[jobs] shortcode: add author attribute to filter listings by user ID

[masteradhoc]

Fixes #1892

Changes Proposed in this Pull Request

• Added author attribute to the [jobs] shortcode, allowing job listings to be filtered by one or more WordPress user IDs
• Supports a single ID ([jobs author="1"]) or comma-separated multiple IDs ([jobs author="1,3,5"])
• Passes the author filter through all three query paths: direct PHP rendering (no-filters), AJAX with filters form, and AJAX without filters form
• Added author__in support to get_job_listings() (available to all callers, not just the shortcode)
• Bypasses the transient cache when an author filter is active to prevent stale results

Testing Instructions

1. Create two or more job listings owned by different users
2. Add [jobs author="X"] to a page (where X is a user ID) — verify only that user's listings appear
3. Add [jobs author="X,Y"] — verify listings from both users appear
4. With show_filters="true" (default), interact with the filter form and verify the author restriction is preserved across AJAX requests
5. Verify that [jobs] without the author attribute continues to show all listings as before

Release Notes

• New: The [jobs] shortcode now supports an author attribute to filter listings by user ID (e.g. [jobs author="42"] or [jobs author="1,2,3"])

New or Updated Hooks and Templates

• No new hooks or templates. The author argument is now accepted by get_job_listings() and will be respected by any code that calls it directly.

Important

Make sure to update WPJM Documentation for Shortcode as well and include the new feature!

Deprecated Code

Screenshot / Video

[donnchawp]

Looks good, but if I modify the jobs shortcode on my page to show
[jobs author=1]

The RSS feed link on the page doesn't have the author in it.

[masteradhoc]

Thanks @donnchawp! Now its possible to use http://wpjm-pr.local/job-autor-1/?feed=job_feed&author=1,2 to get the requested authors :)

[donnchawp]

Only one thing I'm worried about below.

[donnchawp]

Are you sure this is required? The cache key is derived from $to_hash = wp_json_encode( $query_args ); so having the author field in there will create a new cache key. It shouldn't be stale.

[masteradhoc]

I had issues while applying the PR that the change didnt show. but when i retest now all seems fine even without this part. so i went ahead and removed it now @donnchawp - thanks!

[donnchawp]

Only a tiny change this time, but there are no tests for author in tests/php/tests/test_class.wp-job-manager-functions.php either which would be great to have.

[masteradhoc]

@donnchawp i've just pushed the tests. Can you give it a check? :)

[donnchawp]

Still some nagging issues, the first one really should be fixed and the rest cleared up too:

[MEDIUM] AJAX response RSS link drops the active author filter

includes/class-wp-job-manager-ajax.php:242-249

get_listings() reads $author from the request and passes it to get_job_listings(), but the immediately-following call to job_manager_get_filtered_links() omits it. Reproduced live with [jobs author="3"] on my test site: the response
payload's rss_link href is …&search_keywords&author (empty value) — the "Subscribe via RSS" link points to an unscoped feed and leaks listings the page intentionally hid.

The PR's own change in wp-job-manager-functions.php:642 (adding 'author' to the feed URL when $args['author'] is present) is dead code because no caller supplies it.

Fix: Add 'author' => $author to the args array passed to job_manager_get_filtered_links().

[MEDIUM] Fails open on invalid author input

wp-job-manager-functions.php:195-202, includes/class-wp-job-manager-ajax.php:139, includes/class-wp-job-manager-post-types.php:730-735

Invalid input silently shows all listings instead of returning zero results. Two failure modes:

1. Non-numeric like [jobs author="alice,bob"] → absint produces [0,0], then array_filter produces [], then ! empty( $author_ids ) is false → no author__in is set → all listings render.
2. Array input like ?author[]=1 (AJAX or feed) → sanitize_text_field() flattens the array to '' → filter silently disappears.

For a publicly-rendered shortcode, "user typed invalid filter, sees everything" is the wrong default. Reproduced: [jobs author="x"] returns all listings.

Fix: When author was provided but parsing yielded no valid IDs, force an empty result ('author__in' => [0]). Reject array input early at the AJAX/feed entry points.

[LOW] Negative IDs become valid via absint

wp-job-manager-functions.php:197-198

absint(-5) is 5, so [jobs author="-5"] filters by user 5's listings rather than returning nothing. Low real impact, but the filter behaves non-monotonically — a typo'd minus sign returns a stranger's data instead of empty.

Fix: After absint, drop values <= 0 rather than relying on array_filter.

[LOW] Missing PHPDoc for new author arg

wp-job-manager-functions.php:11-17

The PHPDoc on get_job_listings() is not updated for the new public arg.

Fix: Add @param int|string|int[] $author Optional. User ID, comma-separated user IDs, or array of user IDs.

[LOW] PR description claims a transient-cache bypass that isn't implemented

The description says "Bypasses the transient cache when an author filter is active to prevent stale results." No such code is in the diff, and inspection confirms the cache key already hashes $query_args (and therefore
author__in), so the bypass would be unnecessary anyway. Just update the PR description.

Test coverage gaps

The two new tests only cover the happy path (single ID, multi ID). Add cases for: empty string, non-numeric ("abc"), negative ("-5"), "0", mixed valid+invalid ("3,abc"), and array input (['author' => [3, 5]]).

Reviewer note: tester friction

The dist bundle (assets/dist/js/) is gitignored, so the JS changes only take effect after npm run build:assets. I initially saw "all listings shown" until I rebuilt. Worth either calling out in the PR description or considering
whether dist should be a build artifact attached to the release flow.