Referring to the docs got add_meta_box
,
// Check permissions
if ( 'page' == $_POST['post_type'] ) {
if ( !current_user_can( 'edit_page', $post_id ) )
return;
} else {
if ( !current_user_can( 'edit_post', $post_id ) )
return;
}
}
If I want to authenticate a user for editing a custom post type “portfolio”, do I do something like
if ($_POST['post_type'] != 'portfolio' || !current_user_can_for_blog($post_id, 'edit_post'))
return;
No, the function
current_user_can_for_blog
expects a blog ID to be passed to it, not a post ID. I would change it to be like this: