Allowing users to delete entries when using a Magic Link

By default, GravityView restricts certain capabilities to logged-in users. However, in some cases, you may want to let logged-out users perform actions: deleting their own entries when accessing a View through a Magic Link.

The gravityview/capabilities/allow_logged_out  filter makes this possible. It gives you a way to override GravityView’s standard capability checks and selectively grant permissions to logged-out users when specific conditions are met, such as when Magic Link parameters are present.

Allow Magic Link users to delete their own entries.

Add this snippet to allow Magic Link users to delete the entry as well. Here's how to add this code.

/**
 * Filter whether logged-out users are allowed to perform certain GravityView capabilities.
 *
 * This filter allows users without an authenticated session to perform specific
 * delete-related actions when using Magic Links. Magic Links require the `gv_magic`
 * and `gv_email` URL parameters to be set, and the View must have Magic Links
 * enabled with user deletion allowed.
 *
 * @since 1.0.0
 *
 * @param bool       $allow_logged_out Whether logged-out users are currently allowed to perform the capability.
 * @param string[]   $caps_to_check    The list of capabilities being checked.
 * @param int|string $object_id        The object ID being checked against. May be empty.
 * @param int        $user_id          The user ID being checked. May be `0` for logged-out users.
 *
 * @return bool Whether logged-out users should be allowed to perform the capability.
 */
add_filter(
	'gravityview/capabilities/allow_logged_out',
	function( $allow_logged_out, $caps_to_check, $object_id, $user_id ) {
		// If already allowed, don't override.
		if ( $allow_logged_out ) {
			return $allow_logged_out;
		}

		// Check if we have magic link parameters.
		if ( ! isset( $_GET['gv_magic'] ) || ! isset( $_GET['gv_email'] ) ) {
			return $allow_logged_out;
		}

		// Check if this is a delete-related capability check.
		$delete_caps     = [ 'gravityforms_delete_entries', 'gravityview_delete_others_entries', 'read' ];
		$is_delete_check = false;

		foreach ( (array) $caps_to_check as $cap ) {
			if ( in_array( $cap, $delete_caps, true ) ) {
				$is_delete_check = true;
				break;
			}
		}

		if ( ! $is_delete_check ) {
			return $allow_logged_out;
		}

		// Get the view ID.
		$view_id = isset( $_GET['view_id'] ) ? absint( $_GET['view_id'] ) : 0;
		if ( ! $view_id && isset( $_GET['gvid'] ) ) {
			$view_id = absint( $_GET['gvid'] );
		}

		// If we're in a GravityView context, try to get view ID from there.
		if ( ! $view_id && function_exists( 'gravityview' ) && gravityview()->request ) {
			$view_id = gravityview()->request->is_view();
		}

		if ( $view_id ) {
			// Check if Magic Links is enabled for this View.
			$view = \GV\View::by_id( $view_id );
			if ( $view && ! empty( $view->settings->get( 'magic_link_enable' ) ) && ! empty( $view->settings->get( 'user_delete' ) ) ) {
				return true;
			}
		}

		return $allow_logged_out;
	},
	10,
	4
);
Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us