App authorization is managed in the App Manager under Access > Authorize Roles and Users and applies to both back-end and front-end usage. You can dynamically grant or revoke permissions. However, any permissions that exceed the app’s configured limits will still be blocked by the server.
Server-Side Permission Control with Filters #
Server-side access control runs before any filters. This means you cannot use a filter to grant extra permissions — only to restrict existing ones.
Use the
wpda_app_access_filter filter to apply additional server-side restrictions beyond the default app settings.Example – Server-Side Filter #
add_filter(
'wpda_app_access_filter',
function( $app_id, $cnt_id, $action, $args ) {
$user_id = get_current_user_id();
if ( 1 === $user_id && 209 === $cnt_id && 'update' === strtolower( $action ) ) {
// Prevent update on container 209 for user id 1
return false;
}
if ( 127 === $app_id && 'delete' === strtolower( $action ) ) {
// Prevent delete on app id 127
return false;
}
if ( 'inline_editing' === strtolower( $action ) ) {
// Completely disable inline editing
return false;
}
if ( 'global_search' === strtolower( $action ) ) {
// Completely disable global search
return false;
}
if ( 0 === $user_id && 'column_filtering' === strtolower( $action ) ) {
// Disable column filtering for anonymous users
return false;
}
// Add more action restrictions here...
return true;
},
10,
4
);
