[wp-hackers] is there a way to make sure that a shortcode can be used only by certain userroles?

John dailyrants at gmail.com
Wed Nov 13 14:46:24 UTC 2013 

has_shortcode was introduced in 3.6.0. You might find that useful here.


On Tue, Nov 12, 2013 at 4:42 PM, Nikola Nikolov <nikolov.tmw at gmail.com>wrote:

> Since the regex that matches shortcodes is quite complex, I can suggest to
> you the following VERY ugly hack :)
>
> function filter_out_protected_shortcode( $content ) {
> // Check to see if the current user can or can't do a specific task
> // it would probably be different in your case
> if ( ! current_user_can( 'edit_others_posts' ) ) {
> global $shortcode_tags;
> // Back-up the currently registered shortcodes
> $_sc_tags = $shortcode_tags;
>
> // Change the shortcode's handler to return an empty string instead of the
> actual content
> $shortcode_tags = array( 'xyx' => '__return_empty_string' );
>
> // Now, since we overrided the $shortcode_tags variable
> // Only the [xyx] shortcode will be parsed - and it will be replaced
> // with an empty string :)
> $content = do_shortcode( $content );
>
> // Restore the original shortcode handlers
> $shortcode_tags = $_sc_tags;
> }
>
> return $content;
> }
> add_filter( 'content_save_pre', 'filter_out_protected_shortcode', 10 );
>
> So what happens here is that we hook to the "content_save_pre" filter as
> Jesse suggested.
> We then check if the user can use that shortcode. If they can't, we
> override the global $shortcode_tags variable to only contain our shortcode
> with a callback "__return_empty_string" - which as the name suggests
> returns an empty string.
> After that, we parse the content and if the shortcode was found there - it
> will be replaced with an empty string.
>
> This is not a perfect solution, since if the shortcode was surrounded by
> two empty lines(one before and one after), you would get three empty lines.
>
> I haven't tested that code, but it should in theory work.
>
> Also - the chances are that no shortcodes would be parsed for that
> request(since that's a request for updating/saving a post) and you can skip
> the copying/restoring of the $shortcode_tags variable, but I always prefer
> to put things back together the way I found them, than to leave them
> messy(debugging something like that is a pain).
>
> Well, that's about it - it's an UGLY hack, but I believe that the core
> handling of the shortcodes is better than anything that I would come-up
> regex-wise(and I'm generally somewhat decent in writing those).
>
>
> On Tue, Nov 12, 2013 at 10:08 PM, Jesse Friedman <
> highfive at jesserfriedman.com> wrote:
>
> > You could filter the content when the post is saved and if the user
> doesn't
> > have the right permissions, then I strip the shortcode or present a
> > warning.
> >
> > you could try using
> > http://codex.wordpress.org/Plugin_API/Filter_Reference/content_save_pre,
> > then maybe some regex to find the shortcode and strip it out
> >
> >
> > On Tue, Nov 12, 2013 at 2:57 PM, Haluk Karamete <halukkaramete at gmail.com
> > >wrote:
> >
> > > What I mean by that is that is this...
> > >
> > > let's say there is an admin-editors-only shortcode. let's call it "xyx"
> > > shortcode for the sake of an example.
> > >
> > > is it possible to have a contributor or author to not to be able to use
> > > that shortcode? they all get stopped with a warning that the post
> cannot
> > be
> > > saved (or created)  because it contains the "xyx" shortcode!
> > >
> > > to cover all the possibilities (such as posting thru email, or thru
> some
> > > other esoteric ways) , what is the best hook(s) that I need to watch
> out
> > so
> > > that there are no loop holes left...
> > >
> > > I hope it was clear and did not confuse you...
> > > thank you
> > > _______________________________________________
> > > wp-hackers mailing list
> > > wp-hackers at lists.automattic.com
> > > http://lists.automattic.com/mailman/listinfo/wp-hackers
> > >
> >
> >
> >
> > --
> > thanks
> >
> > *jesse friedman*
> > jes.se.com
> > Book: Web Designers Guide to WordPress -
> > http://wdgwp.com/onamazon<http://wdgwp.com/onamazon>
> > Twitter: @professor <http://twitter.com/professor>
> > Facebook: Like<
> > https://www.facebook.com/pages/Jesse-Friedman/204793299545174>
> > _______________________________________________
> > wp-hackers mailing list
> > wp-hackers at lists.automattic.com
> > http://lists.automattic.com/mailman/listinfo/wp-hackers
> >
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>

More information about the wp-hackers mailing list