Only Allow Post Author To Edit Own Post

This topic has 1 reply, 2 voices, and was last updated 2 years, 11 months ago by Stephen C..

Viewing 2 posts - 1 through 2 (of 2 total)

Author

Posts
May 3, 2022 at 4:19 AM #35845

Warren Johnston
Participant

I have a bit of a security issue I'm struggling to over come.

I allow users to edit the posts they create using a link with the following query string
"/?rwmb_frontend_field_post_id={{ post.ID }}"

This works great and populates the form with the content they want to edit.

HOWEVER...

You can just guess POSTID's in the url and edit other peoples entries too.

How do I lock this down so users can only edit what they have created?

Thanks everyone!

Add New Note to this Reply

May 3, 2022 at 4:52 AM #35846

Stephen C.
Participant

Users can only edit their own posts. If someone other than the author tries to edit a post, their get a message that says "You are not allowed to edit this post." Admins can edit any post, though, so don't test using your admin account.

Add New Note to this Reply
Author

Posts

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.