How to restrict access to CUI to me only?

iamkeef

I have installed this on a site which has many users in the back end, however I only want for CommandUi to be available to my user (so specifically me and not my administrator user role). This is for security reasons.
I cannot find any way of doing this - please can someone tell me how to achieve this? (If it requires a snippet that is fine, I can use WPCodebox or the functions.php file)
Many thanks 🙂

Calvin Alkan

iamkeef This is for security reasons.

What kind of security reasons are these? CommandUI does not allow anybody to do things they are not allowed to do via their WordPress permissions. WordPress validates everything, CommandUI calls core endpoints via the rest api + some internal endpoints that are all permission adjusted.

In any case, you can use this snippet.

/**
 * Prevents CommandUI from loading the main JS in the frontend,
 * only if the current user ID is the specified hardcoded one.
 */
add_filter('commandui/load-js', function() {
    // Replace with the your account user ID
    $target_user_id = 1;
    
    // Get the current WordPress user ID
    $current_user_id = get_current_user_id();
    
    // Return true if the current user ID matches the hardcoded one, otherwise false.
    return $current_user_id === $target_user_id;
});

iamkeef

Calvin Alkan it's a long story which I can't really go into on here I'm afraid.
Thanks very much for the snippet I really appreciate it. Before I add this (and excuse my ignorance here), I can see it says 'Prevents CommandUI from loading the main JS in the frontend' - does this snippet also cover the back end?
I literally only want my user to have access to CUI, whether it be front end or back end please.

Thanks so much 🙂

Keith

Calvin Alkan

iamkeef

There's no backend access/UI for CommandUI.

The only thing the PHP plugin does is load the JavaScript bundle, and define some rest api endpoints for retrieving CPTs in bulk (requires edit_posts) cap on the post type that is retreived - same as the WP Rest API.

The rest API endpoints will still be defined with the snippets.

iamkeef

Calvin Alkan
ok thanks 🙂
I don't really understand everything you have mentioned there - but that's because I'm not a developer haha.

But as long as it achieves what I need (ie no one else other than me having access to CUI) then that's perfect.

Thanks very much for your help it's greatly appreciated

Calvin Alkan

iamkeef

Yes, nobody besides you will have access to using the command bar, and it won't show in the backend UI.