uicomponent – how to apply last filters saved in custom bookmark in frontend UI Component listing?

I created listing using UI Component in frontend. I also created custom bookmark for saving the state of the UI Component because I want store it as a customer, because the default bookmark only save state of admin user.

UI Component XML

<?xml version="1.0" encoding="UTF-8"?>
<listing xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="urn:magento:module:Magento_Ui:etc/ui_configuration.xsd">
    <argument name="data" xsi:type="array">
        <item name="js_config" xsi:type="array">
            <item name="provider" xsi:type="string">rendyep_orderexport_log_listing.rendyep_orderexport_log_listing_data_source</item>
    <dataSource name="rendyep_orderexport_log_listing_data_source" component="Magento_Ui/js/grid/provider">
                <param name="indexField" xsi:type="string">log_id</param>
            <updateUrl path="mui/index/render"/>
        <dataProvider class="MagentoFrameworkViewElementUiComponentDataProviderDataProvider" name="xtento_orderexport_log_listing_data_source">
    <listingToolbar name="listing_top">
        <bookmark name="bookmarks">
                    <param name="saveUrl" xsi:type="url" path="rendyep/bookmark/save"/>
                    <param name="deleteUrl" xsi:type="url" path="rendyep/bookmark/delete"/>
        <columnsControls name="columns_controls"/>
        <filters name="listing_filters"/>
        <paging name="listing_paging"/>
    <columns name="rendyep_orderexport_log_columns">
        <selectionsColumn name="ids">
        <column name="log_id" sortOrder="10">
                <label translate="true">Log ID</label>
        <column name="profile_id" component="Magento_Ui/js/grid/columns/select" sortOrder="40">
                <options class="RendyepOrderExportUiComponentListingOptionsOrderExportLogProfiles"/>
                <label translate="true">Profile</label>

Custom bookmark table & related things

Basically the custom bookmark table, model, controller that handle the save and delete, and all PHP classes related to it (BookmarkManagement, BookmarkRepository, etc) is the same as the default bookmark, except that the user_id field is linked to customer_entity instead of admin_user.
The data is also stored successfully in database when the listing requested data update using the custom saveUrl:

# bookmark_id   user_id namespace   identifier  current title   config  created_at  updated_at
14  15  rendyep_orderexport_log_listing current 0       {"current":{"filters":{"applied":{"placeholder":true,"profile_id":"2"}},"displayMode":"grid","columns":{"log_id":{"visible":true,"sorting":false},"files":{"visible":true,"sorting":false},"records_exported":{"visible":true,"sorting":false},"result":{"visible":true,"sorting":false},"result_message":{"visible":true,"sorting":false},"ids":{"visible":true,"sorting":false},"export_type":{"visible":true,"sorting":false},"entity":{"visible":true,"sorting":false},"profile_id":{"visible":true,"sorting":false},"created_at":{"visible":true,"sorting":false},"manual_export":{"visible":true,"sorting":false}},"paging":{"options":{"20":{"value":20,"label":20},"30":{"value":30,"label":30},"50":{"value":50,"label":50},"100":{"value":100,"label":100},"200":{"value":200,"label":200}},"value":30},"positions":{"ids":0,"log_id":1,"export_type":2,"entity":3,"profile_id":4,"files":5,"records_exported":6,"result":7,"result_message":8,"created_at":9,"manual_export":10}}}   0000-00-00 00:00:00 0000-00-00 00:00:00
15  15  rendyep_orderexport_log_listing default 1   Default View    {"views":{"default":{"label":"Default View","index":"default","editable":false,"data":{"filters":{"applied":{"placeholder":true}},"displayMode":"grid","columns":{"log_id":{"visible":true,"sorting":false},"files":{"visible":true,"sorting":false},"records_exported":{"visible":true,"sorting":false},"result":{"visible":true,"sorting":false},"result_message":{"visible":true,"sorting":false},"ids":{"visible":true,"sorting":false},"export_type":{"visible":true,"sorting":false},"entity":{"visible":true,"sorting":false},"profile_id":{"visible":true,"sorting":false},"created_at":{"visible":true,"sorting":false},"manual_export":{"visible":true,"sorting":false}},"paging":{"options":{"20":{"value":20,"label":20},"30":{"value":30,"label":30},"50":{"value":50,"label":50},"100":{"value":100,"label":100},"200":{"value":200,"label":200}},"value":20},"positions":{"ids":0,"log_id":1,"export_type":2,"entity":3,"profile_id":4,"files":5,"records_exported":6,"result":7,"result_message":8,"created_at":9,"manual_export":10}},"value":"Default View"}}}    0000-00-00 00:00:00 0000-00-00 00:00:00

The Issue

After applying any filter(s), the custom bookmark data is updated successfully in database. But when I reload the listing page, the filter is gone and is not populated, and the custom bookmark data is reset to its original state without any filters in it.

Is there a way to populate the filters using the last saved ones in custom bookmark data upon reloading the listing page?

git – Should frontend and backend be on separate GitHub repos?

We are new to git, but this fundamental question needs to be sorted out before we can begin. It’s two devs who have been working standalone for a while. Now the time has come to adopt git (at the first sight of sending each other zips and poking the same files). I work on both front&back, he works only on the back. So teamwork only happens on the backend. It’s a WordPress plugin that currently has a standalone backend and a frontend and they are installed separately. (Commercial, so no SVN here.) Obviously they will be merged into one, especially for production/release. What’s the best practice here? My ideas:

  • A. 1 repo that clones into the /wp-content/plugins/ folder of our dev WP installations, ourplugin-front and ourplugin-back then .gitignore any other folders from plugins. One day when we are ready to forge the two, we’ll just create a common ourplugin folder and move the files there.
  • B. 2 repos, one for each side. Eventually one side will get abandoned when its files begin existing on the other one. We’d rename the winning repo, while losing versions/history of the transferred files.
  • C. 2 repos, but combining the actual repos once we no longer work standalone. Since I’m new to this, it might be a clusterfck but I read that it’s possible. Or we could decide what we want now and avoid this as it’d turn into A. anyway.
  • D. 2 repos. Combine only at production build and do not store the built/combined version on git at all. Not sure what tool would pull from 2 repos, build, and combine things into one. Sounds fancy. Would need to keep the front up to date for the backend guy on his machine though (scheduled git pull or something).

kernel – Running Mathematica on a Remote Machine (using frontend and ssh)

I’ve been trying to run my Mathematica code on a remote machine. I’m using Windows and the remote machine is a Linux machine. I write a notebook on my local machine, convert it to a .m file, and use WinSCP to put it onto the remote machine.

I attempted to connect to the remote machine through the front end (https://reference.wolfram.com/language/howto/ConnectToARemoteKernel.html) but got the error:
The kernel failed to connect to the front end. (Error = MLECONNECT). You should try running the kernel connection outside the front end.

So I then decided to ssh onto the remote machine and run code through the command line. However, none of my .m files would run. There’d be no error, but there’d be no output either.
I decided to try the following answer, where I create a shell script:
Remote Kernel – Error = MLECONNECT

But it fails with Exit Code 65280, alongside the following error: Bad port ‘w’

I’m really quite lost as to what the issue is. I’ve turned off my firewall to no avail. And if I write a Mathematica script on the machine and run it, it works. I attempted to establish a VPN connection with the remote machine but then got the error: The remote connection was not made because the attempted VPN tunnels failed. Are there basic checks that I should be doing?

I’d be hugely grateful for any help.

adminhtml – how to check admin loggedin or not on frontend magento 2

how to check admin loggedIn or not on front-end magento 2 .I have tried this

class BackendAuthUserLoginSuccess implements ObserverInterface

     * (non-PHPdoc)
     * @see MagentoFrameworkEventObserverInterface::execute()
    public function execute(MagentoFrameworkEventObserver $observer) {
        if (! isset($_COOKIE(self::DEFAULT_SESSION_NAME_OF_FRONTEND))) return;
        $backSessionId = session_id();
        $frontendSessionId = $_COOKIE(self::DEFAULT_SESSION_NAME_OF_FRONTEND);
        $_SESSION('admin') = ($backSessionId);

javascript – How to limit access to media library using wp.media on the frontend?

I am trying to make a frontend page for my plugin where users can create a post (CPT) and attach a thumbnail to it.

I call wp_enqueue_media(); and use this HTML in the form:

    <label for="post_image">Name</label>
    <input type="text" id="post_image">
    <button type="button" class="btn js-image-upload">Select Image</button>

with this js code for the media uploader

$(document).on('click', '.js-image-upload', function(e) {

        var button = $(this);

        var file_frame = wp.media.frames.file_frame = wp.media({
            title: 'Select or Upload an Image',
            library: {
                type: 'image'
            button: {
                text: 'Select Image'
            multiple: false

        file_frame.on('select', function() {
            var attachment = file_frame.state().get('selection').first().toJSON();



It’s still work in progress, but the uploading and selecting of images works so far. However, I would like to limit access to media library. Currently a user can access any previously uploaded files by other users.

Is it possible that users can only access images that they uploaded themselves?

I was wondering if that can be accomplished with setting the appropriate arguments when calling wp.media({...}). But I cannot even find a list with valid options, I checked the codex, but without success.

design – What is a good pattern for passing a list of constant strings to front-end via GraphQL

This is using Python and the Graphene library.

I want to provide a list of constants to my front-end via GraphQL. I went down the route of using inspection, but it will only output the keys of the enum. Not the values. I learned that Graphene enums only contain name/description.

      __type(name: "FruitEnum") {
        enumValues {

this returns

  "data": {
    "__type": {
      "enumValues": (
          "name": "APPLE",
          "description": null
          "name": "BANANA",
          "description": null
          "name": "ORANGE",
          "description": null
  "errors": null

This is what the actual enum looks like

class FruitEnum(Enum):
    APPLE = "Apple -- but could also be other information for the front end"
    BANANA = "Banana"
    ORANGE = "Orange"

Is there a preferred way of exposing a list of constants like this through GraphQL? Can introspection be modified with a resolver to read the value? I am taking a regular Python enum and registering it with Graphene using the Enum.from_enum function.

web browser – CSRF Security Independent From Front-End

Yes, one method of ensuring CSRF protection is to check the Origin and Referrer headers to see whether they match the expected origin, as these headers cannot be overwritten by any frontend code. However, the origin header is only sent on POST or CORS requests, and the browser implementations of these headers have historically not been consistent; e.g. possibly allowing JavaScript to spoof one or more of the headers (modern browsers should behave correctly, although I cannot speak for the future spec or implementation).

This protection only requires implementing a server-side check on every POST request. It is important to deny the request if the sent origin doesn’t match, or if none was sent at all.

The OWASP CSRF Cheat Sheet includes some reasons for why you may not want to use this method exclusively. However, if you face none of those restrictions, I personally feel that this method is okay to use in lieu of a more complex method.