post->ID)) {
        echo '<a class="btn btn-sm text-primary" data-bs-toggle="tooltip" title="Löschen" onclick="return confirm(\'Sind Sie sicher dieses Item zu löschen?\')" href="'.$deletepostlink.'">'.iconTrash("w-5 h-5").'</a>';
    }
}
```
Is it possible to allow registered users to delete their own posts without using the “delete_users” ability and without being able to enter the backend?

Thank you
- This topic was modified 1 year, 8 months ago by sheol77.

Viewing 3 replies - 1 through 3 (of 3 total)

Plugin Support Aswin Giri
(@aswingiri)

1 year, 8 months ago

Hello @sheol77

If you are just allowing users to delete their own posts, why don’t you just check if the post author is the same as currently logged-in user, instead of current_user_can('edit_post', $post->ID)?
Thread Starter sheol77
(@sheol77)

1 year, 8 months ago
Thanks for the reply.

I explain the problem better: I created a Custom post type and with Ultimate Member I created a new role that can add new posts to this post type. The role created with ultimate member has all these capabilities:
```
edit_posts
edit_others_posts
edit_published_posts
publish_posts
read
delete_posts
delete_others_posts
delete_published_posts
delete_private_posts
edit_private_posts
```
He obviously doesn’t have permission to access the backend.
Theoretically with these permissions should be able to delete their posts, but this does not happen. When I invoke the delete function, nothing is deleted and a redirect takes place on the homepage as if the user did not have the permissions for that function.

Only if I add the “delete_users” capability, the user is able to delete his posts, but this also entails accessing the backend, even though he has not been given permission from the Ultimate members panel.

I add that in the configuration of the ultimate member role I do not find the capabilities for the Custom post Type but only for the standards (post pages user etc …). The Custom post type was created with CPT UI

Thank you
- This reply was modified 1 year, 8 months ago by sheol77.
Thread Starter sheol77
(@sheol77)

1 year, 8 months ago

Having not yet received an answer, I still found an alternative solution that uses the wp_trash_post() function in combination with an ajax call.

I believe the bug is that the get_delete_post_link() function creates a url call to the backend, but the role does not have access to it.

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Delete custom post type from frontend registered user’ is closed to new replies.