How to Limit Access to WordPress Pages by Specific User

I am working on a WordPress plugin that stores login information for websites and online services. I could use LastPass or 1Password for this, but:

  1. I don’t like the idea of shelling out extra money any time a member of my team needs access to a password.
  2. I like to control my own data.
  3. It is more fun to do it in WordPress.

I should note that I do use 1Password on my local machine to help me remember all of my logins. It is great for that.

Goal

My goal was to allow the admins the ability to grant specific users “view” privileges on a page-by-page basis

How I Did It

I considered a number of options when I got started:

I ended up going with Advanced Custom Fields’ “User” field. I would have rather gone with the Members plugin, but I was having problems getting it to respect my custom filters on the_content. Wishlist Member (and similar) are simply too bloated for my taste.

It took me a while to figure out how to grab the user data out of the ACF “User” field. That plugin is awesome, but sometimes documentation is lacking… Thankfully, support for the plugin is out of this world!

See my final code solution below:


function does_user_have_access($content) {
	
	// Grab the current user's info so that we can compare it to the "allowed" users from the ACF "User" field later.
	$current_user = wp_get_current_user();
	
	// Store the ACF "User" info
	$values = get_field('user_info');
	
	if($values) { 
		// Create an array of users that will be able to access the page from the ACF "User" field
		$users_that_can_access_this_post = array();
		foreach($values as $value) {
			$user_IDs_that_can_access_this_post[] = $value['ID'];
		} 
		// Check to see if the current user is in the "User" field's array
		if (in_array($current_user--->ID, $user_IDs_that_can_access_this_post, false) || current_user_can( 'manage_options' )) {
			// Display the post
			display_all_acf_fields();
		} else {
			// Hide the post content if the user is not in the ACF "User" array
			echo 'You do not have access to this post.  Please let Toby know if you do, indeed, need access.' . edit_post_link('Edit', '', ' ');
		}
	} else {
		// Display something if a post has no users set
		echo 'Please set the user restriction on this post.' . edit_post_link('Edit', '', ' ');
		die();	
	}
	
	return $content;
	
}

Pretty nifty, eh?

Got any thoughts or ideas on how I can improve the above code? I would love to hear them! Please post a comment below if you have an idea.

Thanks!

The Mighty Mo! Design Co.

RSS From Toby’s Blog

  • Where uncertainty exists, don’t order specific.
    4 Idiot Case Studies with 2 simple age-old business lessons. The post Where uncertainty exists, don’t order specific. appeared first on Toby Cryns, WordPress Trainer in Minneapolis, MN.
  • “Now THAT was a good meeting!”
    A single effective meeting can change the course of history for a company. Imagine if you could lead effective meetings EVERY DAY! You can, but it takes curiosity & practice. This article is a good place to start your journey to a more effective you. The post “Now THAT was a good meeting!” appeared first […]
  • Never Respond to RFPs & Custom Proposal Requests
    Y'all who work at normal 9-5 jobs don't need to deal with the B.S. that is an RFP process (or rather you get paid to deal with it). But us freelancers gotta deal with a whole big bag of schtuff when it comes to custom proposals. Here's my quick-and-dirty RFP filtering process that I use […]

More posts from themightymo.com

My WordPress Maintenance Process

By The Mighty Mo! Design Co. | March 2, 2023

A few quick things: My WordPress Maintenance Process Demo, Part 1 Transcript: You’ll see immediately after logging in, you see the 11 updates needed as well as some messages. I’m just gonna quickly read. It looks like this. I don’t need to worry about. Are you enjoying Monster Insights? Not really <laugh>. What’s to enjoy…

How to style FacetWP checkbox hierarchy results using jQuery

By The Mighty Mo! Design Co. | February 21, 2023

I recently invested many hours trying to target and style a FacetWP taxonomy facet that uses hierarchy for display. It should be noted that you can use straight up CSS for some styling (and should use css wherever possible), but sometimes you need javascript to target parent elements and such. I thought I’d document the…

How to fix SpinupWP ballooning disk space issue

By The Mighty Mo! Design Co. | February 1, 2023

A site we host on Digital Ocean recently went down. It took me a lot of troubleshooting and digging before realizing that the issue was that our disk space was maxed out on Digital Ocean. The site in question needs ~20gb of space, so our 50gb server should be plenty. But alas, there it was…

RSS From Toby’s Blog

  • Where uncertainty exists, don’t order specific.
    4 Idiot Case Studies with 2 simple age-old business lessons. The post Where uncertainty exists, don’t order specific. appeared first on Toby Cryns, WordPress Trainer in Minneapolis, MN.
  • “Now THAT was a good meeting!”
    A single effective meeting can change the course of history for a company. Imagine if you could lead effective meetings EVERY DAY! You can, but it takes curiosity & practice. This article is a good place to start your journey to a more effective you. The post “Now THAT was a good meeting!” appeared first […]
  • Never Respond to RFPs & Custom Proposal Requests
    Y'all who work at normal 9-5 jobs don't need to deal with the B.S. that is an RFP process (or rather you get paid to deal with it). But us freelancers gotta deal with a whole big bag of schtuff when it comes to custom proposals. Here's my quick-and-dirty RFP filtering process that I use […]