I’m utilizing the /settings/
relaxation api endpoint to verify plugin’s choices and show information based mostly on these choices within the Block Editor’s sidebar (inside WordPress admin solely). The code is working wonderful for admin customers, nevertheless, for different person roles (editors, subscribers, and many others.), i get the next response from the remainder api:
{ "code": "rest_forbidden", "message": "Sorry, you are not allowed to do that.", "data": { "status": 403 } }
Right here is the code I’m utilizing:
information.js
/* Get all of the plugin Choices */
export const pluginOptions = () => {
const [ data, setData ] = useState({});
useEffect(() => {
api.loadPromise.then(() => {
const settings = new api.fashions.Settings();
if (!information.isAPILoaded) {
settings.fetch().then((response) => {
setData({
isShowPost: response['my_options']['is_show_post'] ? response['my_options']['is_show_post'] : '',
isShowPage: response['my_options']['is_show_page'] ? response['my_options']['is_show_page'] : '',
isShowCPT: response['my_options']['is_show_cpt'] ? response['my_options']['is_show_cpt'] : '',
isAPILoaded: true,
})
});
}
});
}, []);
index.js
const { PluginDocumentSettingPanel } = wp.editPost;
import { registerPlugin } from "@wordpress/plugins";
import MyComponent from './templates/mycomponent';
import { pluginOptions } from './information'
operate showPanel() {
const isPostEditor = doc.physique.className.indexOf('post-type-post') > -1;
const isPаgeEditor = doc.physique.className.indexOf('post-type-page') > -1;
const isCPTEditor = !isPostEditor && !isPаgeEditor;
const { isShowPost, isShowPage, isShowCPT} = pluginOptions();
if (isPostEditor && isShowPost) {
return true
}
else if (isPаgeEditor && isShowPage) {
return true
}
else if (isCPTEditor && isShowCPT) {
return true
}
else {
return false
}
}
const PluginDocumentSettingPanelDemo = () => (
<>
{showPanel &&
<PluginDocumentSettingPanel
title="custom-panel"
title="Custom Panel"
className="custom-panel"
>
<MyComponent/>
</PluginDocumentSettingPanel>}
</>
)
registerPlugin('plugin-document-setting-panel-demo', {
render: PluginDocumentSettingPanelDemo
})
I have to show the panel and its information for non-admin customers too. I suppose I can simply change "manage_options" => true
for editors and subscribers however that might in all probability expose the plugin to safety vulnerabilities. So, what must be the right option to method this?
Please observe I solely need to enable customers to get the information from the wp-options
desk, to not submit or replace it.