This is an add on plugin for Advanced Custom Fields (ACF) Version 5.
This plugin will not provide any functionality if ACF5 is not installed.
This plugin adds a field setting to all field types so that user roles allowed to edit the field can
be selected. Only those roles selected for the field will be able to edit the field.
This adds additional security to fields. This plugin does not simply hide field, it removes them
completely from the field group. Using standard ACF filters is is possible to set many field types to
readonly or disabled. It is even possible by adding custom CSS to hide fields based on the current
user’s role. However, this is not a secure way to prevent those that should not be allowed to edit
a field from editing them if they really want to. Anyone with limited HTML knowledge can easily instpect
the HTML of a page and alter the html and css to make the fields visible and editable. The only secure
way to prevent the fields from being edited is to not have them present in the form to begin with.
$_POST Filtering: In addition to removing the fields from field groups so that they can not be
edited this plugin also checks submitted values to see if the current user is allowed to manage the
fields submitted before allowing ACF to save any values to the database.