Filter Uncanny Redemption Codes

set_admin_codes_group_detail_permissions

Filters the capabilities required to manage admin code group details.

add_filter( 'set_admin_codes_group_detail_permissions', $callback, 10, 1 );

Description

Filters the capability required to access and modify group detail settings in the admin area. Developers can use this hook to grant access to different user roles or custom capabilities, overriding the default 'manage_options' requirement. This allows for more granular control over who can manage group details.

Usage

add_filter( 'set_admin_codes_group_detail_permissions', 'your_function_name', 10, 1 );

Return Value

The filtered value.

Examples

/**
 * Example of how to modify the capability required to access the admin codes group detail endpoint.
 *
 * By default, this endpoint requires the 'manage_options' capability. This filter allows
 * developers to change this to a more specific or less restrictive capability if needed.
 * For example, if you wanted only users with the 'edit_users' capability to access this,
 * you could hook into this filter and return 'edit_users'.
 *
 * @param string $capability The current capability required.
 * @return string The modified capability required.
 */
add_filter( 'set_admin_codes_group_detail_permissions', 'my_custom_admin_codes_permissions', 10, 1 );

function my_custom_admin_codes_permissions( $capability ) {
	// Let's say we want to allow users with the 'edit_others_posts' capability
	// to also manage these codes, in addition to those with 'manage_options'.
	// This filter hook, as implemented in the source, *replaces* the capability,
	// it doesn't add to it. So if we want to allow a *different* capability,
	// we need to check the current user against our new capability.
	// In this specific context, the filter is applied and then the returned
	// capability is checked. So, if we want to *add* permissions, we'd typically
	// need to check the original capability ('manage_options') and our new one.
	// However, the provided example directly returns a capability.
	//
	// To realistically *add* a capability to the check, we would need to modify
	// the *logic* within the `set_admin_codes_group_detail_permissions` function itself,
	// which we cannot do via a simple filter that only modifies the capability string.
	//
	// Therefore, a realistic example *using this filter hook as designed* would be
	// to *replace* the capability. Let's say we want to be less restrictive and
	// allow users who can 'edit_posts' to manage these codes.

	// If the original capability is 'manage_options', let's check if the user
	// has 'edit_posts' instead.
	if ( 'manage_options' === $capability ) {
		// Return 'edit_posts' as the new capability requirement.
		// The function will then check `current_user_can('edit_posts')`.
		return 'edit_posts';
	}

	// If for some reason the capability was already changed, just return it as is.
	return $capability;
}

Placement

This code should be placed in the functions.php file of your active theme, a custom plugin, or using a code snippets plugin.

Source Code

src/classes/helpers/class-rest-api.php:160

public function set_admin_codes_group_detail_permissions() {

		$capability = apply_filters( 'set_admin_codes_group_detail_permissions', 'manage_options' );

		// Restrict endpoint to only users who have the edit_posts capability.
		if ( ! current_user_can( $capability ) ) {
			return new WP_Error( 'rest_forbidden', esc_html__( 'You do not have the capability to save module settings.', 'uncanny-learndash-codes' ), array( 'status' => 401 ) );
		}

		// This is a black-listing approach. You could alternatively do this via white-listing, by returning false here and changing the permissions check.
		return true;
	}
Scroll to Top