PLEASE NOTE: These forums are no longer utilized and are provided as an archive for informational purposes only. All support issues will be handled via email using our support ticket system. For more detailed information on this change, please see this blog post.

Display form & create post draft only if user have a custom capability

  1. Hello,

    I've got a custom WP role that have got a custom capability create_story. I know that in the advanced settings there is an option to display form only if a user logged in.

    How do I do the following:

    1. Display the form only if a user has got my custom capability?
    2. After a form submitted, before creating a post draft how do I check if a user has got my custom capability?

    I'm sure these are possible, I would hugely appreciate if you could point me in the right directions with which hooks to use.

    Many thanks, Dasha

    WP: 3.5.1
    Gravity Forms: 1.6.12

    Posted 6 years ago on Wednesday March 6, 2013 | Permalink
  2. To display the form only for users with a certain capability, I would embed the function call in your page template, then use PHP and WordPress functions to show the form only if the capability 'create_story' is present. It would look something like this:

    [php]
    if ( current_user_can('create_story') ) {
        // modify this function call for your needs
        // http:// bit.ly/W3u51L
        gravity_form(1, false, false, false, '', false);
    }
    else {
        echo "Sorry, you don't have permission to post.";
    }

    If the form is only visible to people with that capability, I don't understand why #2 is necessary. It would not be possible to get to this point unless they did have the correct capability. Please explain more if I misunderstood something.

    You can have the default for the form to be to create a 'draft' post.

    Posted 6 years ago on Tuesday March 12, 2013 | Permalink
  3. Hello Chris,

    Thank you for your reply. That makes sense to display the form only for the users that have the capability.

    As for #2 question, I wasn't sure if it's possible somehow forge a form submission even if they can't see it. Could you please confirm. If it can't be done, then I don't need this extra security check.

    Many thanks, Dasha

    Posted 6 years ago on Friday March 15, 2013 | Permalink
  4. I don't know if it's possible to submit the form or not, without being logged in. I've never tried it. If that's a concern, then you should keep your 2nd security check. I'm not sure exactly how to implement that after the post is created though. You could use the gform_pre_submission_filter to check the capabilities of the logged in user, and then decide to do something with the form submission if they user does not have the custom capability.

    Posted 6 years ago on Sunday March 17, 2013 | Permalink