Using WordPress ‘auth_{$object_type}_{$object_subtype}_meta_{$meta_key}’ PHP filter

The auth_{$object_type}_{$object_subtype}_meta_{$meta_key} WordPress PHP filter allows you to control if a user is allowed to edit meta for specific object types and subtypes.

Usage

add_filter( 'auth_{$object_type}_{$object_subtype}_meta_{$meta_key}', 'my_custom_function', 10, 6 );

function my_custom_function( $allowed, $meta_key, $object_id, $user_id, $cap, $caps ) {
    // your custom code here
    return $allowed;
}

Parameters

  • $allowed (bool) – Whether the user can edit the object meta. Default is false.
  • $meta_key (string) – The meta key.
  • $object_id (int) – Object ID.
  • $user_id (int) – User ID.
  • $cap (string) – Capability name.
  • $caps (string[]) – Array of the user’s capabilities.

More information

See WordPress Developer Resources: auth_{$object_type}_{$object_subtype}meta{$meta_key}

Examples

Allow editing of ‘custom_meta_key’ for ‘post’ type

This example allows users to edit the ‘custom_meta_key’ meta for the ‘post’ object type.

add_filter( 'auth_post_meta_custom_meta_key', 'allow_custom_meta_key_editing', 10, 6 );

function allow_custom_meta_key_editing( $allowed, $meta_key, $object_id, $user_id, $cap, $caps ) {
    $allowed = true;
    return $allowed;
}

Restrict editing of ‘sensitive_data’ for ‘page’ type

This example restricts users from editing the ‘sensitive_data’ meta for the ‘page’ object type.

add_filter( 'auth_page_meta_sensitive_data', 'restrict_sensitive_data_editing', 10, 6 );

function restrict_sensitive_data_editing( $allowed, $meta_key, $object_id, $user_id, $cap, $caps ) {
    $allowed = false;
    return $allowed;
}

Allow editing based on user role

This example allows users with the ‘editor’ role to edit the ‘restricted_meta_key’ meta for the ‘post’ object type.

add_filter( 'auth_post_meta_restricted_meta_key', 'allow_role_based_meta_key_editing', 10, 6 );

function allow_role_based_meta_key_editing( $allowed, $meta_key, $object_id, $user_id, $cap, $caps ) {
    $user = get_userdata( $user_id );
    if ( in_array( 'editor', $user->roles ) ) {
        $allowed = true;
    }
    return $allowed;
}

Allow editing based on custom capability

This example allows users with the ‘edit_custom_meta’ custom capability to edit the ‘custom_meta_key’ meta for the ‘post’ object type.

add_filter( 'auth_post_meta_custom_meta_key', 'allow_capability_based_meta_key_editing', 10, 6 );

function allow_capability_based_meta_key_editing( $allowed, $meta_key, $object_id, $user_id, $cap, $caps ) {
    if ( in_array( 'edit_custom_meta', $caps ) ) {
        $allowed = true;
    }
    return $allowed;
}

Restrict editing based on post status

This example restricts users from editing the ‘status_sensitive_data’ meta for the ‘post’ object type if the post status is ‘draft’.

add_filter( 'auth_post_meta_status_sensitive_data', 'restrict_post_status_based_meta_key_editing', 10, 6 );

function restrict_post_status_based_meta_key_editing( $allowed, $meta_key, $object_id, $user_id, $cap, $caps ) {
    $post = get_post( $object_id );
    if ( $post->post_status === 'draft' ) {
        $allowed = false;
    }
    return $allowed;
}