Title: API – programmatically switch Last modified: October 5, 2018 --- # API – programmatically switch * Resolved [Hrohh](https://wordpress.org/support/users/hrohh/) * (@hrohh) * [7 years, 8 months ago](https://wordpress.org/support/topic/api-programmatically-switch/) * Hi, I have website, where I want switch user via php. I have some 50% solution like this * ``` add_action( 'parse_query', 'test_parse_query' ); function test_parse_query( $wp_query ) { if ( isset( $wp_query->query['view-as-user'] ) && function_exists( 'view_admin_as' ) ) { if ( is_numeric( $wp_query->query['view-as-user'] ) ) { $request = array( 'user' => $wp_query->query['view-as-user'] ); $view_admin_as = view_admin_as(); //$view_admin_as->controller()->reset_view(); $view_admin_as->store()->set_view( $view_admin_as->controller()->validate_view_data( $request ) ); $data = $view_admin_as->controller()->validate_view_data( $view_admin_as->store()->get_view() ); if ( $data ) { $meta = $view_admin_as->store()->get_userMeta( 'views' ); // Make sure it is an array (no array means no valid data so we can safely clear it). if ( ! is_array( $meta ) ) { $meta = array(); } // Add the new view metadata and expiration date. $meta[ $view_admin_as->store()->get_curUserSession() ] = array( 'view' => $data, 'expire' => ( time() + (int) 86400 ), ); // Update metadata (returns: true on success, false on failure). $view_admin_as->store()->update_userMeta( $meta, 'views', true ); } wp_redirect( home_url( trailingslashit( _x( 'my-account', 'link my account', 'test' ) ) ) ); die(); } } ``` * It work ok, but if user dont have cap “view_admin_as” and “edit_users”, it is not possible ([https://github.com/JoryHogeveen/view-admin-as/wiki/Custom-capabilities](https://github.com/JoryHogeveen/view-admin-as/wiki/Custom-capabilities)). It is possible some workaround for switching user without these caps? Or can I use some filter for temporary adding them and remove after switching? Thank you for your help! - This topic was modified 7 years, 8 months ago by [Hrohh](https://wordpress.org/support/users/hrohh/). Viewing 8 replies - 1 through 8 (of 8 total) * Plugin Author [Jory Hogeveen](https://wordpress.org/support/users/keraweb/) * (@keraweb) * [7 years, 8 months ago](https://wordpress.org/support/topic/api-programmatically-switch/#post-10753784) * Hi [@hrohh](https://wordpress.org/support/users/hrohh/), * Before I dive into this I’d like to know what it is you are trying to do. There might be a simpler solution to this. It seems odd to switch users the way you propose. Not validating capabilities would be a serious security leak. * Let me know! Regards, Jory * Thread Starter [Hrohh](https://wordpress.org/support/users/hrohh/) * (@hrohh) * [7 years, 8 months ago](https://wordpress.org/support/topic/api-programmatically-switch/#post-10756338) * Ok I see. I have website, where users have roles – member – validator – editor– administrator * Member has UX dashboard, where they add daily data – KM and footsteps. Because users can occasionally add false data, the validator logs in to their account and deletes them. But, member and validator dont have any CAPs in WP (no “read”). Now I have to figure out, how can i switch user without “edit_users” cap. Because maybe (i dont know) with REST API they can manipulate with users internal data( like changing password etc ). My APP doesnt allow that – i have own ajax request with function, where I check user on base “role”. * There is screen -> [https://ibb.co/e3bFb9](https://ibb.co/e3bFb9) * Thank you very much. - This reply was modified 7 years, 8 months ago by [Hrohh](https://wordpress.org/support/users/hrohh/). * Plugin Author [Jory Hogeveen](https://wordpress.org/support/users/keraweb/) * (@keraweb) * [7 years, 8 months ago](https://wordpress.org/support/topic/api-programmatically-switch/#post-10757317) * Hello [@hrohh](https://wordpress.org/support/users/hrohh/), * I get it, but don’t you think it’s better to just allow the validator to edit member data from their own account? So they would have interface where they can select a member and view/change it’s data. This way you could even create a revision history to see who made the changes. * This would then be unrelated to View Admin As of course but I think it would be a better solution when looking at flexibility and security. Let me know what you think! * If you really want to switch using VAA, please take a look at `user_has_cap` filter. You can add capabilities to a user without storing them in the DB. * As far as updating the view. I can create an API function in the next release where you can easily update the current view. This will ensure backwards compatibility in case the storage might change in the future. * Thanks! Jory * Plugin Author [Jory Hogeveen](https://wordpress.org/support/users/keraweb/) * (@keraweb) * [7 years, 8 months ago](https://wordpress.org/support/topic/api-programmatically-switch/#post-10761391) * [@hrohh](https://wordpress.org/support/users/hrohh/), * This is a new API method idea for setting the current view: `VAA_API::update_view( $view )` [https://github.com/JoryHogeveen/view-admin-as/commit/ab9808d45b0cf6055a5f0c5a3fa74be76bcefa0c](https://github.com/JoryHogeveen/view-admin-as/commit/ab9808d45b0cf6055a5f0c5a3fa74be76bcefa0c) * Dev branche: [https://github.com/JoryHogeveen/view-admin-as/tree/dev](https://github.com/JoryHogeveen/view-admin-as/tree/dev) * Let me know what you think of my previous comment (and idea). * Thanks, Jory * UPDATE, your code can then be simplified: * ``` add_action( 'parse_query', 'test_parse_query' ); function test_parse_query( $wp_query ) { $view_as_user = $wp_query->get( 'view-as-user', false ); if ( is_numeric( $view_as_user ) && class_exists( 'VAA_API' ) ) { $view = array( 'user' => $view_as_user ); $success = VAA_API::update_view( $view ); // if ( $success ) { check?? } wp_redirect( home_url( trailingslashit( _x( 'my-account', 'link my account', 'test' ) ) ) ); die(); } } ``` - This reply was modified 7 years, 8 months ago by [Jory Hogeveen](https://wordpress.org/support/users/keraweb/). - This reply was modified 7 years, 8 months ago by [Jory Hogeveen](https://wordpress.org/support/users/keraweb/). - This reply was modified 7 years, 8 months ago by [Jory Hogeveen](https://wordpress.org/support/users/keraweb/). - This reply was modified 7 years, 8 months ago by [Jory Hogeveen](https://wordpress.org/support/users/keraweb/). * Thread Starter [Hrohh](https://wordpress.org/support/users/hrohh/) * (@hrohh) * [7 years, 8 months ago](https://wordpress.org/support/topic/api-programmatically-switch/#post-10763824) * Thank you so much! It is switching user :)) * Now I have trouble with CAPS. I removed “view_admin_as” and “edit_users” from caps in DB (via plugin [https://cs.wordpress.org/plugins/members/](https://cs.wordpress.org/plugins/members/)) and use filtering via `user_has_cap` * ``` add_filter( 'user_has_cap', 'test_user_has_cap', PHP_INT_MAX, 3 ); function test_user_has_cap( $allcaps, $cap, $args ) { $allcaps['view_admin_as'] = true; $allcaps['edit_users'] = true; return $allcaps; } ``` * Switching user not working. Im logging $allcaps, $cap, $args to txt file. No “ view_admin_as”/”edit_users”, only some caps for editing post. * Thank you - This reply was modified 7 years, 8 months ago by [Hrohh](https://wordpress.org/support/users/hrohh/). - This reply was modified 7 years, 8 months ago by [Hrohh](https://wordpress.org/support/users/hrohh/). * Plugin Author [Jory Hogeveen](https://wordpress.org/support/users/keraweb/) * (@keraweb) * [7 years, 8 months ago](https://wordpress.org/support/topic/api-programmatically-switch/#post-10764963) * Hi [@hrohh](https://wordpress.org/support/users/hrohh/), * Is this filter always active? And I assume it’s not a multisite/network? * Where are you adding this code? Please make sure that this filter is active before VAA get’s loaded (action: `plugins_loaded` priority `-99999`). Keep in mind that this is before the theme is loaded so adding it in your theme won’t work. * Let me know! Jory * PS: I’d still like to add, and I can’t stress this enough.. please make sure you add the appropriate checks to validate whether a user (validator) should be able to access a member. In the example code you simply add those capabilities to all users so I assume this is example code? Modifications like this can easily pose security issues! - This reply was modified 7 years, 8 months ago by [Jory Hogeveen](https://wordpress.org/support/users/keraweb/). * Thread Starter [Hrohh](https://wordpress.org/support/users/hrohh/) * (@hrohh) * [7 years, 8 months ago](https://wordpress.org/support/topic/api-programmatically-switch/#post-10766408) * Thank you very much. I have added to functions.php in theme – sorry. * I have validation like this * ``` function user_challenge_is_coordinator() { $user = wp_get_current_user(); $is_coordinator = false; if ( array_intersect( array( 'administrator', 'coordinator' ), $user->roles ) ) { $is_coordinator = true; } if ( ! $is_coordinator ) { if ( function_exists( 'view_admin_as' ) ) { $view_admin_as = view_admin_as(); $view_admin_as_store = $view_admin_as->store(); if ( $view_admin_as_store->get_selectedUser() ) { $is_coordinator = true; } } } return $is_coordinator; } add_action( 'parse_query', 'test_parse_query' ); function test_parse_query( $wp_query ) { if ( isset( $wp_query->query['view-as-user'] ) ) { if ( is_numeric( $wp_query->query['view-as-user'] ) && class_exists( 'VAA_API' ) && is_user_logged_in() && user_challenge_is_coordinator() ) { $user_maybe = get_userdata( $wp_query->query['view-as-user'] ); if ( !empty( $user_maybe ) && array_intersect( array( 'member' ), $user_maybe->roles ) ) { $view = array( 'user' => $wp_query->query['view-as-user'] ); $success = VAA_API::update_view( $view ); } } wp_redirect( home_url( trailingslashit( _x( 'my-account', 'my link', 'test' ) ) ) ); die(); } } ``` * Thank you so much for you help! * Plugin Author [Jory Hogeveen](https://wordpress.org/support/users/keraweb/) * (@keraweb) * [7 years, 8 months ago](https://wordpress.org/support/topic/api-programmatically-switch/#post-10766936) * Hello [@hrohh](https://wordpress.org/support/users/hrohh/), * No problem! You could simply add that code as a must-use plugin (wp-content/mu- plugins/your-file.php). * I’d also do the same with the capability modifications: * ``` add_filter( 'user_has_cap', 'test_user_has_cap', PHP_INT_MAX, 3 ); function test_user_has_cap( $allcaps, $cap, $args ) { if ( user_challenge_is_coordinator() ) { $allcaps['view_admin_as'] = true; $allcaps['edit_users'] = true; } return $allcaps; } ``` * I’ll mark this issue as resolved now! If you need help with anything else let me know! I’m not 100% sure when 1.8.3 will be release but you can follow and contribute development on GitHub anytime! * Also, please consider leaving a nice review, it will help the plugin grow 🙂 * Thanks! Jory - This reply was modified 7 years, 8 months ago by [Jory Hogeveen](https://wordpress.org/support/users/keraweb/). - This reply was modified 7 years, 8 months ago by [Jory Hogeveen](https://wordpress.org/support/users/keraweb/). Viewing 8 replies - 1 through 8 (of 8 total) The topic ‘API – programmatically switch’ is closed to new replies. * ![](https://ps.w.org/view-admin-as/assets/icon-256x256.png?rev=1821735) * [View Admin As](https://wordpress.org/plugins/view-admin-as/) * [Frequently Asked Questions](https://wordpress.org/plugins/view-admin-as/#faq) * [Support Threads](https://wordpress.org/support/plugin/view-admin-as/) * [Active Topics](https://wordpress.org/support/plugin/view-admin-as/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/view-admin-as/unresolved/) * [Reviews](https://wordpress.org/support/plugin/view-admin-as/reviews/) * 8 replies * 2 participants * Last reply from: [Jory Hogeveen](https://wordpress.org/support/users/keraweb/) * Last activity: [7 years, 8 months ago](https://wordpress.org/support/topic/api-programmatically-switch/#post-10766936) * Status: resolved