How to prevent users with “edit_others_posts” capability from editing admin posts

map_meta_cap is the correct filter to use.

When WordPress checks whether you have permission to edit a post it checks edit_post. If you are the author of that post, that is mapped to the edit_posts capability, but if you’re not it is mapped to edit_others_posts. You can use this filter to add the additional condition that Editors cannot edit posts by Administrators, even if they have edit_others_posts.

In this example, when WordPress checks edit_post, if the post author was an administrator, then the current user also needs to be an administrator to edit it:

add_filter(
    'map_meta_cap',
    function( $required_caps, $cap, $user_id, $args ) {
        if ( 'edit_post' === $cap) {
            $post = get_post( $args[0] );

            if ( $post && user_can( $post->post_author, 'administrator' ) ) {
                $required_caps[] = 'administrator';
            }
        }

        return $required_caps;
    },
    10,
    4
);

Related Posts:

  1. Is there way to rename user role name without plugin?
  2. How to create a clone role in wordpress
  3. How to add a Capability to a User Role?
  4. How can I get a list of users by their role?
  5. How do I make a draft post accessible to everyone?
  6. Reset default roles and capabilities
  7. add_role() run only once?
  8. What do unfiltered_html and unfiltered_upload actually filter?
  9. Temporary capability for current_user_can()
  10. Allow roles below admin to add subscribers only
  11. Temporarily give ‘manage_options’ capability
  12. Hide specific admin users’ posts
  13. Allow authors to edit only certain users
  14. How to update role capabilities
  15. Do custom user roles have any default capabilities?
  16. How to programmatically add a user to a role?
  17. how to add custom user capabilities using add_user_meta or something else?
  18. Allow user to Publish, but not Edit or Delete
  19. Email notification for editors only
  20. Shold I manually add ‘cap’ to admin role ?
  21. Allow users to publish child pages of the pages they have access to edit
  22. New Roles and Capabilities in WordPress
  23. Why is wp-login redirecting to the home page when I use this function?
  24. Allow contributor to view own scheduled post
  25. Author Role – Allow editing of Gallery images
  26. What is the difference between “create_users” and “add_users” capabilities?
  27. How to get all users with Author role capabilities?
  28. How to check if a role has a specific capability
  29. Locking Down WordPress Application Password Permissions / Capabilities
  30. Prevent custom user role to add new pages
  31. Allow user to edit specific user with meta key using map_meta_cap
  32. How to remove sticky post capability for a specific user role?
  33. Let new user role to ‘edit_others_posts’ of other user role, not of its own type
  34. How can I have different groups of editors only allowed to edit certain parent+subpages?
  35. The delete_posts capability?
  36. How to restrict access to specific pages on the back-end?
  37. Capabilites not working [closed]
  38. add_menu_page() for more than one user role
  39. Remove wordpress author’s capability to moderate comments on their own posts
  40. Can you set a role as author?
  41. Prevent Editors from Editing/Deleting Admin Accounts
  42. Where are the WordPress capabilities stored?
  43. Adding Capabilities to a WordPress User Account
  44. Adding an additional role to an Administrator
  45. Custom user roles for access to specific parts of the site
  46. Pending status by default for a specific role
  47. How do I restrict user access to plugins?
  48. My subscriber has the “edit comment” capability but can’t edit comment
  49. Show metabox for a special role
  50. User Role Capabilities for WordPress Gutenberg Blocks
  51. Subscriber (with read permissions) cannot view Private posts
  52. How can I add a custom role capability to use in a custom plugin?
  53. bbPress plugin moderator roles
  54. Allowing user to edit posts based on the post status
  55. Custom capabilities to add, edit, remove users of a particular role only?
  56. Stop users of author role from editing already pending posts
  57. add_role user capability not working
  58. Purpose of Adding Capability to Role But Not Grant?
  59. How can I promote a user to a network administrator?
  60. Reset Roles (or undo role changes on theme change)
  61. How to get a users list by who created them?
  62. Authorize users for specific pages and/or categories
  63. Custom Capabilities for CPT and Problem with current_user_can()
  64. Custom wordpress admin page/url “You do not have sufficient permissions to access this page.”
  65. Hiding custom theme functionality using capabilities
  66. user_can() not working for comment authors
  67. Which capabilities are available in Gravity Forms Salesforce plugin? [closed]
  68. How to write conditions based on user capabilities not on user role?
  69. What Capability is required to let a role RUN code in Edit Theme?
  70. Want to know parameters that can be passed to user_can() for access control by user capabilities
  71. Create sub-administrator role that can do everything except use or see the code editor
  72. Let editors view post in admin but not be able to perform a save/edit
  73. Capabilities don’t add
  74. Require Capability to View Woocommerce Product
  75. User role editor – Add download files capability
  76. Why can my subscribers create new posts for review?
  77. Disabled delete_others_posts if post is from admin
  78. How can I check if a visitor can read a post?
  79. How to query users to count all with a custom capability and limit it to a set of roles?
  80. Adding all custom capabilities to admin
  81. User role and capablities only for 1 plugin
  82. How to give plugin access to specific role(s)
  83. current_user_can( ‘edit_user’ ) does not work
  84. How to restrict subscriber editing other posts but read specific posts in backend
  85. Create role that can edit some user details, but not the role
  86. How can I add capability to multiple roles?
  87. Role and Capabilities: How do I allow user role to access theme options without enabling ‘manage_options’?
  88. Custom Gutenberg Block and unfiltered_html capability
  89. Best practices to handle multilpe roles and capabilities?
  90. Enable plugins for a specific user role
  91. Check what capabilitie(s) an action requires
  92. Why does user_can return false for a capability during plugin deactivation?
  93. Force “submit for review” on update?
  94. Users can only save their draft once before saving for revision
  95. Hide user fields based off capability
  96. Author capabilities: Deleting comments on their own published posts
  97. Need to create admin user without capability to create user
  98. How do I make a draft post accessible to everyone?
  99. Grant access to admin menu?
  100. How might I enable a user to view Draft pages from a different Author, without the ability to edit?