elevate( )


Allows a site visitor to call a function without the required permissions.

Warning: The elevate() function enables site visitors to call functions without the required permissions. Exercise caution when using this function to prevent security vulnerabilities.

The elevate() function receives a function requiring permissions and returns an instance of the same function that any site visitor can run.

Some functions require specific roles and permissions to run. Other functions may limit functionality depending on the the visitor's roles and permissions. Using elevate() bypasses the permissions by elevating the site visitor's permissions to the highest level.

For example, the wix-bookings-backend function confirmBooking() requires Bookings Admin permissions. Use elevate() to allow any visitor to run confirmBooking().

Copy

Notes:

  • The elevate() function can only be used in the backend.
  • Some functions have a suppressAuth option for overriding permissions. For these functions, use suppressAuth instead of elevate(). Check your function's reference documentation to see whether suppressAuth or elevate() is supported.
Method Declaration
Copy
Method Parameters
sourceFunctionFunctionRequired

Function of which to create an instance with elevated permissions.

Returns
Return Type:Function
Did this help?