I’m working on a WordPress site where I’ve added an ACF repeater field to user profile pages. This repeater contains two subfields: a dropdown selector and a date picker field.
I need to restrict editing permissions so that only administrators can modify this repeater field, while regular users can only view the data without being able to make changes.
I found some solutions online that work for standard WordPress profile fields, but they don’t seem to work with ACF repeater fields. The regular field disabling approach doesn’t apply to these custom fields.
As an alternative, I’m considering creating a custom table display that pulls the field data directly from the database and shows it on the profile page. Would this be a better approach?
Here’s the JavaScript method I used for disabling standard profile fields:
// Function to disable specific profile fields
function disable_user_profile_fields() {
?>
<script>
jQuery(document).ready(function($) {
var restricted_fields = ['user_firstname', 'user_lastname', 'nickname'];
for(var j=0; j<restricted_fields.length; j++) {
if ($('#'+ restricted_fields[j]).length) {
$('#'+ restricted_fields[j]).prop("disabled", true);
}
}
});
</script>
<?php
}
function check_profile_permissions() {
global $pagenow;
if ($pagenow !== 'profile.php') {
return;
}
if (current_user_can('manage_options')) {
return;
}
add_action('admin_footer', 'disable_user_profile_fields');
}
add_action('admin_init', 'check_profile_permissions');
Any suggestions on how to make this work with ACF repeater fields would be greatly appreciated.
I solved this by tweaking the ACF field settings during runtime. Don’t disable fields after they render - change the field config before ACF processes them. I found that zeroing out the minimum rows and hiding the add button makes it read-only while keeping everything looking normal.
This keeps all the native ACF styling and stops any modifications. Your data stays visible in its original format - no custom database queries or messy JavaScript needed.
the custom table approach is def overkill here. just use ACF’s readonly attr - add 'readonly' => 1 to your field settings when needed. or hide the whole repeater with CSS for non-admins and show a simple HTML version instead. much easier than messing with DB queries.
Indeed, JavaScript can interact with ACF repeaters, but you need to target the correct selectors. ACF utilizes specific classes and IDs that differ from standard WordPress fields. You should look for classes like .acf-repeater or .acf-field-repeater. The subfields typically have the .acf-field-[field-type] pattern, allowing you to disable either the entire repeater or individual inputs. However, I recommend using ACF’s acf/prepare_field filter instead of JavaScript. This PHP hook enables modifications to field properties before rendering, ensuring better security since users cannot disable JavaScript to circumvent restrictions.
function restrict_repeater_for_non_admins($field) {
if (!current_user_can('manage_options') && $field['name'] == 'your_repeater_field_name') {
$field['disabled'] = 1;
}
return $field;
}
add_filter('acf/prepare_field', 'restrict_repeater_for_non_admins');
This approach maintains the layout while effectively preventing unauthorized changes, proving more dependable than relying on JavaScript alone.