am using this function to delete post from front
// Delete from Front-End Link
function wp_delete_post_link($link = 'Delete This', $before = '', $after = '', $title="Move this item to the Trash", $cssClass="delete-post") {
global $post;
if ( $post->post_type == 'page' ) {
if ( !current_user_can( 'edit_page' ) )
return;
} else {
if ( !current_user_can( 'edit_post' ) )
return;
}
$delLink = wp_nonce_url( site_url() . "/wp-admin/post.php?action=trash&post=" . $post->ID, 'trash-' . $post->post_type . '_' . $post->ID);
$link = '<a class="' . $cssClass . '" href="' . $delLink . '" onclick="javascript:if(!confirm('Are you sure you want to move this item to trash?')) return false;" title="'.$title.'" />'.$link."</a>";
return $before . $link . $after;
}
its work 100% but am using function to restrict no admin to access wp-admin, using this function :
function restrict_admin(){
//if not administrator, kill WordPress execution and provide a message
if ( ! current_user_can( 'create_users' ) ) {
wp_die( __('You are not allowed to access this part of the site') );
}
}
add_action( 'admin_init', 'restrict_admin', 1 );
my problem , how can i allow user ( not admin ) to delete his post own post ?
If you like, that users only can delete his own post, then it is important, that check for the ID of the user and the Author-ID to the post. The follow source example add a Trash button to the admin bar, that the users can easily delete his own post.
The key is the function
get_queried_object(). This object stored all values to the post on the front end and you can check to the user id, there is logged in –get_current_user_id(). Also important for a strict comparison is, that you set all values to the same type, like integer.Also is it possible to use the WP core function
current_user_can()with the second param to identifier the rights to each post:current_user_can('edit_post', 123)this check the capability to the post with the ID123. Maybe a little bid easier as the check about the author object and the post object.Also useful in my example, that you nit must use the global
$post.For the non access to the admin area of non admin is it easier to write a small function include a rewrite, not a hard die. Use the WordPress function
wp_redirect()to rewrite to a specific url or frontend.The solution to this is to modify your restrict admin function to allow for certain circumstances.
How about changing the user’s role as author??
Doing this, the user will have the edit_post capability but only for the post they have created not for other’s post.
You can use the capability
delete_published_postsanddelete_published_pagesto provide the facility. This capability is provided toAuthorand upwards by default. This means whether the user can delete his published post(as you are deleting post from front end, so it must be published post).You can check it like this.
If you need to have very fine-grained permissions checking, you can filter the
user_has_capresult. WordPress calls that function whenever it checks for permissions.You use it like this:
When a post is being deleted, $args is set to array (‘delete_post’, $user_id, $post_id). The capabilities required to allow the deletion are stored in the array $caps, and will vary depending on what type of post is being deleted (e.g. âdelete_published_postsâ). Each capability in $caps corresponds to an item in $allcaps. To prevent the post being deleted, all we need to do is modify $allcaps by setting one of the values listed in $caps to false (e.g. $allcaps[$caps[0]] = false).
Check out the âDelete Postâ plugin by business entourage on the WordPress plugins page, it allows only the author of the post to click a delete post button on the front end and it works great! And for an upgraded version, all users on a blog who make a comment can delete a comment only they made, making it more social. https://wordpress.org/plugins/delete-post/.