This topic contains 6 replies, has 2 voices, and was last updated by 
nfyp145 5 months ago.
-
Topic
-
Hi Anh
Sorry for my limited PHP knowledge. Please help me.
I create meta box.
add_filter( 'rwmb_meta_boxes', 'your_prefix_register_meta_boxes' ); function your_prefix_register_meta_boxes( $meta_boxes ) { $meta_boxes[] = array ( 'title' => 'My Form', 'id' => 'my_form', 'post_types' => array( 0 => 'post', ), 'context' => 'normal', 'priority' => 'high', 'fields' => array( array ( 'id' => 'phone', 'type' => 'text', 'name' => 'Phone', ), ), ); return $meta_boxes; }Create new page – and add shortcode.
[mb_frontend_form id ="my_form" post_fields="title" edit=true]I setup – only subscribers can submit form.
How can I allow – to edit the form data which is submitted by that author?
I think if other figures out the link pattern
/?rwmb-form-submitted=my_form&rwmb-post-id=357with post-id=xxx at the end, form data can be easily changed even they are not that post author.Thank you Anh.
-
Replies
-
Hi,
This is an interesting question. After checking around, this is the solution I found:
Step 1: set the post author when submitting
add_filter( 'rwmb_frontend_insert_post_data', function( $data, $config ) { if ( $config['id'] !== 'my_form' || ! is_user_logged_in() ) { return $data; } // Set current post ID as the author of the post. $data['post_author'] = get_current_user_id(); return $data; }, 10, 2 );Step 2: check if the current user is the post author
add_filter( 'do_shortcode_tag', function ( $output, $tag, $attr ) { if ( $tag !== 'mb_frontend_form' || $attr['id'] !== 'my_form' ) { return $output; } // Check if current user is the post author. $post_id = filter_input( INPUT_GET, 'rwmb-post-id', FILTER_SANITIZE_NUMBER_INT ); $post = get_post( $post_id ); if ( $post->post_author != get_current_user_id() ) { return 'You are not allowed to edit this post'; } return $output; }, 10, 3 );Hello Anh
Appreciate for reply! I’ve been waiting for your solution all day – today.
I try as you guided above.
After adding snippets from step 1 and 2 in functions.php, ONLY admin can see and submit the form.
If you try to edit the existing posts, then only admin can edit them. Because their post author is the admin (technically when submitting posts, the plugin doesn’t set the post author, and that falls back to the admin).
This code will work with new submitted posts, where the code in the step 1 sets the proper post author.
For the existing posts, you need to set the post author manually. Then the code will work properly.
But after adding code from step 2…
the form page (where I insert form shortcode) is blocked with message – You are not allowed to edit this post.
So there is no chance for guest or subscriber to submit form.
Sorry, please try this code for the 2nd step:
add_filter( 'do_shortcode_tag', function ( $output, $tag, $attr ) { if ( $tag !== 'mb_frontend_form' || $attr['id'] !== 'my_form' ) { return $output; } // Check if current user is the post author. $post_id = filter_input( INPUT_GET, 'rwmb-post-id', FILTER_SANITIZE_NUMBER_INT ); if ( ! $post_id ) { return $output; } $post = get_post( $post_id ); if ( $post->post_author != get_current_user_id() ) { return 'You are not allowed to edit this post'; } return $output; }, 10, 3 );Wow…
That works beautifully. You really are the code poet.
Thank you so much Master Ahn.
You must be logged in to reply to this topic.