Meta Box

[Request] Preventing any user-input

Support General [Request] Preventing any user-input

Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts
  • August 16, 2017 at 2:59 AM #6649
    ttroelsttroels
    Participant

    I have some fields in MB I want to make viewable for everyone, but only editable for a certain group users (either defined by the role or the capabilities).
    As I see it, I now has two possibilities:
    1) Set the fields as disabled and readonly if they don't have the required permissions. The downside of it is it's make in the frontend, and is not validated server-sided, so the visitors can alter the data before the data is sent to server, thus making the solution unreliable.
    2) I can use the exclude/include plugin and make the meta boxes disappearing on PHP-side - and alterate between a 'custom_html' field and some real input fields, depending upon the current user. But it exclude/include plugin only works on the whole meta box and not each fields. Or I can build a custom solution which checks the permission and returns the correct field, but it would take a lot work and mess the code yet further up.

    I want to suggest to implement a attribute to all fields, to remove any way to inputting something, and maybe change the type to plain text if set to true. Thus, a feature alike "disabled" or "readonly" - but it would just change the whole field to text if set to true.

    Is it possible, and something you would like to implement?

    August 16, 2017 at 8:50 AM #6654
    Anh TranAnh Tran
    Keymaster

    Hi,

    Can you give some details on the 1st option? Do you use the MB Frontend Submission extension to output fields in the frontend? I'm not very clear about the downside.

    August 16, 2017 at 5:39 PM #6658
    ttroelsttroels
    Participant

    Hi

    Thank you for the reply. No, I don't submit any fields to frontend. I'm building a custom backend system to register data (of people), and I have multiple users and each have difference roles and capabilities. Some can only view part of data, and edit the other part - while other roles can edit all the fields - so I need a way to "control" which fields is uneditable.
    As the 'disabled' and 'readonly' attributes is only controlled in frontend in the user's own browser, I can't ensure that they don't edit the attributes, allowing them to edit the fields they are not allowed to edit.
    Thus, in this case my definition of "frontend" is actual WP admin backend, where users can either edit or read the difference fields.

    I hope that it's to understand now? 🙂

    Best
    Troels

    August 18, 2017 at 11:12 AM #6691
    Anh TranAnh Tran
    Keymaster

    Ah, I got it!

    Looks like we don't have such a solution for this in PHP yet. The best solution for now is using Conditional Logic extension to hide the fields from unwanted users. But it only hides from user and the fields are still outputted.

    August 18, 2017 at 1:38 PM #6692
    ttroelsttroels
    Participant

    Yeah, I guessed that it's the only solution for now. But if you implement it to a future extension or as the base pack I would be happy 🙂

  • Author
    Posts
Viewing 5 posts - 1 through 5 (of 5 total)
  • The topic ‘[Request] Preventing any user-input’ is closed to new replies.