Let's add some checks to our plugin to prevent unauthorized users from publishing posts and uploading files using our post templates.
This can be done using the WordPress capabilities system, providing us with functions to check if the user is allowed to perform a certain action.
Let's add our first check, to see if the user can publish posts. All capability checks are performed using the
current_user_can()
function.if ($published) { check_admin_referer($page); $post_status = current_user_can('publish_posts') ? 'publish' : 'pending'; }
Change the Publish button in both the template files,
link.php
andphoto.php
, to show different text if the user can not publish:<div class="submitbox" id="submitpost"> <div id="previewview"></div> <div class="inside"></div> <p class="submit"><input name="publish" type="submit" class="button button-highlighted" tabindex="4" value="<?php if...