allowing subscriber role to delete their own posts

Question

I'm trying to allow Subscriber roles to be allowed to delete their own posts using the following code:

<?php if ($post->post_author == $current_user->ID) { ?>
    <div class="col-sm-12 box-delete" style="margin-top: 20px;">
        <a class="option" onclick="return confirm('Are you sure you want to delete <?php the_title();?>')" href="<?php echo get_delete_post_link( $post->ID ) ?>">
            <i class="fa fa-trash"></i>
            <span class="option-text">Delete</span>
        </a>
    </div>
<?php } ?>

I'm using the User Role Editor, but it only works when I grant access to all the core roles, which gives subscriber access to backend, which I certainly don't want. Any other ideas or solutions to accomplish this?

Answer 1

The capability required to delete posts is delete_posts. If you want them to be able to delete their own published posts, the capability is delete_published_posts.

The capability required to view the administration panel is read. Subscribers have this capability natively, so unless you have removed it, subscribers can access the backend.

I would write a simple plugin that upon activation adds the required capabilities to the subscriber role and upon deactivation removes those caps.

Then in your theme, you can check for:

if( current_user_can( 'delete_posts' ) ) {
  //* Show delete link
}

Because the subscriber role doesn't have the capability to delete_others_posts, the link will not show on posts that they didn't author, and they will not be able to delete posts that they did not publish.

/**
 * Plugin Name: WordPress StackExchange Question 268755
 * Description: Allow subscribers to delete their own posts
 **/

//* On activation, add the capabilities to the subscriber role
register_activation_hook( __FILE__, 'wpse_268755_activation' );
function wpse_268755_activation() {
  $subscriber = get_role( 'subscriber' );
  $subscriber->add_cap( 'delete_posts' );
  $subscriber->add_cap( 'delete_published_posts' );
}

//* On deactivation, remove the capabilities from the subscriber role
register_deactivation_hook( __FILE__, 'wpse_268755_deactivation' );
function wpse_268755_deactivation() {
  $subscriber = get_role( 'subscriber' );
  $subscriber->remove_cap( 'delete_posts' );
  $subscriber->remove_cap( 'delete_published_posts' );
}

Without giving the user and/or role the capability to delete a post, then they won't be able to do so, even if you show them a delete link. Likewise, a user or role can delete a post if they have the capability even if you don't show a delete link, it will just be more difficult for them.

Answer 2

You should be able to adapt the below to suit your needs, Just make sure to select the option for delete_posts for the subscriber role this will let them only delete their own posts.

The following can be added to your single.php or php file that displays the post so that it gives a delete post button under the content.

// Check the user is author and has a role ID of subscriber as they don't have by default the delete post privilege but you can use the user role editor to allow subscribers to be able to delete there own posts and then add this code into your file where required on the post single page.


     if ( get_the_author_meta('ID') == get_current_user_id() && current_user_can('subscriber') )
              {
                // owner of post and subscriber
                get_delete_post_link( $post->ID );
              }
              if ( get_the_author_meta('ID') != get_current_user_id()  && current_user_can('subscriber')  )
              {
                // not the owner of post and subscriber
                echo 'Not your post';
              }
              else
              {
               // should be ok as not a subscriber and has delete privilages
               get_delete_post_link( $post->ID );
              }