The auth_{$object_type}_{$object_subtype}_meta_{$meta_key} WordPress PHP filter allows you to control if a user is allowed to edit meta for specific object types and subtypes.
Usage
add_filter( 'auth_{$object_type}_{$object_subtype}_meta_{$meta_key}', 'my_custom_function', 10, 6 );
function my_custom_function( $allowed, $meta_key, $object_id, $user_id, $cap, $caps ) {
// your custom code here
return $allowed;
}
Parameters
$allowed(bool) – Whether the user can edit the object meta. Default is false.$meta_key(string) – The meta key.$object_id(int) – Object ID.$user_id(int) – User ID.$cap(string) – Capability name.$caps(string[]) – Array of the user’s capabilities.
More information
See WordPress Developer Resources: auth_{$object_type}_{$object_subtype}meta{$meta_key}
Examples
Allow editing of ‘custom_meta_key’ for ‘post’ type
This example allows users to edit the ‘custom_meta_key’ meta for the ‘post’ object type.
add_filter( 'auth_post_meta_custom_meta_key', 'allow_custom_meta_key_editing', 10, 6 );
function allow_custom_meta_key_editing( $allowed, $meta_key, $object_id, $user_id, $cap, $caps ) {
$allowed = true;
return $allowed;
}
Restrict editing of ‘sensitive_data’ for ‘page’ type
This example restricts users from editing the ‘sensitive_data’ meta for the ‘page’ object type.
add_filter( 'auth_page_meta_sensitive_data', 'restrict_sensitive_data_editing', 10, 6 );
function restrict_sensitive_data_editing( $allowed, $meta_key, $object_id, $user_id, $cap, $caps ) {
$allowed = false;
return $allowed;
}
Allow editing based on user role
This example allows users with the ‘editor’ role to edit the ‘restricted_meta_key’ meta for the ‘post’ object type.
add_filter( 'auth_post_meta_restricted_meta_key', 'allow_role_based_meta_key_editing', 10, 6 );
function allow_role_based_meta_key_editing( $allowed, $meta_key, $object_id, $user_id, $cap, $caps ) {
$user = get_userdata( $user_id );
if ( in_array( 'editor', $user->roles ) ) {
$allowed = true;
}
return $allowed;
}
Allow editing based on custom capability
This example allows users with the ‘edit_custom_meta’ custom capability to edit the ‘custom_meta_key’ meta for the ‘post’ object type.
add_filter( 'auth_post_meta_custom_meta_key', 'allow_capability_based_meta_key_editing', 10, 6 );
function allow_capability_based_meta_key_editing( $allowed, $meta_key, $object_id, $user_id, $cap, $caps ) {
if ( in_array( 'edit_custom_meta', $caps ) ) {
$allowed = true;
}
return $allowed;
}
Restrict editing based on post status
This example restricts users from editing the ‘status_sensitive_data’ meta for the ‘post’ object type if the post status is ‘draft’.
add_filter( 'auth_post_meta_status_sensitive_data', 'restrict_post_status_based_meta_key_editing', 10, 6 );
function restrict_post_status_based_meta_key_editing( $allowed, $meta_key, $object_id, $user_id, $cap, $caps ) {
$post = get_post( $object_id );
if ( $post->post_status === 'draft' ) {
$allowed = false;
}
return $allowed;
}