根据ACF控制的用户(伪)权限在后端/管理中隐藏帖子

时间:2019-05-21 作者:Mike B.

我想禁止没有权限查看这些帖子的用户访问后端/管理员中的帖子。此功能类似于作者角色,但此“权限”由ACF 用户关系字段,而不是WP核心角色或权限。

更为复杂的是,用户关系字段实际上指向一个父/分组自定义帖子类型,然后该类型与我试图筛选的子帖子元素相关联。因此,它不仅显示用户编写的帖子,还显示其他人编写的帖子,但他们已被授予管理权限。让我在下面解释一下。。。

自定义帖子类型:Shoes [shoe]
自定义帖子类型:Brands [brand]

假设你有一双名为“Air Jordans”的“鞋”,还有一个名为“Nike”的“品牌”ACF bidirectional relationship 介于“Air Jordan”和“Nike”之间我已经建立了在前端处理此问题的逻辑,它工作得非常完美,现在我想在后端复制此逻辑,以便在那里进行过滤。以下是我在前端构建的内容供参考:

$current_user = wp_get_current_user();

/* Get All Brands the Current User can Administer */
$brands_admin_args = array(
  \'post_type\'   => \'brand\',
  \'meta_query\'  => array(
      array(
          \'key\'     => \'admins\', // This is my ACF User field that tracks brand admins.
          \'value\'   => \'"\' . $current_user->ID . \'"\',
          \'compare\' => \'LIKE\'
      ),
  ),
);
$brands_admin = get_posts($brands_admin_args);


/* Get All Shoes The User Can Administer Based On Each Brand They Can Administer*/
$approved_shoes_args = array(
  \'post_type\'       => \'shoe\',
  \'meta_query\'      => array(
      \'relation\'    => \'OR\'
  ),
);

foreach ($brands_admin as $ba) {
  array_push($approved_shoes_args[\'meta_query\'], array(
      \'key\'       => \'shoe_brands\', // This is my ACF Relationship field between Shoes and Brands 
      \'value\'     =>  \'"\' . $ba->ID . \'"\',
      \'compare\'   => \'LIKE\'
  ));
}
$approved_shoes = new WP_Query($approved_shoes_args);

2 个回复
SO网友:Welcher

您最好使用pre_get_posts 钩子在管理端调整查询。

你的逻辑相当复杂,所以我不想给你一个可行的例子,但下面的代码片段将帮助你开始。基本上,您希望确保您在管理中并管理主查询。

Codex link

add_action( \'pre_get_posts\', \'customize_admin_query\' );

function customize_admin_query( $wp_query ) {
    if ( $wp_query->is_admin() && $wp_query->is_main_query() ) {
        // do your customizations in here.
    }
}

SO网友:Mike B.

采纳@Welcher的使用建议pre_get_posts, 我使用现有代码并编译以下内容以进行筛选编辑。基于授予当前用户访问权限的ACF字段的自定义帖子的php页面:

add_action( \'pre_get_posts\', \'customize_products_for_admins\' );
function customize_products_for_admins( $wp_query ) {

    if ( is_admin() && $wp_query->is_main_query() && current_user_can(\'editor\') ) { // I know I need more conditional statements here

        $current_user = wp_get_current_user();

        /* Get All Brands the Current User can Administer */
        $brands_admin_args = array(
            \'post_type\'   => "brand",
            \'meta_query\'  => array(
                array(
                    \'key\'     => "admins",
                    \'value\'   => \'"\' . $current_user->ID . \'"\',
                    \'compare\' => "LIKE"
                ),
            ),
        );
        $brands_admin   = get_posts($brands_admin_args);

        /* Get All Shoes The User Can Administer Based On Each Brand They Can Administer */
        $approved_shoes_args = array(
            \'meta_query\'      => array(
                \'relation\'    => "OR"
            ),
        );

        foreach ($brands_admin as $ba) {
            array_push($approved_shoes_args[\'meta_query\'], array(
                \'key\'       => "shoe_brands", // This is my ACF Relationship field between Shoes and Brands
                \'value\'     =>  \'"\' . $ba->ID . \'"\',
                \'compare\'   => "LIKE"
            ));
        }
        $wp_query->set(\'meta_query\', $approved_shoes_args);
    }
}

标签: filters   wp-admin   advanced-custom-fields   privileges   小码农  

相关推荐

Wp/wp-admin/admin-ajax.php生成404

上周,我们的网站运行良好。今天,我无法在菜单中添加新页面。单击“添加到菜单”只会生成一个永不消失的旋转图标。如果我看一下Chrome控制台,我会看到:发布https://www.example.com/wp-admin/admin-ajax.php?_fs_blog_admin=true 404(未找到)没有限制/wp-admin 或/wp-admin/admin-ajax.php 在里面/.htaccess 或/wp-admin/.htaccess.我在google上搜索过这个问题,但大多数问题都是;