Server-Side

App authorization is managed in the App Manager under Access > Authorize Roles & Users and applies to both back-end and front-end usage. You can dynamically grant or revoke permissions. However, any permissions that exceed the app’s configured limits will still be blocked by the server.

Server-Side Permission Control with Filters

Server-side access control runs before any filters. This means that it is not possible to grant extra permissions — only to restrict existing ones.

Filter wpda_app_access_filter

Use filter wpda_app_access_filter to add server-side restrictions beyond the default app settings.

✨ Example of a Server-Side Filter

add_filter(
	'wpda_app_access_filter',
	function( $app_id, $cnt_id, $action, $args ) {
		$user_id = get_current_user_id();
		if ( 1 === $user_id && 209 === $cnt_id && 'update' === strtolower( $action ) ) {
			// Prevent update on container 209 for user id 1
			return false;
		}

		if ( 127 === $app_id && 'delete' === strtolower( $action ) ) {
			// Prevent delete on app id 127
			return false;
		}

		if ( 'inline_editing' === strtolower( $action ) ) {
			// Completely disable inline editing
			return false;
		}

		if ( 'global_search' === strtolower( $action ) ) {
			// Completely disable global search
			return false;
		}

		if ( 0 === $user_id && 'column_filtering' === strtolower( $action ) ) {
			// Disable column filtering for anonymous users
			return false;
		}

		// Add more action restrictions here...

		return true;
	},
	10,
	4
);