Go Headless

Build Apps

Client

API Preview

Develop Websites

REST

Velo

GraphQL (Alpha)

Function of which to create an instance with elevated permissions.

sourceFunction

Function

Allows a site visitor to call a function without the required permissions.





__Warning__:
The `elevate()` function enables site visitors to call functions without the required permissions. 
Exercise caution when using this function to prevent security vulnerabilities.




The `elevate()` function receives a function requiring permissions and returns an instance of the same function that any site visitor can run. 

Some functions require specific [roles and permissions](https://support.wix.com/en/article/roles-permissions-overview) to run. 
Other functions may limit functionality depending on the the visitor's roles and permissions. 
Using `elevate()` bypasses the permissions by elevating the site visitor's permissions to the highest level.


For example, the `wix-bookings-backend` function `confirmBooking()` requires [Bookings Admin](https://support.wix.com/en/article/roles-permissions-overview#bookings-admin) permissions. 
Use `elevate()` to allow any visitor to run `confirmBooking()`.

```javascript
const myElevatedConfirmBooking = elevate(bookings.confirmBooking);
```
 
> **Notes:** 
> + The `elevate()` function can only be used in the backend.
> + Some functions have a `suppressAuth` option for overriding permissions. For these functions, use `suppressAuth` instead of `elevate()`. Check your function's reference documentation to see whether `suppressAuth` or `elevate()` is supported.

import { Permissions, webMethod } from 'wix-web-module';
import { bookings } from 'wix-bookings-backend';
import { elevate } from 'wix-auth';

// Sample bookingId value: '001c0674-d7c9-4c77-acb5-b492b427b201'

export const myElevatedConfirmBookingFunction = webMethod(Permissions.Anyone, async (bookingId) =>{
  
  try {
    const elevatedConfirmBooking = elevate(bookings.confirmBooking);
    const confirmedBookingId = await elevatedConfirmBooking(bookingId);

    console.log('Success! Confirmed booking:', confirmedBookingId);
    return confirmedBookingId;
    } catch (error) {
    console.error(error);
    // Handle error
    }
});


/* Returns:
 * "001c0674-d7c9-4c77-acb5-b492b427b201"
 */

Elevate permissions for visitors using wix-bookings-backend.confirmBooking

import { Permissions, webMethod } from 'wix-web-module';
import { contacts } from 'wix-crm-backend';
import * as wixAuth from 'wix-auth';

// Sample contactId value: 'bc0ae72b-3285-485b-b0ad-c32c769a4daf'

export const myElevatedGetContactFunction = webMethod(Permissions.Anyone, async (contactId) => {

  try {
    const elevatedGetContact = wixAuth.elevate(contacts.getContact);
    const myContact = await elevatedGetContact(contactId);
    
    const id = myContact._id;
    const firstName = myContact.info.name.first;
    const lastName = myContact.info.name.last;

    console.log('Success! Got contact:', myContact);
    return myContact;
  } catch (error) {
    console.error(error);
    // Handle error
  }  
});

/* Returns:
 * {
 *   "_id": "bc0ae72b-3285-485b-b0ad-c32c769a4daf",
 *   "_createdDate": "2021-03-30T13:12:39.650Z",
 *   "_updatedDate": "2021-03-30T13:12:39.650Z",
 *   "revision": 0,
 *   "info": {
 *     "name": {
 *       "first": "Gene",
 *       "last": "Lopez"
 *     },
 *     "birthdate": "1981-11-02",
 *     "company": "Borer and Sons, Attorneys at Law",
 *     "jobTitle": "Senior Staff Attorney",
 *     "labelKeys": [
 *       "custom.white-glove-treatment",
 *       "contacts.contacted-me",
 *       "custom.new-lead"
 *     ],
 *     "locale": "en-us",
 *     "emails": [
 *       {
 *         "_id": "5bdcce4a-37c2-46ed-b49c-d562c6e3c4ce",
 *         "tag": "HOME",
 *         "email": "gene.lopez.at.home@example.com",
 *         "primary": true
 *       },
 *       {
 *         "_id": "78e5f398-e148-448d-b490-7c0b7d2ab336",
 *         "tag": "WORK",
 *         "email": "gene.lopez@example.com",
 *         "primary": false
 *       }
 *     ],
 *     "phones": [
 *       {
 *         "_id": "820e4640-ffe0-4980-a097-62a715e73135",
 *         "tag": "MOBILE",
 *         "countryCode": "US",
 *         "phone": "(722)-138-3099",
 *         "primary": true
 *       },
 *       {
 *         "_id": "8506549e-e4f8-42f6-b6fc-9db155b582ef",
 *         "tag": "HOME",
 *         "countryCode": "US",
 *         "phone": "(704)-454-1233",
 *         "e164Phone": "+17044541233",
 *         "primary": false
 *       }
 *     ],
 *     "addresses": [
 *       {
 *         "address": {
 *           "formatted": "9834 Bollinger Rd\nEl Cajon, WY 97766\nUS",
 *           "location": {
 *             "latitude": 84.1048,
 *             "longitude": -116.8836
 *           },
 *           "city": "El Cajon",
 *           "subdivision": "US-WY",
 *           "country": "US",
 *           "postalCode": "97766",
 *           "streetAddress": {
 *             "name": "Bollinger Rd",
 *             "number": "9834",
 *             "apt": ""
 *           }
 *         },
 *         "_id": "8532051f-91f2-42d9-9a97-9f2c39e64f7a",
 *         "tag": "HOME"
 *       }
 *     ],
 *     "profilePicture": "https://randomuser.me/api/portraits/men/0.jpg",
 *     "extendedFields": {
 *       "contacts.displayByLastName": "Lopez Gene",
 *       "emailSubscriptions.deliverabilityStatus": "NOT_SET",
 *       "emailSubscriptions.subscriptionStatus": "NOT_SET",
 *       "custom.event-we-met-at": "LegalBigData",
 *       "emailSubscriptions.effectiveEmail": "gene.lopez.at.home@example.com",
 *       "contacts.displayByFirstName": "Gene Lopez"
 *     }
 *   },
 *   "lastActivity": {
 *     "activityDate": "2021-03-30T13:12:39.649Z",
 *     "activityType": "CONTACT_CREATED"
 *   },
 *   "primaryInfo": {
 *     "email": "gene.lopez.at.home@example.com",
 *     "phone": "(722)-138-3099"
 *   },
 *   "source": {
 *     "sourceType": "OTHER"
 *   }
 * }
 */

Elevate permissions for visitors using wix-crm-backend.getContact

import { Permissions, webMethod } from 'wix-web-module';
import { proGallery } from 'wix-pro-gallery-backend';
import { elevate } from 'wix-auth';

// Sample cloneFromGalleryId value: '10874ccf-5867-4225-9550-3885079bad66'

export const myCreateGalleryFunction = webMethod(Permissions.Anyone, async (cloneFromGalleryId) => {

  try {
    const elevatedCreateGallery = elevate(proGallery.createGallery);
    const newGallery = await elevatedCreateGallery({cloneFromGalleryId});

    const id = newGallery._id;
    const name = newGallery.name;
    const items = newGallery.items;
    const firstItemTitle = newGallery.items[0].title;

    console.log('Success! Created a new gallery:', newGallery);
    return newGallery;
  } catch (error) {
    console.error(error);
    // Handle the error
  }
});

/* Returns:
 * {
 *   "gallery": {
 *     "_createdDate": "Sun Jul 10 2022 07:23:47,
 *     "_id":"d4960668-a1f9-421b-99ed-974b632107c0",
 *     "items": [
 *       {
 *         "_createdDate": Sun Jul 10 2022 07:23:47,
 *         "_id": "229265c7-0f61-45ve-b433-791nncadf4c5",
 *         "_updatedDate": Sun Jul 10 2022 07:23:47,
 *         "description": "This is the first item in my gallery.",
 *         "sortOrder": 1657439075188,
 *         "title": "Item 1",
 *         "type": "IMAGE",
 *         "image": {
 *           "imageInfo": "wix:image://v1/38939f9568z222d6avc6285c9ac1e9129.jpg/38939f9568z222d6avc6285c9ac1e9129.jpg#originWidth=200&originHeight=199"
 *         }
 *       },
 *       {
 *         "_createdDate": Sun Jul 10 2022 07:29:27,
 *         "_id": "4507a07b-ab93-4326-a222-6d0bd8da0625",
 *         "_updatedDate":  Sun Jul 10 2022 07:29:27,
 *         "description": "This is the second item in my gallery.",
 *         "sortOrder": 1857439076244,
 *         "title": "Item 2",
 *         "type": "IMAGE",
 *         "image": {
 *           "imageInfo": "wix:image://v1/25139f9568b74d8aac6286c9ac1e8186.jpg/25139f9568b74d8aac6286c9ac1e8186.jpg#originWidth=4000&originHeight=2667"
 *         }
 *       }],
 *     "name": "My New Gallery",
 *     "sortOrder": "1098567432267",
 *     "totalItems": 2
 *   }
 * }
 */

Elevate permissions for visitors using wix-pro-gallery-backend.createGallery

elevate

Specified function with elevated permissions.

# Introduction
The wix-auth module contains functionality for working with permissions.

To use the Wix Auth API import `* as wixAuth` from the `wix-auth` module:
```javascript
import * as wixAuth from 'wix-auth';
```

elevate( )