Support » Plugin: Disable REST API » Feature Request: Filter Hook for Auth Error

  • Resolved Dominic

    (@dominicp)


    First, thanks for the great plugin.

    I was wondering if you would consider adding a filter on the condition for returning an Auth error. In my use case, I want to restrict the API to a specific subset of users (not just anyone who is logged in). It could look like this:

    if (! apply_filters('dra_allow_rest_api', is_user_logged_in())) {

    Let me know what you think.

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author Dave McHale

    (@dmchale)

    Hey @dominicp

    Are you looking to limit based on user role? I’ve had that feature on a roadmap for a bit, but it just hasn’t been something I’ve had time lately to look at adding. I can see lots of reasons why that would be helpful for people, though.

    Still, the filter is also not a bad idea since then people can use it for whatever they like. I’ll make a note and take a look into it. Thanks for the suggestion!

    Dave

    Hi @dmchale

    Thanks for the quick reply. I’m actually using some custom permissions, so if there was a hook there, I would just hook a function that returns current_user_can('...').

    Using roles could be a nice feature as well, but you might wind up having to add an admin interface for that, and it’s pretty great how short the plugin is now. Just my two cents. 🙂

    Dominic

    Plugin Author Dave McHale

    (@dmchale)

    An admin interface would be needed, yes, and I agree with your 2 cents that the simplicity of the plugin is not something I would want to lose. 🙂

    My thought is that default behavior will always remain the same – “If not logged in, deny endpoint access” – by simply installing and activating the plugin. But you OPTIONALLY could say for example, “If user is a Subscriber role, deny endpoint access”. It would just add new potential functionality with no need to ever configure it unless you wanted to.

    That seems like a good approach. I will keep an eye out for updates.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Feature Request: Filter Hook for Auth Error’ is closed to new replies.