How to Limit Access to WordPress Pages by Specific User

I am working on a WordPress plugin that stores login information for websites and online services. I could use LastPass or 1Password for this, but:

1. I don’t like the idea of shelling out extra money any time a member of my team needs access to a password.
2. I like to control my own data.
3. It is more fun to do it in WordPress.

I should note that I do use 1Password on my local machine to help me remember all of my logins. It is great for that.

Goal

My goal was to allow the admins the ability to grant specific users “view” privileges on a page-by-page basis

How I Did It

I considered a number of options when I got started:

• Advanced Custom Fields (ACF)
• Members plugin
• Wishlist Member (or another plugin like this)

I ended up going with Advanced Custom Fields’ “User” field. I would have rather gone with the Members plugin, but I was having problems getting it to respect my custom filters on the_content. Wishlist Member (and similar) are simply too bloated for my taste.

It took me a while to figure out how to grab the user data out of the ACF “User” field. That plugin is awesome, but sometimes documentation is lacking… Thankfully, support for the plugin is out of this world!

See my final code solution below:

function does_user_have_access($content) {
	
	// Grab the current user's info so that we can compare it to the "allowed" users from the ACF "User" field later.
	$current_user = wp_get_current_user();
	
	// Store the ACF "User" info
	$values = get_field('user_info');
	
	if($values) { 
		// Create an array of users that will be able to access the page from the ACF "User" field
		$users_that_can_access_this_post = array();
		foreach($values as $value) {
			$user_IDs_that_can_access_this_post[] = $value['ID'];
		} 
		// Check to see if the current user is in the "User" field's array
		if (in_array($current_user--->ID, $user_IDs_that_can_access_this_post, false) || current_user_can( 'manage_options' )) {
			// Display the post
			display_all_acf_fields();
		} else {
			// Hide the post content if the user is not in the ACF "User" array
			echo 'You do not have access to this post.  Please let Toby know if you do, indeed, need access.' . edit_post_link('Edit', '', ' ');
		}
	} else {
		// Display something if a post has no users set
		echo 'Please set the user restriction on this post.' . edit_post_link('Edit', '', ' ');
		die();	
	}
	
	return $content;
	
}

Pretty nifty, eh?

Got any thoughts or ideas on how I can improve the above code? I would love to hear them! Please post a comment below if you have an idea.

Thanks!