Allow editing form data which is submitted by "that" author

This topic has 6 replies, 2 voices, and was last updated 7 months, 2 weeks ago by nfyp145.

Creator

Topic
June 8, 2019 at 9:59 PM #14888
Resolved nfyp145
Participant
Hi Anh

Sorry for my limited PHP knowledge. Please help me.

I create meta box.
```
add_filter( 'rwmb_meta_boxes', 'your_prefix_register_meta_boxes' );
function your_prefix_register_meta_boxes( $meta_boxes ) {
    $meta_boxes[] = array (
        'title' => 'My Form',
        'id' => 'my_form',
        'post_types' => array(
            0 => 'post',
        ),
        'context' => 'normal',
        'priority' => 'high',
        'fields' => array(
            array (
                'id' => 'phone',
                'type' => 'text',
                'name' => 'Phone',
            ),
        ),
    );
    return $meta_boxes;
}
```
Create new page – and add shortcode.

[mb_frontend_form id ="my_form" post_fields="title" edit=true]

I setup – only subscribers can submit form.

How can I allow – to edit the form data which is submitted by that author?

I think if other figures out the link pattern /?rwmb-form-submitted=my_form&rwmb-post-id=357 with post-id=xxx at the end, form data can be easily changed even they are not that post author.

Thank you Anh.
Creator

Topic

Viewing 6 replies - 1 through 6 (of 6 total)

Author

Replies
June 10, 2019 at 10:32 AM #14899
Anh Tran
Keymaster
Hi,

This is an interesting question. After checking around, this is the solution I found:

Step 1: set the post author when submitting
```
add_filter( 'rwmb_frontend_insert_post_data', function( $data, $config ) {
    if ( $config['id'] !== 'my_form' || ! is_user_logged_in() ) {
        return $data;
    }

    // Set current post ID as the author of the post.
    $data['post_author'] = get_current_user_id();
    return $data;
}, 10, 2 );
```
Step 2: check if the current user is the post author
```
add_filter( 'do_shortcode_tag', function ( $output, $tag, $attr ) {
    if ( $tag !== 'mb_frontend_form' || $attr['id'] !== 'my_form' ) {
        return $output;
    }

    // Check if current user is the post author.
    $post_id = filter_input( INPUT_GET, 'rwmb-post-id', FILTER_SANITIZE_NUMBER_INT );
    $post = get_post( $post_id );
    if ( $post->post_author != get_current_user_id() ) {
        return 'You are not allowed to edit this post';
    }

    return $output;
}, 10, 3 );
```
June 10, 2019 at 11:13 AM #14903

nfyp145
Participant

Hello Anh

Appreciate for reply! I’ve been waiting for your solution all day – today.

I try as you guided above.

After adding snippets from step 1 and 2 in functions.php, ONLY admin can see and submit the form.

June 10, 2019 at 11:55 AM #14906

Anh Tran
Keymaster

If you try to edit the existing posts, then only admin can edit them. Because their post author is the admin (technically when submitting posts, the plugin doesn’t set the post author, and that falls back to the admin).

This code will work with new submitted posts, where the code in the step 1 sets the proper post author.

For the existing posts, you need to set the post author manually. Then the code will work properly.

June 10, 2019 at 12:23 PM #14908

nfyp145
Participant

But after adding code from step 2…

the form page (where I insert form shortcode) is blocked with message – You are not allowed to edit this post.

So there is no chance for guest or subscriber to submit form.

June 10, 2019 at 1:43 PM #14909
Anh Tran
Keymaster
Sorry, please try this code for the 2nd step:
```
add_filter( 'do_shortcode_tag', function ( $output, $tag, $attr ) {
    if ( $tag !== 'mb_frontend_form' || $attr['id'] !== 'my_form' ) {
        return $output;
    }

    // Check if current user is the post author.
    $post_id = filter_input( INPUT_GET, 'rwmb-post-id', FILTER_SANITIZE_NUMBER_INT );
    if ( ! $post_id ) {
        return $output;
    }
    $post = get_post( $post_id );
    if ( $post->post_author != get_current_user_id() ) {
        return 'You are not allowed to edit this post';
    }

    return $output;
}, 10, 3 );
```
June 10, 2019 at 5:01 PM #14912

nfyp145
Participant

Wow…

That works beautifully. You really are the code poet.

Thank you so much Master Ahn.
Author

Replies

Viewing 6 replies - 1 through 6 (of 6 total)

You must be logged in to reply to this topic.

Newsletter