acf/shortcode/prevent_access

Last updated Jul 18, 2024

Description

Allows you to limit the fields which can be output by the ACF Shortcode. Returning true from this filter will prevent the value being output by the shortcode.

Changelog

  • Added in version 6.2.7

Parameters

apply_filters( 'acf/shortcode/prevent_access', $access_prevented, $atts, $decoded_post_id, $decoded_post_type, $field_type, $field )
  • $access_prevented (boolean) The current access disabled state. False by default, will be true if another filter has prevented access to the requested field value.
  • $atts (array) The full array of attributes provided as part of the shortcode. This array is likely to contain field as per the shortcode documentation
  • $decoded_post_id (int|string) This is the decoded ID for the item being retrieved. It may be a user ID, a term ID, an option page prefix or any ID of any other place where ACF can store data; use with $decoded_post_type to know which.
  • $decoded_post_type (string) A string containing the type of object being queried. post, term, comment, option, or user
  • $field_type (string) A string of the field type being slug being output. For example, text or text_area
  • $field (array) The full array of the field object, including its value.

Example: Deny access to options pages

This example prevents the ACF Shortcode outputting any values stored in an options page.

functions.php

<?php
function my_acf_prevent_access_to_options( $access_prevented, $atts, $decoded_post_id, $decoded_post_type ) {
    if ( 'option' === $decoded_post_type ) {
        return true;
    }
    return $access_prevented;
}
add_filter( 'acf/shortcode/prevent_access', 'my_acf_prevent_access_to_options', 10, 4 );

Example: Deny access to field values on private posts

This example prevents the ACF Shortcode outputting any values stored in a post which is not publicly visible.

Please note: Since ACF 6.3.4, this behaviour has become default.

functions.php

<?php
function my_acf_prevent_access_to_fields_on_private_posts( $access_prevented, $atts, $decoded_post_id, $decoded_post_type ) {
    if ( 'post' === $decoded_post_type && ! is_post_publicly_viewable( $decoded_post_id ) ) {
        return true;
    }
    return $access_prevented;
}
add_filter( 'acf/shortcode/prevent_access', 'my_acf_prevent_access_to_fields_on_private_posts', 10, 4 );

Example: Deny access to every field apart from “my_field_name”

This example prevents the ACF Shortcode outputting any values other than the “my_field_name” field.

functions.php

<?php
function my_acf_prevent_access_to_all_but_one_field( $access_prevented, $atts, $decoded_post_id, $decoded_post_type, $field_type, $field_array ) {
    if ( 'my_field_name' === $field_array['name'] ) {
        return false;
    }
    return true;
}
add_filter( 'acf/shortcode/prevent_access', 'my_acf_prevent_access_to_all_but_one_field', 10, 6 );