In general your problem is that you check the condition on the front end but not on the backend. You have to check if a user is a allowed to upload a file before moving it to the uploads directory and adding it as an attachment.
If the limitation you put are kind of nice to have it might be enough to limit upload in the UI, but if it has business or law related implications then the only way is server side checks.
Related Posts:
- Upload Multiple Files With media_handle_upload
- Adding fields to the “Add New User” screen in the dashboard
- How to get the image EXIF date/time and use it for the WP post date/time
- delete uploaded file
- How to save Uploaded image in custom option panel?
- Authors details such as social media links, emails etc → Is this Meta or something else?
- Max file size not updating
- Allowing SVG uploads in media uploader without plug-in
- Custom image size in Media Dropdown
- Search user metadata with checkboxes via ajax (almost working)
- Images uploaded using media uploader are appearing upside down
- How can I enable uploading excel files?
- Calling a function from anywhere, used in different places
- Can I hide certain upload folders in media library [duplicate]
- WordPress upload_mimes not working for front-end uploads of 3D files
- create shortcode to list users with specific meta key value
- Last Login in number of days format
- Disable auto-resizing of uploaded images, but only for certain filename
- Why is functions.php file in child not initializing and over-writing parent?
- When sale price is 0.00 show only regular price
- Can’t generate thumbnail images
- Update user meta of author when post content is viewed
- is_author(get_current_user_id()) returns false when author id and user id match
- How to get data from an array using get_user_meta()
- Adding an option to a shortcode
- How to stop media_sideload_image from running when deleting a post?
- Possible to hook into Media Library preview File column and use a custom image?
- Need To Change WordPress Meta Tags… Includes wordpress shortcodes
- wp_usermeta – Read from database, but save function broken
- Function to pull data from user meta not working
- User meta and public function security
- Get users with different roles and call function on each of them (user_meta)
- Message notification for user
- Is it possible to limit number of files a non-admin user can upload via the WordPress media library?
- How to add HTML into error message
- Auto copy value from specific user meta field to another field
- Serving cache from multiple domain names
- delete_user_meta for user in spesific group
- restrict uploaded image size and fixed image display size
- Function image_send_to_editor returns emty title tag
- Zip all (original) images from media gallery
- How can I include user meta information in the resulting array of a WP_User_Query?
- Figure inlined width trigger distorted layout
- wp_upload_bits – define (sub)folder / (sub)directory before filename?
- update_usermeta don’t work
- How to Update User Meta Field other than from profile?
- Dynamically Generating User Meta Field
- Rename file after title , one small problem
- When the WP_EDITOR button is pressed, the user is prompted to select a photo from their device
- User’s Comments Number: Storing it in a meta field for different uses
- How to overwrite image if it already exists – WordPress, Gravity form
- Convert Image to Webp on upload without plugin
- Is there any global functions.php file which works for any theme?
- When should you, and when should you not, use wp_list_pluck()?
- Include PHP file in Content using [shortcode]
- Gettext details
- current_cat_ancestor Alternatives
- Roles & capabilities GUI that does not create separate table
- Why get_header() or get_footer() does not run twice if called in the same php file?
- Create thumbnail on PDF upload with Gravity Forms
- Enqueue Style in Functions.php
- Different functions file for each site in multisite installation?
- Limit posts only on home page – ideally in functions.php
- Loop (iterate) through Multi-Site sub-sites (blogs)?
- Proper way of using functions in action hook?
- Best practices regarding the creation of custom widgets?
- How to remove style attribute in WordPress RSS output?
- Multiple Loops Meta Data
- comments_popup_link without echo?
- Can’t filter wp_get_attachment_link
- How to customize the_archive_title()? Cannot figure out how to change the value it produces [duplicate]
- add_action wp_enqueue_script priority level only works for admins
- current_user_can comma list vs OR (||) list
- Include the post type before the title of search results
- Writing a function to detect an event
- Problem with calling custom function in a foreach loop
- Different methods of adding menu support to custom theme
- Function to insert missing image size attributes into img tags
- Redirects based on a JSON file
- Get Attachment Category Name
- Add a mature content warning to first-time visitors
- Show Featured Image in else statement
- Simplest Way to Build Custom Archives Page?
- Filter for replacing the WP_query object for a given category
- Custom user role still showing up after deletion, ideas?
- wordpress built-in Jalali date convertor
- Populate acf-field, depending on block name
- Reference multiple style sheets, clearing styles for permalink page, custom fields for css
- Add schema to Search result page’s body. Tried using is_search
- WordPress Javascript Widget jQuery Dependency Issue
- Open image size links in a page instead of direct image link
- Allow tags and attributes in post and pages content
- Function to get thumbnail img source
- Syntax for a function in order to get post’s title in JSON encoded response [closed]
- Comment Function
- Do something when user creates post (that’s pending)
- Add product to cart from functions.php
- How do i set global variable in a function in wordpress functions.php
- Apply function only for specific post
- Second featured image only shows in metabox preview after saving a post in the wordpress editor