How to Limit Access to WordPress Pages by Specific User

I am working on a WordPress plugin that stores login information for websites and online services. I could use LastPass or 1Password for this, but:

  1. I don’t like the idea of shelling out extra money any time a member of my team needs access to a password.
  2. I like to control my own data.
  3. It is more fun to do it in WordPress.

I should note that I do use 1Password on my local machine to help me remember all of my logins. It is great for that.

Goal

My goal was to allow the admins the ability to grant specific users “view” privileges on a page-by-page basis

How I Did It

I considered a number of options when I got started:

I ended up going with Advanced Custom Fields’ “User” field. I would have rather gone with the Members plugin, but I was having problems getting it to respect my custom filters on the_content. Wishlist Member (and similar) are simply too bloated for my taste.

It took me a while to figure out how to grab the user data out of the ACF “User” field. That plugin is awesome, but sometimes documentation is lacking… Thankfully, support for the plugin is out of this world!

See my final code solution below:


function does_user_have_access($content) {
	
	// Grab the current user's info so that we can compare it to the "allowed" users from the ACF "User" field later.
	$current_user = wp_get_current_user();
	
	// Store the ACF "User" info
	$values = get_field('user_info');
	
	if($values) { 
		// Create an array of users that will be able to access the page from the ACF "User" field
		$users_that_can_access_this_post = array();
		foreach($values as $value) {
			$user_IDs_that_can_access_this_post[] = $value['ID'];
		} 
		// Check to see if the current user is in the "User" field's array
		if (in_array($current_user--->ID, $user_IDs_that_can_access_this_post, false) || current_user_can( 'manage_options' )) {
			// Display the post
			display_all_acf_fields();
		} else {
			// Hide the post content if the user is not in the ACF "User" array
			echo 'You do not have access to this post.  Please let Toby know if you do, indeed, need access.' . edit_post_link('Edit', '', ' ');
		}
	} else {
		// Display something if a post has no users set
		echo 'Please set the user restriction on this post.' . edit_post_link('Edit', '', ' ');
		die();	
	}
	
	return $content;
	
}

Pretty nifty, eh?

Got any thoughts or ideas on how I can improve the above code? I would love to hear them! Please post a comment below if you have an idea.

Thanks!

The Mighty Mo! Design Co.

RSS From Toby’s Blog

  • “Now THAT was a good meeting!”
    A single effective meeting can change the course of history for a company. Imagine if you could lead effective meetings EVERY DAY! You can, but it takes curiosity & practice. This article is a good place to start your journey to a more effective you.
  • Never Respond to RFPs & Custom Proposal Requests
    Y'all who work at normal 9-5 jobs don't need to deal with the B.S. that is an RFP process (or rather you get paid to deal with it). But us freelancers gotta deal with a whole big bag of schtuff when it comes to custom proposals. Here's my quick-and-dirty RFP filtering process that I use […]
  • What content should I put on my homepage?
    I see websites as one stop of many on the sales journey, useful to help get customers from Point A to Point B in the sales process (or maybe from Point D to Point E).  If you are wondering about what to put on your homepage, start with these basic sales-related questions: Who, specifically, will…

More posts from themightymo.com

How to Connect a GoDaddy Site to ManageWP

By The Mighty Mo! Design Co. | June 27, 2022

GoDaddy owns ManageWP, and, strangely, they make it very difficult to add GoDaddy-managed WordPress sites to their ManageWP service. Thankfully, there’s a quick workaround: Visit https://yoursite.com/wp-admin/plugins.php?showWorker=1 — This will make the ManageWP “Worker” plugin visible. Copy the connection info from the ManageWP Worker plugin. Add the site per-normal on ManageWP. That’s it! I hope this…

How to check if your current page is the wp-login.php page

By The Mighty Mo! Design Co. | June 7, 2022

I realized this morning that my TMM Maintenance Mode WordPress plugin had a bug that was causing the wp-login.php page to be inaccessible. The solution was to write a simple function that checks whether or not we’re currently on a login page, and then add a call to that function in my code. Here’s the…

woocommerce logo

WooCommerce Product Image Gallery Not Loading with WP Rocket Active

By The Mighty Mo! Design Co. | June 6, 2022

Today I updated a WooCommerce site, and everything worked fine, except for the images on product pages – they were not displaying at all. After a lot of trial & error, I realized that WP Rocket was to blame. I’m not sure exactly what the issue was (though my hunch is that it had to…

RSS From Toby’s Blog

  • “Now THAT was a good meeting!”
    A single effective meeting can change the course of history for a company. Imagine if you could lead effective meetings EVERY DAY! You can, but it takes curiosity & practice. This article is a good place to start your journey to a more effective you.
  • Never Respond to RFPs & Custom Proposal Requests
    Y'all who work at normal 9-5 jobs don't need to deal with the B.S. that is an RFP process (or rather you get paid to deal with it). But us freelancers gotta deal with a whole big bag of schtuff when it comes to custom proposals. Here's my quick-and-dirty RFP filtering process that I use […]
  • What content should I put on my homepage?
    I see websites as one stop of many on the sales journey, useful to help get customers from Point A to Point B in the sales process (or maybe from Point D to Point E).  If you are wondering about what to put on your homepage, start with these basic sales-related questions: Who, specifically, will…