elevate( )
Allows a site visitor to call a function without the required permissions.
Warning:
The elevate()
function enables site visitors to call functions without the required permissions.
Exercise caution when using this function to prevent security vulnerabilities.
The elevate()
function receives a function requiring permissions and returns an instance of the same function that any site visitor can run.
Some functions require specific roles and permissions to run.
Other functions may limit functionality depending on the the visitor's roles and permissions.
Using elevate()
bypasses the permissions by elevating the site visitor's permissions to the highest level.
For example, the wix-bookings-backend
function confirmBooking()
requires Bookings Admin permissions.
Use elevate()
to allow any visitor to run confirmBooking()
.
1
Notes:
- The
elevate()
function can only be used in the backend. - Some functions have a
suppressAuth
option for overriding permissions. For these functions, usesuppressAuth
instead ofelevate()
. Check your function's reference documentation to see whethersuppressAuth
orelevate()
is supported.
Function of which to create an instance with elevated permissions.