Allow users to edit the profile linked to their WordPress account #422
Description
Description
On a recent project, after linking WordPress user accounts to Byline Manager profiles, we were asked to allow users to be able to edit the profile linked to their account even if those users didn't otherwise have the capabilities to edit profiles.
The argument for doing so is that the profile acts like an extension of the WordPress account, and users can edit their own account information.
The potential argument against doing so is that profiles are site content just like any other post type, and site owners with restrictions around who can edit site content might not wish for those restrictions to be overridden just because of the link between user and profile.
To me, it seems unobjectionable for Byline Manager to at least make it possible for users to edit their linked profiles.
But should it be opt-in or opt-out? When enabled, how should it be implemented?
It could be implemented by remapping the capabilities needed to edit a profile if it's linked to the current user, e.g.
add_filter(
'map_meta_cap',
function ( $caps, $cap, $user_id, $args ) {
if ( 'edit_post' === $cap && isset( $args[0] ) && is_numeric( $args[0] ) ) {
$post_id = (int) $args[0];
$post = get_post( $post_id );
if ( $post && PROFILE_POST_TYPE === $post->post_type ) {
$linked_user_id = get_post_meta( $post_id, 'user_id', true );
if ( is_numeric( $linked_user_id ) && $linked_user_id > 0 && (int) $linked_user_id === $user_id ) {
$caps = [];
}
}
}
return $caps;
},
10,
4
);It also could be implemented by updating the post_author of the profile post to be the linked user. That would allow the user to edit the profile as long as they were able to edit their own posts, while allowing the site's usual capability handling to still take effect.
Use Case
When a user has a profile linked to their account, they should be able to edit the profile.