WordPress.org

Ready to get started?Download WordPress

Forums

Front-End Users
Ajax for users with restricted roles (5 posts)

  1. shahar
    Member
    Posted 2 years ago #

    To give ajax access to user with restricted access to admin:

    Edits In front_end_users.php > restrict_admin_access

    1) Add the name of your function to valid ajax actions array

    $valid_admin_ajax_actions = array(
      'user_avatar_add_photo',
      'my_ajax_function'
    );

    2) Change the 1st clause of the if statement to allow for non-root installations

    $_SERVER['SCRIPT_FILENAME'] == $_SERVER['DOCUMENT_ROOT'] . substr( $_SERVER['SCRIPT_NAME'], 0, -24 ) . '/wp-admin/admin-ajax.php'

    3) Change the 2nd clause of the if statement to accept $_POST

    ( isset($_GET['action']) && in_array($_GET['action'], $valid_admin_ajax_actions) ) || ( isset($_POST['action']) && in_array($_POST['action'], $valid_admin_ajax_actions) )

    So the whole function should look like this:

    public function restrict_admin_access() {
      if (is_admin()) {
        $valid_admin_ajax_actions = array(
          'user_avatar_add_photo',
          'my_ajax_function'
        );
        if ( $_SERVER['SCRIPT_FILENAME'] == $_SERVER['DOCUMENT_ROOT'] . substr( $_SERVER['SCRIPT_NAME'], 0, -24 ) . '/wp-admin/admin-ajax.php' &&
          ( ( isset($_GET['action']) && in_array($_GET['action'], $valid_admin_ajax_actions) ) || ( isset($_POST['action']) && in_array($_POST['action'], $valid_admin_ajax_actions) ) )) {
            return true;
        }
        if (!$this->is_logged_in()) {
          $this->render_page('not-logged-in');
        } else if (!$this->has_admin_access()) {
          $this->render_404();
        }
      }
    }

    http://wordpress.org/extend/plugins/front-end-users/

  2. britanik
    Member
    Posted 1 year ago #

    Thank you very much! It works, just dont forget to add ajax "action" to this snippet

  3. shahar
    Member
    Posted 1 year ago #

    Just to clarify, the above edits are in:
    front-end-users > lib > front_end_users.php > restrict_admin_access

    Thanks britanik.
    So for example, your js might look like this.

    var data = {
      action: 'my_ajax_function',
      id: jQuery(this).attr('id'),
    };
    jQuery.post( MyAjax.ajaxurl, data, function(response) {
      // do something
    });
  4. chriswhittle
    Member
    Posted 1 year ago #

    I took this one step further and added a filter so that plugins could add these dynamically.
    Is there even a better way? Maybe an option to allow all ajax calls?
    It would be hard on any thirdparty plugin to have to go through them all and get their ajax calls.

    public function restrict_admin_access() {
            if (is_admin()) {
                $valid_admin_ajax_actions_defaults = array('user_avatar_add_photo');
                $valid_admin_ajax_actions = apply_filters('front_end_users_valid_ajax', $valid_admin_ajax_actions_defaults);
                //die(json_encode($valid_admin_ajax_actions));
                if ($_SERVER['SCRIPT_FILENAME'] == $_SERVER['DOCUMENT_ROOT'] . substr($_SERVER['SCRIPT_NAME'], 0, -24) . '/wp-admin/admin-ajax.php' &&
                        ( ( isset($_GET['action']) && in_array($_GET['action'], $valid_admin_ajax_actions) ) || ( isset($_POST['action']) && in_array($_POST['action'], $valid_admin_ajax_actions) ) )) {
                    return true;
                }
                if (!$this->is_logged_in()) {
                    $this->render_page('not-logged-in');
                } else if (!$this->has_admin_access()) {
                    $this->render_404();
                }
            }
        }

    In my plugins

    function front_end_users_valid_ajax($users_valid_ajax = array()) {
            $my_ajax = array("get_keyword_selects");
            return array_merge($users_valid_ajax, $my_ajax);
        }
  5. xnau
    Member
    Posted 1 year ago #

    I just ran into the "why aren't my AJAX calls working!?" thing and discovered this.

    I don't feel the need to restrict which calls are allowed, so I just overrode the whole check for a valid AJAX call:

    public function restrict_admin_access() {
    	if ( is_admin() ) {
    		if ($_SERVER['SCRIPT_NAME'] == '/wp-admin/admin-ajax.php' ) {
    				return true;
    		}
    		if (!$this->is_logged_in()) {
    			$this->render_page('not-logged-in');
    		} else if (!$this->has_admin_access()) {
    			$this->render_404();
    		}
    	}
    }

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic