The map_meta_cap WordPress PHP filter allows you to modify the primitive capabilities required for a user to satisfy a certain capability being checked.
Usage
add_filter('map_meta_cap', 'my_custom_map_meta_cap', 10, 4);
function my_custom_map_meta_cap($caps, $cap, $user_id, $args) {
// Your custom code here
return $caps;
}
Parameters
- $caps (string[]): Primitive capabilities required of the user.
- $cap (string): Capability being checked.
- $user_id (int): The user ID.
- $args (array): Adds context to the capability check, typically starting with an object ID.
More information
See WordPress Developer Resources: map_meta_cap
Examples
Restrict edit_post capability to post author
Check if the current user is the post author before allowing them to edit the post.
add_filter('map_meta_cap', 'restrict_edit_post_to_author', 10, 4);
function restrict_edit_post_to_author($caps, $cap, $user_id, $args) {
if ('edit_post' === $cap) {
$post = get_post($args[0]);
if ($post->post_author != $user_id) {
$caps[] = 'do_not_allow';
}
}
return $caps;
}
Add a custom capability to manage a custom post type
Add a custom capability to manage a custom post type called ‘portfolio’.
add_filter('map_meta_cap', 'add_portfolio_capability', 10, 4);
function add_portfolio_capability($caps, $cap, $user_id, $args) {
if ('edit_portfolio' === $cap) {
$caps = array('edit_portfolios');
}
return $caps;
}
Restrict delete_post capability to specific user roles
Allow only users with the ‘editor’ or ‘administrator’ role to delete posts.
add_filter('map_meta_cap', 'restrict_delete_post_to_roles', 10, 4);
function restrict_delete_post_to_roles($caps, $cap, $user_id, $args) {
if ('delete_post' === $cap) {
$user = get_userdata($user_id);
if (!in_array('editor', $user->roles) && !in_array('administrator', $user->roles)) {
$caps[] = 'do_not_allow';
}
}
return $caps;
}
Restrict publish_post capability to posts with a minimum word count
Allow users to publish a post only if it has a minimum of 300 words.
add_filter('map_meta_cap', 'restrict_publish_post_word_count', 10, 4);
function restrict_publish_post_word_count($caps, $cap, $user_id, $args) {
if ('publish_post' === $cap) {
$post = get_post($args[0]);
$word_count = str_word_count($post->post_content);
if ($word_count < 300) {
$caps[] = 'do_not_allow';
}
}
return $caps;
}
Grant read_private_posts capability to specific users
Grant the ‘read_private_posts’ capability to a specific user by their ID.
add_filter('map_meta_cap', 'grant_read_private_posts_to_user', 10, 4);
function grant_read_private_posts_to_user($caps, $cap, $user_id, $args) {
if ('read_private_posts' === $cap) {
// Grant access to user with ID 5
if ($user_id === 5) {
$caps = array_diff($caps, array('read_private_posts'));
}
} return $caps;
}