Improve Post Type Handling

This will only allow allow post types that the user can edit to return in the Layout Directory.
siteorigin · Dec 11, 2024 · d006120 · d006120
1 parent 8124595
commit d006120
Show file tree

Hide file tree

Showing 2 changed files with 42 additions and 3 deletions.
diff --git a/inc/admin-layouts.php b/inc/admin-layouts.php
@@ -305,9 +305,22 @@ public function action_get_prebuilt_layouts() {
 				}
 			}
 		} elseif ( strpos( $type, 'clone_' ) !== false ) {
-			// Check that the user can view the given page types
-			$post_type = get_post_type_object( str_replace( 'clone_', '', $type ) );
+			$post_type = str_replace( 'clone_', '', $type );
+			$post_types_editable_by_user = SiteOrigin_Panels_Admin_Layouts::single()->post_types();
 
+			// Can the user edit posts from this post type?
+			if (
+				empty( $post_type ) ||
+				empty( $post_types_editable_by_user ) ||
+				! in_array(
+					$post_type,
+					$post_types_editable_by_user
+				)
+			) {
+				return;
+			}
+
+			$post_type = get_post_type_object( $post_type );
 			if ( empty( $post_type ) ) {
 				return;
 			}
@@ -577,4 +590,30 @@ public function load_layout( $id, $name, $json_file, $screenshot = false ) {
 
 		return $layout_data;
 	}
+
+	/**
+	 * Get the post types that the current user can edit.
+	 *
+	 * This function retrieves the post types specified in the
+	 * SiteOrigin Panels settings. It then filters out post types that the
+	 * current user does not have permission to edit.
+	 *
+	 * @return array The post types that the current user can edit.
+	 */
+	public function post_types() {
+		$post_types = siteorigin_panels_setting( 'post-types' );
+		if ( empty( $post_types ) ) {
+			return array();
+		}
+
+		foreach ( $post_types as $id => $post_type ) {
+			$post_type_object = get_post_type_object( $post_type );
+
+			if ( ! current_user_can( $post_type_object->cap->edit_posts ) ) {
+				unset( $post_types[ $id ] );
+			}
+		}
+
+		return $post_types;
+	}
 }
diff --git a/tpl/js-templates.php b/tpl/js-templates.php
@@ -436,7 +436,7 @@ class="button-secondary dashicons so-mode"
 				}
 				$tabs['import'] = __( 'Import/Export', 'siteorigin-panels' );
 
-				$post_types = siteorigin_panels_setting( 'post-types' );
+				$post_types = SiteOrigin_Panels_Admin_Layouts::single()->post_types();
 				foreach( $post_types as $post_type ) {
 					$type = get_post_type_object( $post_type );
 					if ( empty( $type ) ) {