> Portal Navigation: > > - Append `.md` to any URL under `https://dev.wix.com/docs/` to get its markdown version. > - Pages are either content pages (article or reference text) or menu pages (a list of links to child pages). > - To get a menu page, truncate any URL to a parent path and append `.md` (e.g. `https://dev.wix.com/docs/sdk.md`, `https://dev.wix.com/docs/sdk/core-modules.md`). > - Top-level index of all portals: https://dev.wix.com/docs/llms.txt > - Full concatenated docs: https://dev.wix.com/docs/llms-full.txt # Method name: elevate(sourceFunction: Function) # Method package: wixAuth # Method menu location: wixAuth --> elevate # Method Link: https://dev.wix.com/docs/velo/apis/wix-auth/elevate.md # Method Description: Creates a copy of a method that includes the elevated permissions required by the original method. Some methods are restricted as to who can call them, based on [identities](https://dev.wix.com/docs/develop-websites/articles/coding-with-velo/authorization/identities.md) and/or [permissions](https://support.wix.com/en/article/roles-permissions-overview). For example, the [`createProduct()`](https://dev.wix.com/docs/velo/api-reference/wix-stores-backend/create-product.md) method can only be called by Wix users, while the [`confirmBooking()`](https://dev.wix.com/docs/velo/api-reference/wix-bookings-v2/bookings/confirm-booking.md) method can only be called by site collaborators who have certain administrative bookings permissions. Methods that have authentication restrictions are indicated by an authentication note in their descriptions. When you need to call a method without the necessary authentication or permissions, create an elevated version of the method and call that elevated method instead. Due to potential security issues, the `elevate()` method can only be called in the backend. __Warning__: Elevation permits users to call methods they typically cannot access. Therefore, you should only use it intentionally and securely. Be selective about when to use `elevate()`, especially when writing backend code that can be triggered from the frontend using a [web method](https://dev.wix.com/docs/velo/api-reference/wix-web-module/web-method.md) or backend code that is exposed as an API using [HTTP functions](https://dev.wix.com/docs/velo/api-reference/wix-http-functions/introduction.md). # Method Code Examples: *** Note: do not assume any prop names or enum values other than the ones in the example. ## Elevate permissions for visitors using wix-bookings-backend.confirmBooking ```javascript import { Permissions, webMethod } from 'wix-web-module'; import { bookings } from 'wix-bookings-backend'; import { elevate } from 'wix-auth'; // Sample bookingId value: '001c0674-d7c9-4c77-acb5-b492b427b201' export const myElevatedConfirmBookingFunction = webMethod(Permissions.Anyone, async (bookingId) =>{ try { const elevatedConfirmBooking = elevate(bookings.confirmBooking); const confirmedBookingId = await elevatedConfirmBooking(bookingId); console.log('Success! Confirmed booking:', confirmedBookingId); return confirmedBookingId; } catch (error) { console.error(error); // Handle error } }); /* Returns: * "001c0674-d7c9-4c77-acb5-b492b427b201" */ ``` ## Elevate permissions for visitors using wix-crm-backend.getContact ```javascript import { Permissions, webMethod } from 'wix-web-module'; import { contacts } from 'wix-crm-backend'; import * as wixAuth from 'wix-auth'; // Sample contactId value: 'bc0ae72b-3285-485b-b0ad-c32c769a4daf' export const myElevatedGetContactFunction = webMethod(Permissions.Anyone, async (contactId) => { try { const elevatedGetContact = wixAuth.elevate(contacts.getContact); const myContact = await elevatedGetContact(contactId); const id = myContact._id; const firstName = myContact.info.name.first; const lastName = myContact.info.name.last; console.log('Success! Got contact:', myContact); return myContact; } catch (error) { console.error(error); // Handle error } }); /* Returns: * { * "_id": "bc0ae72b-3285-485b-b0ad-c32c769a4daf", * "_createdDate": "2021-03-30T13:12:39.650Z", * "_updatedDate": "2021-03-30T13:12:39.650Z", * "revision": 0, * "info": { * "name": { * "first": "Gene", * "last": "Lopez" * }, * "birthdate": "1981-11-02", * "company": "Borer and Sons, Attorneys at Law", * "jobTitle": "Senior Staff Attorney", * "labelKeys": [ * "custom.white-glove-treatment", * "contacts.contacted-me", * "custom.new-lead" * ], * "locale": "en-us", * "emails": [ * { * "_id": "5bdcce4a-37c2-46ed-b49c-d562c6e3c4ce", * "tag": "HOME", * "email": "gene.lopez.at.home@example.com", * "primary": true * }, * { * "_id": "78e5f398-e148-448d-b490-7c0b7d2ab336", * "tag": "WORK", * "email": "gene.lopez@example.com", * "primary": false * } * ], * "phones": [ * { * "_id": "820e4640-ffe0-4980-a097-62a715e73135", * "tag": "MOBILE", * "countryCode": "US", * "phone": "(722)-138-3099", * "primary": true * }, * { * "_id": "8506549e-e4f8-42f6-b6fc-9db155b582ef", * "tag": "HOME", * "countryCode": "US", * "phone": "(704)-454-1233", * "e164Phone": "+17044541233", * "primary": false * } * ], * "addresses": [ * { * "address": { * "formatted": "9834 Bollinger Rd\nEl Cajon, WY 97766\nUS", * "location": { * "latitude": 84.1048, * "longitude": -116.8836 * }, * "city": "El Cajon", * "subdivision": "US-WY", * "country": "US", * "postalCode": "97766", * "streetAddress": { * "name": "Bollinger Rd", * "number": "9834", * "apt": "" * } * }, * "_id": "8532051f-91f2-42d9-9a97-9f2c39e64f7a", * "tag": "HOME" * } * ], * "profilePicture": "https://randomuser.me/api/portraits/men/0.jpg", * "extendedFields": { * "contacts.displayByLastName": "Lopez Gene", * "emailSubscriptions.deliverabilityStatus": "NOT_SET", * "emailSubscriptions.subscriptionStatus": "NOT_SET", * "custom.event-we-met-at": "LegalBigData", * "emailSubscriptions.effectiveEmail": "gene.lopez.at.home@example.com", * "contacts.displayByFirstName": "Gene Lopez" * } * }, * "lastActivity": { * "activityDate": "2021-03-30T13:12:39.649Z", * "activityType": "CONTACT_CREATED" * }, * "primaryInfo": { * "email": "gene.lopez.at.home@example.com", * "phone": "(722)-138-3099" * }, * "source": { * "sourceType": "OTHER" * } * } */ ``` ## Elevate permissions for visitors using wix-pro-gallery-backend.createGallery ```javascript import { Permissions, webMethod } from 'wix-web-module'; import { proGallery } from 'wix-pro-gallery-backend'; import { elevate } from 'wix-auth'; // Sample cloneFromGalleryId value: '10874ccf-5867-4225-9550-3885079bad66' export const myCreateGalleryFunction = webMethod(Permissions.Anyone, async (cloneFromGalleryId) => { try { const elevatedCreateGallery = elevate(proGallery.createGallery); const newGallery = await elevatedCreateGallery({cloneFromGalleryId}); const id = newGallery._id; const name = newGallery.name; const items = newGallery.items; const firstItemTitle = newGallery.items[0].title; console.log('Success! Created a new gallery:', newGallery); return newGallery; } catch (error) { console.error(error); // Handle the error } }); /* Returns: * { * "gallery": { * "_createdDate": "Sun Jul 10 2022 07:23:47, * "_id":"d4960668-a1f9-421b-99ed-974b632107c0", * "items": [ * { * "_createdDate": Sun Jul 10 2022 07:23:47, * "_id": "229265c7-0f61-45ve-b433-791nncadf4c5", * "_updatedDate": Sun Jul 10 2022 07:23:47, * "description": "This is the first item in my gallery.", * "sortOrder": 1657439075188, * "title": "Item 1", * "type": "IMAGE", * "image": { * "imageInfo": "wix:image://v1/38939f9568z222d6avc6285c9ac1e9129.jpg/38939f9568z222d6avc6285c9ac1e9129.jpg#originWidth=200&originHeight=199" * } * }, * { * "_createdDate": Sun Jul 10 2022 07:29:27, * "_id": "4507a07b-ab93-4326-a222-6d0bd8da0625", * "_updatedDate": Sun Jul 10 2022 07:29:27, * "description": "This is the second item in my gallery.", * "sortOrder": 1857439076244, * "title": "Item 2", * "type": "IMAGE", * "image": { * "imageInfo": "wix:image://v1/25139f9568b74d8aac6286c9ac1e8186.jpg/25139f9568b74d8aac6286c9ac1e8186.jpg#originWidth=4000&originHeight=2667" * } * }], * "name": "My New Gallery", * "sortOrder": "1098567432267", * "totalItems": 2 * } * } */ ``` ---