Add Snippet To Project
Are you managing a multi-author blog or website on WordPress and want to maintain content privacy among your writers? WordPress, by default, allows authors to view all the posts, regardless of who created them. If you want authors to only see their own posts in the WordPress dashboard, you need to add a layer of restriction. This article provides a detailed guide on how to restrict authors to only view posts they have created, ensuring greater control over your website’s content.
function wpturbo_authors_posts_view( $wp_query ) {
if ( strpos( $_SERVER[ 'REQUEST_URI' ], '/wp-admin/edit.php' ) !== false ) {
if ( !current_user_can( 'edit_others_posts' ) ) {
global $current_user;
$wp_query->set( 'author', $current_user->id );
}
}
}
add_filter('parse_query', 'wpturbo_authors_posts_view' );
This snippet is essentially a policy enforcer in the form of a WordPress function. The function is called wpturbo_authors_posts_view() and it manipulates the main WordPress query object, $wp_query, to limit the posts visible in the WordPress admin ‘All Posts’ page to only show posts authored by the currently logged-in user.
Here’s how wpturbo_authors_posts_view() works systematically:
function wpturbo_authors_posts_view( $wp_query ) {
if ( strpos( $_SERVER[ 'REQUEST_URI' ], '/wp-admin/edit.php' ) !== false ) {
if ( !current_user_can( 'edit_others_posts' ) ) {
global $current_user;
$wp_query->set( 'author', $current_user->id );
}
}
}The function accepts one parameter $wp_query, which is an instance of the main WordPress query object. This object contains information about the current set of posts WordPress has fetched from the database. By manipulating this object, you can alter what posts WordPress will display.
The first if statement checks if the current URL ($_SERVER[ 'REQUEST_URI' ]) contains the string ‘/wp-admin/edit.php’. This string effectively identifies the ‘All Posts’ page in the WordPress admin dashboard. This means that the function will only apply its manipulation of the $wp_query object if the user is on the ‘All Posts’ page.
The second if statement checks if the current user has the capability to ‘edit_others_posts’. This is a WordPress capability usually assigned to administrators and editors. If the user does not have this capability, it implies that they are authors or contributors. For these users, the function will proceed to manipulate the $wp_query object.
Next, the function declares the $current_user as a global variable. This is a WordPress global variable that holds the WP_User object for the currently logged-in user, and it includes various properties including the user’s ID.
Finally, the function calls the set method on the $wp_query object, setting the ‘author’ query var to the ID of the current user. This restricts the query to only fetch posts authored by the current user.
As a result, only posts authored by the currently logged in user will be shown on the ‘All Posts’ page when accessed by an author or a contributor.
add_filter('parse_query', 'wpturbo_authors_posts_view' );This last line connects the function to WordPress. It hooks wpturbo_authors_posts_view function into the parse_query filter, which is applied just after WordPress has constructed the main query but before it has fetched the posts. This ensures that the function’s manipulation of the query is applied at the correct stage of the process.