I have a business directory website that allows a user to edit their business listing details (partially, at least). Each business listing (a custom post) is assigned the user as author. I use GF basically as a frontend editor, pulling in the post field values on the edit post form. Then, I've locked all these users out of the WordPress admin area. It's pretty cool actually...
Here's the problem though. GF, by default, is only capable of creating new posts - not editing existing posts. Thus, when the edit form is called with an invalid post to edit (or none at all), GF defaults to creating a new post rather than displaying an unauthorized message. I need to change that.
Is there a hook or filter I can use to add my own authentication logic and block the form when it is called? I was thinking the gform_pre_render filter might do the trick. Can I do my permissions check there and unset the form or something? Then echo an unauthorized message instead? How can I block the form from displaying (rendering at all actually)?
By the way... GF does not respect the publish_posts capability in WordPress.