delete_others_posts 功能为 false 无效

delete_others_posts capability as false not working

我正在尝试根据自定义 post 类型功能定义新的用户角色。除了其他功能,我希望这个角色只删除它自己的 posts 而不是其他用户 posts.

为了实现这一点,我将 delete_others_posts(delete_others_dictionary_entry) 定义为 false,但不知何故它不起作用,每个拥有这个新角色的用户都能够删除所有其他用户 posts。

add_action('init', 'setup_dictionary_post');

//Register custom post type    
function setup_dictionary_post() {

    $capabilities = array(
            'publish_posts' => 'publish_dictionary_entry',
            'edit_posts' => 'edit_dictionary_entry',
            'edit_others_posts' => 'edit_others_dictionary_entry',
            'delete_posts' => 'delete_dictionary_entry',
            'delete_others_posts' => 'delete_others_dictionary_entry',
            'read_private_posts' => 'read_private_dictionary_entry'
    );

    $labels = array(
            'name' => 'Dictionary Entries',
              'singular_name' => 'Dictionary Entry',
              'menu_name' => 'Dictionary Entries',
              'add_new' => 'Add New',
              'add_new_item' => 'Add New Dictionary Entry',
              'edit' => 'Edit entry',
              'edit_item' => 'Edit Dictionary Entry',
              'new_item' => 'New Dictionary Entry',
              'view' => 'View Dictionary Entry',
              'view_item' => 'View Dictionary Entry',
              'search_items' => 'Search Dictionary Entries',
              'not_found' => 'No Dictionary Entries Found',
              'not_found_in_trash' => 'No Dictionary Entries Found in Trash',
              'parent' => 'Parent Dictionary Entry');

            register_post_type('dictionary_entry', 
                array(
                    'label' => 'Dictionary Entries',
                    'description' => '',
                    'public' => true,
                    'show_ui' => true,
                    'show_in_menu' => true,
                    'capability_type' => 'dictionary_entry',
                    'capabilities'=>$capabilities,
                    'hierarchical' => false,
                    'rewrite' => array('slug' => ''),
                    'query_var' => true,
                    'supports' => array('title','comments','revisions','thumbnail','author','page-attributes',),
                    'labels' => $labels,
                    )
            );

            flush_rewrite_rules(false);

            /********************** CUSTOM ROLE *****************************/
            remove_role('dictionary_entry_author');
            add_role('dictionary_entry_author', 
              'Dictionary Helper', array(
                    'publish_dictionary_entry' => true,
                    'edit_dictionary_entry' => true,
                    'edit_others_dictionary_entry' => true,
                    'delete_dictionary_entry' => true,
                    'delete_others_dictionary_entry' => false,
                    'read_private_dictionary_entry' => true,
                    'read_dictionary_entry' => true,
                    'read' => true
            ));
}

您必须首先将您的能力映射到实际能力。 大致如下:

add_filter('map_meta_cap', function($caps, $cap, $user_id, $args) {
    $cap_type = 'dictionary_entry';

    /* If editing, deleting, or reading a cpt, get the post and post type object. */
    if ( 'edit_' . $cap_type == $cap || 'delete_' . $cap_type == $cap || 'read_' . $cap_type == $cap ) {
        $post = \get_post($args[0]);
        $post_type = \get_post_type_object( $post->post_type );

        /* Set an empty array for the caps. */
        $caps = array();
    }

    /* If editing a cpt, assign the required capability. */
    if ( 'edit_' . $cap_type == $cap ) {
        if ( $user_id == $post->post_author )
            $caps[] = $post_type->cap->edit_posts;
        else
            $caps[] = $post_type->cap->edit_others_posts;
    }

    /* If deleting a cpt, assign the required capability. */
    elseif ( 'delete_' . $cap_type == $cap ) {
        if ( $user_id == $post->post_author )
            $caps[] = $post_type->cap->delete_posts;
        else
            $caps[] = $post_type->cap->delete_others_posts;
    }

    /* If reading a private cpt, assign the required capability. */
    elseif ( 'read_' . $cap_type == $cap ) {

        if ( 'private' != $post->post_status )
            $caps[] = 'read';
        elseif ( $user_id == $post->post_author )
            $caps[] = 'read';
        else
            $caps[] = $post_type->cap->read_private_posts;
    }

    /* Return the capabilities required by the user. */
    return $caps;
}, 10, 4);

另请查看 https://codex.wordpress.org/Function_Reference/map_meta_cap (although this is rather thin) and http://mannieschumpert.com/blog/wordpress-capabilities-magic-with-map_meta_cap/