Answers:
实现此类任务的第一件事是能够识别用户可以编辑的页面。
有不同的方法可以做到这一点。可能是用户meta,一些配置值...为了得到这个答案,我将假定存在一个函数lile:
function wpse_user_can_edit( $user_id, $page_id ) {
$page = get_post( $page_id );
// let's find the topmost page in the hierarchy
while( $page && (int) $page->parent ) {
$page = get_post( $page->parent );
}
if ( ! $page ) {
return false;
}
// now $page is the top page in the hierarchy
// how to know if an user can edit it, it's up to you...
}现在我们有了确定用户是否可以编辑页面的方法,我们只需要告诉WordPress使用此功能来检查使用者编辑页面的能力。
可以通过'map_meta_cap'过滤器完成。
就像是:
add_filter( 'map_meta_cap', function ( $caps, $cap, $user_id, $args ) {
$to_filter = [ 'edit_post', 'delete_post', 'edit_page', 'delete_page' ];
// If the capability being filtered isn't of our interest, just return current value
if ( ! in_array( $cap, $to_filter, true ) ) {
return $caps;
}
// First item in $args array should be page ID
if ( ! $args || empty( $args[0] ) || ! wpse_user_can_edit( $user_id, $args[0] ) ) {
// User is not allowed, let's tell that to WP
return [ 'do_not_allow' ];
}
// Otherwise just return current value
return $caps;
}, 10, 4 );此时,我们仅需要一种将用户连接到一个或多个页面的方法。
根据用例,可能会有不同的解决方案。
灵活的解决方案可以是将“根”页面的下拉列表(请参阅参考资料wp_dropdown_pages)添加到编辑用户管理屏幕,然后将所选页面保存为用户元。
我们可以利用'edit_user_profile'添加页面下拉字段并将'edit_user_profile_update'所选值存储为用户元。
我敢肯定,在此网站上,有足够的指南来详细说明这一点。
当页面作为用户元存储时wpse_user_can_edit(),可以通过检查页面ID是否属于用户元值来完成上述功能。
删除编辑页面的功能后,WordPress将完成其余工作:将从后端和前端删除任何编辑链接,将阻止直接访问...等等。
即使您使用PHP类来避免全局变量,也确实需要少量代码来实现此功能。我也不想在仪表板中隐藏用户的禁止页面。如果他们添加了网站上已有的内容怎么办?
$user_edit_limit = new NS_User_Edit_Limit(
15, // User ID we want to limit
[2, 17] // Array of parent page IDs user is allowed to edit
(also accepts sub-page IDs)
);
class NS_User_Edit_Limit {
/**
* Store the ID of the user we want to control, and the
* posts we will let the user edit.
*/
private $user_id = 0;
private $allowed = array();
public function __construct( $user_id, $allowed ) {
// Save the ID of the user we want to limit.
$this->user_id = $user_id;
// Expand the list of allowed pages to include sub pages
$all_pages = new WP_Query( array(
'post_type' => 'page',
'posts_per_page' => -1,
) );
foreach ( $allowed as $page ) {
$this->allowed[] = $page;
$sub_pages = get_page_children( $page, $all_pages );
foreach ( $sub_pages as $sub_page ) {
$this->allowed[] = $sub_page->ID;
}
}
// For the prohibited user...
// Remove the edit link from the front-end as needed
add_filter( 'get_edit_post_link', array( $this, 'remove_edit_link' ), 10, 3 );
add_action( 'admin_bar_menu', array( $this, 'remove_wp_admin_edit_link' ), 10, 1 );
// Remove the edit link from wp-admin as needed
add_action( 'page_row_actions', array( $this, 'remove_page_list_edit_link' ), 10, 2 );
}
/**
* Helper functions that check if the current user is the one
* we want to limit, and check if a specific post is in our
* list of posts that we allow the user to edit.
*/
private function is_user_limited() {
$current_user = wp_get_current_user();
return ( $current_user->ID == $this->user_id );
}
private function is_page_allowed( $post_id ) {
return in_array( $post_id, $this->allowed );
}
/**
* Removes the edit link from the front-end as needed.
*/
public function remove_edit_link( $link, $post_id, $test ) {
/**
* If...
* - The limited user is logged in
* - The page the edit link is being created for is not in the allowed list
* ...return an empty $link. This also causes edit_post_link() to show nothing.
*
* Otherwise, return link as normal.
*/
if ( $this->is_user_limited() && !$this->is_page_allowed( $post_id ) ) {
return '';
}
return $link;
}
/**
* Removes the edit link from WP Admin Bar
*/
public function remove_wp_admin_edit_link( $wp_admin_bar ) {
/**
* If:
* - We're on a single page
* - The limited user is logged in
* - The page is not in the allowed list
* ...Remove the edit link from the WP Admin Bar
*/
if (
is_page() &&
$this->is_user_limited() &&
!$this->is_page_allowed( get_post()->ID )
) {
$wp_admin_bar->remove_node( 'edit' );
}
}
/**
* Removes the edit link from WP Admin's edit.php
*/
public function remove_page_list_edit_link( $actions, $post ) {
/**
* If:
* -The limited user is logged in
* -The page is not in the allowed list
* ...Remove the "Edit", "Quick Edit", and "Trash" quick links.
*/
if (
$this->is_user_limited() &&
!$this->is_page_allowed( $post->ID )
) {
unset( $actions['edit'] );
unset( $actions['inline hide-if-no-js']);
unset( $actions['trash'] );
}
return $actions;
}
}上面的代码所做的是防止以下操作或根据需要显示:
get_edit_post_linkEdit Page 页面上出现的WP管理栏上的链接Edit,Quick Edit和Trash中出现在“页面”下方的快速链接/wp-admin/edit.php?post_type=page这适用于我本地的WordPress 4.7安装。假设网站上的页面不会经常更改,则最好对页面及其子页面的ID进行硬编码,并删除WP_Query内部__construct方法。这将节省大量的数据库调用。
如果您想远离插件,可以在functions.php文件或自定义插件中更改以下代码。
该代码有2个单独的部分,您只需要使用其中的1个即可,但这取决于需求的复杂性。
第1部分是指定单个用户并将他们限制为特定帖子。
第2部分允许您创建用户和帖子ID的地图,并允许多个帖子
下面的代码仅适用于页面,但是如果您想将其更改为帖子或自定义帖子类型,则需要将字符串更改$screen->id == 'page'为其他内容。
你可以找到在屏幕ID的周围可湿性粉剂管理员参考这里
function my_pre_get_posts( $query ){
$screen = get_current_screen();
$current_user = wp_get_current_user();
/**
* Specify a single user and restrict to a single page
*/
$restricted_user_id = 10; //User ID of the restricted user
$allowed_post_id = 1234; //Post ID of the allowed post
$current_post_id = isset( $_GET['post'] ) ? (int)$_GET['post'] : false ;
//Only affecting a specific user
if( $current_user->ID !== $restricted_user_id ){
return;
}
//Only Affecting EDIT page.
if( ! $current_post_id ){
return;
}
if( $screen->id == 'page' && $current_post_id !== $allowed_post_id ){
wp_redirect( admin_url( ) );
exit;
}
/**
* Specify a map of user_id => $allowed_posts
*/
$restrictions_map = [
10 => [ 123 ], //Allow user ID to edit Page ID 123
11 => [ 152, 186 ] //Allow user ID to edit Page ID 123 and 186
];
if( array_key_exists( $current_user->ID, $restrictions_map ) ){
$allowed_posts = $restrictions_map[$current_user->ID];
if( $screen->id == 'page' && ! in_array( $current_user->ID, $allowed_posts ) ){
wp_redirect( admin_url( ) );
exit;
}
}
}
add_action( 'pre_get_posts', 'my_pre_get_posts' );我用User Role Editor了几次,还不错。也许它也可以帮助您。这是链接用户角色编辑器