I use WordPress REST API plugin to fetch WordPress stuff on a mobile app.
What Access manager plugin keeps the privileges on REST API responses?
I want restrict access to certain posts, categories etc for a particular role, So when the user of that role authenticates via HTTP request, could not access to that post.
more details:
I tried some scenarios with the free version of Advanced Access
Manager plugin to restrict a single post for a role; by ticking all
the options on the both Frontend and Backend lists but the post was
retrieved by the user of that particular role. The only way that the
post could not be accessed was when its status had been set to
private. But this way all the other roles couldn’t reach the post too.
Could AAM or any other similar plugin set the access level of items
(posts, categories…) globally in the system like what happens when a
post status is private? Apparently, this one certainly affects on JSON
API clients
I was told in The WP IRC to use determine_current_user filter in the functions.php of the active theme. So I added this code at the end of the functions.php of the current theme:
function no_valid_user_no_rest($user) {
if (!$user) {
add_filter('rest_enabled', '__return_false');
add_filter('rest_jsonp_enabled', '__return_false');
}
return $user;
}
add_filter('determine_current_user', 'no_valid_user_no_rest', 50);
But the user got the whole restricted post via JSON output.
Regards
