Enhanced Access Policy | Dynamic URI Problem | ww.wp.xz.cn

backpackingseries
(@backpackingseries)

4 years, 2 months ago
Hi,

I am using Enhanced Access Policy addon and love the way it allows for creating statements and conditions.

However, I have hit a hurdle. I am trying to construct a dynamic WP admin URI like below
```
"Statement": {
        "Effect": "deny",
        "Resource": "URI:/wp-admin/admin-ajax.php?nonce=a11a000003&_action=create-popup&action=cpt_action",
    },
```
The URI is mostly static, except the nonce variable inside it.

Could someone please help with a sample on how to accomplish this?

Thank you,
- This topic was modified 4 years, 2 months ago by backpackingseries.

Viewing 1 replies (of 1 total)

Thread Starter backpackingseries
(@backpackingseries)

4 years, 2 months ago
Okay,

Looks like I found a way to deal with this as below:

"Resource": "URI:/wp-admin/admin-ajax.php?${USER_META.nonce}${POLICY_META.customscreen}",

Of course the custom field needs to be defined under the policy meta. This seems to work well to restrict access for each URL with user’s nonce in it.

PS: Leaving it here in case there’s any suggestions to improve or if anyone else is after something similar.

Kind regards,
- This reply was modified 4 years, 2 months ago by backpackingseries.

Viewing 1 replies (of 1 total)

The topic ‘Enhanced Access Policy | Dynamic URI Problem’ is closed to new replies.

1 reply
1 participant
Last reply from: backpackingseries
Last activity: 4 years, 2 months ago
Status: not resolved