Home > database >  WordPress/Gutenberg - permission denied to fetch users
WordPress/Gutenberg - permission denied to fetch users

Time:06-08

I use Gutenberg with WordPress for a website with students.

I would like to display a list with all students (roles : student) and exclude from the list the student who is logged in.

I tried two solutions.

  • First solution with getUsers() function. When I'm logged like an administrator all works fine but when a student is logged, he does not have permission to view the list. Only administrators have permission.

  • Second solution with a custom API route. I got a promise pending.

First solution :

import { __ } from '@wordpress/i18n';
import { CheckboxControl } from '@wordpress/components';
import { registerPlugin } from '@wordpress/plugins';
import { PluginDocumentSettingPanel } from '@wordpress/edit-post';
import { useSelect, useDispatch } from '@wordpress/data';
import { useEntityProp } from '@wordpress/core-data';
import { useState, setState, useEffect } from '@wordpress/element';

const metaboxStudents = () => {
    const postType = useSelect( ( select ) => {
        return select( 'core/editor' ).getCurrentPostType();
    });

    if ( postType !== 'subject-imposed' ) {
        return null;
    }

    const [ meta, setMeta ] = useEntityProp( 'postType', postType, 'meta' );

    const authors = useSelect( ( select ) => {
        return select( 'core' ).getUsers( { roles: 'student' } );
    }, [] );

    if ( !posts ) {
        return null;
    }

    const handleCheckboxChange = (data) => {
        const isChecked = meta._metafield_students.some(checkedCheckbox => checkedCheckbox === data);

        if (isChecked) {
            setMeta( { _metafield_students: meta._metafield_students.filter( ( checkedCheckbox) => checkedCheckbox !== data) } );
        } else {
            setMeta( { _metafield_students: meta._metafield_students.concat(data) } );
        }
    };

    return(
        <PluginDocumentSettingPanel
            name="list-students"
            title={ __( 'List of students', 'ccn-gut' ) }
            className='editor-styles-metabox'
        >
        <div className="gut-checkboxes-group">
        { posts.map( ( data ) => (
            wp.data.select("core").getCurrentUser().id !== data.id
            ? (
                <CheckboxControl
                    label={ data.name }
                    key={`student-${data.id}`}
                    value={ data.id }
                    checked={ meta._metafield_students.some(checkedCheckbox => checkedCheckbox === data.id) }
                    onChange={ () => handleCheckboxChange(data.id) }
                />
            ) : null
        ) ) }
        </div>
        </PluginDocumentSettingPanel>
    );
};

registerPlugin('plugin-document-students', {
    render: metaboxStudents,
    icon: null
});

Second solution :

PHP for my WordPress plugin :

wp_localize_script( 'wp-api', 'wpApiSettings', array(
    'root' => esc_url_raw( rest_url() ),
    'nonce' => wp_create_nonce( 'wp_rest' )
));

PHP for API route :

function student_api_rest() {
    register_rest_route('api/v1/', 'students', array(
    'methods' => 'GET',
    'callback' => 'student_api_results'
    ));
}

function student_api_results($data) {
    ....
}

index.js :

import apiFetch from '@wordpress/api-fetch';

wp.apiFetch.use( apiFetch.createNonceMiddleware( wpApiSettings.nonce ) );

const [users, setUsers] = useState( null );

useEffect( () => {
    wp.apiFetch( { path: '/api/v1/students' } ).then(
        (result) => {
            setUsers( result );
        }
    )
}, []);

console.log(users);

Which solution to choose and how to resolve one of those two solutions? Permission VS promise Pending

CodePudding user response:

you should be able to add capabilities to the custom user types of "students". look for where the student role was activated, it should look something like this

add_role( $role, $display_name, $capabilities );

and your looking to add list_users as a capability I believe. You can find the full list of capabilities here https://wordpress.org/support/article/roles-and-capabilities/ and heres the link directly to the list_users section of that https://wordpress.org/support/article/roles-and-capabilities/#list_users

  • Related