Commit 18229dea authored by Eric Windham's avatar Eric Windham

added auth check to delete All sub data

parent 6674c34f
Pipeline #3623 passed with stages
in 2 minutes and 9 seconds
......@@ -124,6 +124,23 @@ jQuery(document).ready(function($) {
).then (function( response ) {
formIndex = formIndex + 1;
response = JSON.parse( response );
if(response.data.hasOwnProperty('errors')) {
var errors = response.data.errors;
var errorMsg = '';
if (Array.isArray(errors)) {
errors.forEach(function(error) {
errors += error + "\n";
})
} else {
errors = errors;
}
console.log('Delete All Data Errors: ', errors);
alert(errors);
return null;
}
// we expect success and then move to the next form
if( response.data.success ) {
if( formIndex < nfAdmin.forms.length ) {
......
......@@ -9,6 +9,12 @@ class NF_AJAX_Controllers_DeleteAllData extends NF_Abstracts_Controller
public function delete_all_data()
{
// Does the current user have admin privileges
if (!current_user_can('manage_options')) {
$this->_data['errors'] = __('Access denied. You must have admin privileges to view this data.', 'ninja-forms');
$this->_respond();
}
check_ajax_referer( 'ninja_forms_settings_nonce', 'security' );
global $wpdb;
......
......@@ -18,7 +18,13 @@ class NF_AJAX_REST_RequiredUpdate extends NF_AJAX_REST_Controller
*/
public function post( $request_data )
{
$data = array();
$data = array();
// Does the current user have admin privileges
if (!current_user_can('manage_options')) {
$data['error'] = __('Access denied. You must have admin privileges to view this data.', 'ninja-forms');
return $data;
}
// If we don't have a nonce...
// OR if the nonce is invalid...
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment