Manage App Permissions

App permissions are defined in the App Manager. These permissions are known as the Default App Permissions. You can dynamically grant or revoke permissions client-side. However, any action that exceeds the Default App Permissions will still be blocked by the server.

Dynamic Server-Side Permission Control

Use the wpda_app_access_filter filter to add server-side restrictions beyond the Default App Permissions.

Dynamic Client-Side Permission Control

When client-side permissions are revoked dynamically, they must also be revoked server-side to prevent users from performing the action on the server. Client-side permission control can be achieved with hooks.

Syncing Server-Side and Client-Side Permission Control

The preferred hook for client-side permission control is the onAppOpen hook (available in Table Builder > Hooks). Use the postQuery hook for related detail tables. Any permissions revoked client-side must also be addressed with server-side permission control.

The following examples show how server-side and client-side permission control can be used to prevent insert, update, and delete actions performed by anonymous users.

✨ Example onAppOpen Hook (Client-Side)

Also add this code to the postQuery hook for all related detail tables.

if (app.getUsername() === "anonymous") {
    app.setInsert(false)
    app.setUpdate(false)
    app.setDelete(false)
}

✨ Example wpda_app_access_filter Filter (Server-Side)

add_filter(
	'wpda_app_access_filter',
	function( $app_id, $cnt_id, $action, $args ) {

		$user_id = get_current_user_id();

		if (
			0 === $user_id && 
			(
				'insert' === strtolower( $action ) ||
				'update' === strtolower( $action ) ||
				'delete' === strtolower( $action )
			)
		) {
			return false;
		}

		return true;
	},
	10,
	4
);