Support » Plugin: Front-End Users » [Plugin: Front-End Users] Ajax for users with restricted roles

  • To give ajax access to user with restricted access to admin:

    Edits In front_end_users.php > restrict_admin_access

    1) Add the name of your function to valid ajax actions array

    $valid_admin_ajax_actions = array(
      'user_avatar_add_photo',
      'my_ajax_function'
    );

    2) Change the 1st clause of the if statement to allow for non-root installations

    $_SERVER['SCRIPT_FILENAME'] == $_SERVER['DOCUMENT_ROOT'] . substr( $_SERVER['SCRIPT_NAME'], 0, -24 ) . '/wp-admin/admin-ajax.php'

    3) Change the 2nd clause of the if statement to accept $_POST

    ( isset($_GET['action']) && in_array($_GET['action'], $valid_admin_ajax_actions) ) || ( isset($_POST['action']) && in_array($_POST['action'], $valid_admin_ajax_actions) )

    So the whole function should look like this:

    public function restrict_admin_access() {
      if (is_admin()) {
        $valid_admin_ajax_actions = array(
          'user_avatar_add_photo',
          'my_ajax_function'
        );
        if ( $_SERVER['SCRIPT_FILENAME'] == $_SERVER['DOCUMENT_ROOT'] . substr( $_SERVER['SCRIPT_NAME'], 0, -24 ) . '/wp-admin/admin-ajax.php' &&
          ( ( isset($_GET['action']) && in_array($_GET['action'], $valid_admin_ajax_actions) ) || ( isset($_POST['action']) && in_array($_POST['action'], $valid_admin_ajax_actions) ) )) {
            return true;
        }
        if (!$this->is_logged_in()) {
          $this->render_page('not-logged-in');
        } else if (!$this->has_admin_access()) {
          $this->render_404();
        }
      }
    }

    http://wordpress.org/extend/plugins/front-end-users/

Viewing 4 replies - 1 through 4 (of 4 total)
  • Thank you very much! It works, just dont forget to add ajax “action” to this snippet

    Just to clarify, the above edits are in:
    front-end-users > lib > front_end_users.php > restrict_admin_access

    Thanks britanik.
    So for example, your js might look like this.

    var data = {
      action: 'my_ajax_function',
      id: jQuery(this).attr('id'),
    };
    jQuery.post( MyAjax.ajaxurl, data, function(response) {
      // do something
    });

    I took this one step further and added a filter so that plugins could add these dynamically.
    Is there even a better way? Maybe an option to allow all ajax calls?
    It would be hard on any thirdparty plugin to have to go through them all and get their ajax calls.

    public function restrict_admin_access() {
            if (is_admin()) {
                $valid_admin_ajax_actions_defaults = array('user_avatar_add_photo');
                $valid_admin_ajax_actions = apply_filters('front_end_users_valid_ajax', $valid_admin_ajax_actions_defaults);
                //die(json_encode($valid_admin_ajax_actions));
                if ($_SERVER['SCRIPT_FILENAME'] == $_SERVER['DOCUMENT_ROOT'] . substr($_SERVER['SCRIPT_NAME'], 0, -24) . '/wp-admin/admin-ajax.php' &&
                        ( ( isset($_GET['action']) && in_array($_GET['action'], $valid_admin_ajax_actions) ) || ( isset($_POST['action']) && in_array($_POST['action'], $valid_admin_ajax_actions) ) )) {
                    return true;
                }
                if (!$this->is_logged_in()) {
                    $this->render_page('not-logged-in');
                } else if (!$this->has_admin_access()) {
                    $this->render_404();
                }
            }
        }

    In my plugins

    function front_end_users_valid_ajax($users_valid_ajax = array()) {
            $my_ajax = array("get_keyword_selects");
            return array_merge($users_valid_ajax, $my_ajax);
        }

    I just ran into the “why aren’t my AJAX calls working!?” thing and discovered this.

    I don’t feel the need to restrict which calls are allowed, so I just overrode the whole check for a valid AJAX call:

    public function restrict_admin_access() {
    	if ( is_admin() ) {
    		if ($_SERVER['SCRIPT_NAME'] == '/wp-admin/admin-ajax.php' ) {
    				return true;
    		}
    		if (!$this->is_logged_in()) {
    			$this->render_page('not-logged-in');
    		} else if (!$this->has_admin_access()) {
    			$this->render_404();
    		}
    	}
    }
Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘[Plugin: Front-End Users] Ajax for users with restricted roles’ is closed to new replies.