Custom Fields
Re-Envisioned
Support MB Frontend Submission Allow editing form data which is submitted by "that" author

This topic contains 6 replies, has 2 voices, and was last updated by  nfyp145 5 months ago.

  • Creator
    Topic
  • #14888
    Resolved
    nfyp145
    Participant

    Hi Anh

    Sorry for my limited PHP knowledge. Please help me.

    I create meta box.

    
    add_filter( 'rwmb_meta_boxes', 'your_prefix_register_meta_boxes' );
    function your_prefix_register_meta_boxes( $meta_boxes ) {
        $meta_boxes[] = array (
            'title' => 'My Form',
            'id' => 'my_form',
            'post_types' => array(
                0 => 'post',
            ),
            'context' => 'normal',
            'priority' => 'high',
            'fields' => array(
                array (
                    'id' => 'phone',
                    'type' => 'text',
                    'name' => 'Phone',
                ),
            ),
        );
        return $meta_boxes;
    }
    

    Create new page – and add shortcode.

    [mb_frontend_form id ="my_form" post_fields="title" edit=true]

    I setup – only subscribers can submit form.

    How can I allow – to edit the form data which is submitted by that author?

    I think if other figures out the link pattern /?rwmb-form-submitted=my_form&rwmb-post-id=357 with post-id=xxx at the end, form data can be easily changed even they are not that post author.

    Thank you Anh.

Viewing 6 replies - 1 through 6 (of 6 total)
  • Author
    Replies
  • #14899

    Anh Tran
    Keymaster

    Hi,

    This is an interesting question. After checking around, this is the solution I found:

    Step 1: set the post author when submitting

    add_filter( 'rwmb_frontend_insert_post_data', function( $data, $config ) {
        if ( $config['id'] !== 'my_form' || ! is_user_logged_in() ) {
            return $data;
        }
    
        // Set current post ID as the author of the post.
        $data['post_author'] = get_current_user_id();
        return $data;
    }, 10, 2 );

    Step 2: check if the current user is the post author

    add_filter( 'do_shortcode_tag', function ( $output, $tag, $attr ) {
        if ( $tag !== 'mb_frontend_form' || $attr['id'] !== 'my_form' ) {
            return $output;
        }
    
        // Check if current user is the post author.
        $post_id = filter_input( INPUT_GET, 'rwmb-post-id', FILTER_SANITIZE_NUMBER_INT );
        $post = get_post( $post_id );
        if ( $post->post_author != get_current_user_id() ) {
            return 'You are not allowed to edit this post';
        }
    
        return $output;
    }, 10, 3 );
    #14903

    nfyp145
    Participant

    Hello Anh

    Appreciate for reply! I’ve been waiting for your solution all day – today.

    I try as you guided above.

    After adding snippets from step 1 and 2 in functions.php, ONLY admin can see and submit the form.

    #14906

    Anh Tran
    Keymaster

    If you try to edit the existing posts, then only admin can edit them. Because their post author is the admin (technically when submitting posts, the plugin doesn’t set the post author, and that falls back to the admin).

    This code will work with new submitted posts, where the code in the step 1 sets the proper post author.

    For the existing posts, you need to set the post author manually. Then the code will work properly.

    #14908

    nfyp145
    Participant

    But after adding code from step 2…

    the form page (where I insert form shortcode) is blocked with message – You are not allowed to edit this post.

    So there is no chance for guest or subscriber to submit form.

    #14909

    Anh Tran
    Keymaster

    Sorry, please try this code for the 2nd step:

    add_filter( 'do_shortcode_tag', function ( $output, $tag, $attr ) {
        if ( $tag !== 'mb_frontend_form' || $attr['id'] !== 'my_form' ) {
            return $output;
        }
    
        // Check if current user is the post author.
        $post_id = filter_input( INPUT_GET, 'rwmb-post-id', FILTER_SANITIZE_NUMBER_INT );
        if ( ! $post_id ) {
            return $output;
        }
        $post = get_post( $post_id );
        if ( $post->post_author != get_current_user_id() ) {
            return 'You are not allowed to edit this post';
        }
    
        return $output;
    }, 10, 3 );
    #14912

    nfyp145
    Participant

    Wow…

    That works beautifully. You really are the code poet.

    Thank you so much Master Ahn.

Viewing 6 replies - 1 through 6 (of 6 total)

You must be logged in to reply to this topic.