Restrict with frontend forms

Hi zwene,
you may try <input type="hidden" name="post_view_cap" value="CAPABILITY" /> where the value of CAPABILITY is read for logged in users, exist for everybody, any WP rolename or Access Area capability (the userlabel_N_* things found in the right column under Users / Access Areas).

I can’t really say if this will work with the EO Frontend Submissions (I did not buy it yet, and I don’t plan to do so.). Likely it won’t, because the plugin might only use those $_POST values it knows about.

I think I got it. Being a bit savy on memory the plugin is not loading the admin classes in the frontend. I will think of a way to do this in a more generic way (like every time a post is saved).

For now this one might help. Tested together with WP User Frontend, which might be a similar scenario to your use case:

function wpaa_insert_post_data_filter() {
// (a) in admin the filter is already set. (b) will be true if plugin is active:

if ( ! is_admin() && class_exists(‘UndisclosedEditPost’))
add_filter(‘wp_insert_post_data’, array( ‘UndisclosedEditPost’ , ‘edit_post’) , 10 , 2 );
}
add_action(‘init’,’wpaa_insert_post_data_filter’);

The filter function UndisclosedEditPost::edit_post() will either set the default access from the settings on a new post or – if the user has permission – populate it from $_POST['post_*_cap']. (“Permission” here means: being capable of the value in $_POST['post_*_cap'] AND being allowed to edit the *_cap.)

FYI: The plugin is creating three additional columns in the posts table post_view_cap, post_edit_cap and post_comment_cap. This is mainly to avoid additional JOIN statements when retrieving large amounts of posts like on an archive page, but also for being safe from undefined or empty or invalid or multiple post_meta values.

all the best,
podpirate