search

Tmeister / wp-api-jwt-auth

A simple plugin to add JSON Web Token (JWT) Authentication to WP REST API
GNU General Public License v2.0
553 stars 159 forks source link

Restrict Api to user role #118

Closed Peakflower closed 1 year ago

Peakflower commented 6 years ago

I have this code to limit Api read access to non logged in user

`add_filter('rest_authentication_errors', function ($result) { if (!empty($result)) { return $result; }

if (!is_user_logged_in() && $_SERVER['REQUEST_URI'] !== "/wp-json/jwt-auth/v1/token" && $_SERVER['REQUEST_URI'] !== "/wp-json/jwt-auth/v1/token/validate") {
    return new WP_Error('rest_not_logged_in', 'You are not currently logged in.', array('status' => 401));
}
return $result;

}); `

but how I limit read and write APi access to all user except admin or editor ?

Tmeister commented 5 years ago

Again, not a JWT plugin issue but you can use the get_userdata function, something like the following:

$user_meta = get_userdata($user_id);
$user_roles = $user_meta->roles;
// now check the user_roles.