Page list not available anymore when setting security on one page

[xavsio4]

Hello, this is an excellent plugin. However, in wp 3.6.1 (fresh install) I made a login page only visible when logged out. When logged in as admin, trying to hit the page link in admin (to see the page lists) redirects to the website (kicks me out of admin UI). However, the page I'm redirected to can be edited.

So, the page list is not available anymore when putting security on pages.

Regards,

xavier

[cferdinandi]

Hi Xavier - I just tested this on WordPress 3.6.1 using the Twenty Thirteen theme, and I'm unable to reproduce what you're seeing.

Just to clarify:

1. You've created a page with a login form, and set the User Access to "Logged Out Only."
2. In the Admin Dashboard, clicking "Pages" or "All Pages" in the left-hand navigation redirects you to the homepage?

Would you mind sharing any other settings you may have customized in the Web App Settings panel? I can't think of a reason why an Admin would be blocked from viewing the Admin Dashboard—there's not setting in the plugin that should be exhibiting that behavior.

[xavsio4]

Hi Chris, I know it is strange and unexpected. I've just changed the permalinks to post name. For your plugin I've just change for the password to include numbers and letters. Yes, I'm logged in as an admin and when I click pages in the admin it redirects me to the web front end.

What I'm going to do is try a second install and see if it does the same and then I keep you informed.

xavier

On Oct 11, 2013, at 16:24 , Chris Ferdinandi notifications@github.com wrote:

Hi Xavier - I just tested this on WordPress 3.6.1 using the Twenty Thirteen theme, and I'm unable to reproduce what you're seeing.

Just to clarify:

1. You've created a page with a login form, and set the User Access to "Logged Out Only."
2. In the Admin Dashboard, clicking "Pages" or "All Pages" in the left-hand navigation redirects you to the homepage?

Would you mind sharing any other settings you may have customized in the Web App Settings panel? I can't think of a reason why an Admin would be blocked from viewing the Admin Dashboard—there's not setting in the plugin that should be exhibiting that behavior.

— Reply to this email directly or view it on GitHub.

[xavsio4]

Yes it did it again. But it does on one of my misconception. I've just created "a change password" page and paste the form code you provided. When i change it to be displayed only on "logged out" (that's the misconception !) it prevents me then to get back to the page list by redirecting me.

Hope this help.

xavier

On Oct 11, 2013, at 16:24 , Chris Ferdinandi notifications@github.com wrote:

Hi Xavier - I just tested this on WordPress 3.6.1 using the Twenty Thirteen theme, and I'm unable to reproduce what you're seeing.

Just to clarify:

1. You've created a page with a login form, and set the User Access to "Logged Out Only."
2. In the Admin Dashboard, clicking "Pages" or "All Pages" in the left-hand navigation redirects you to the homepage?

Would you mind sharing any other settings you may have customized in the Web App Settings panel? I can't think of a reason why an Admin would be blocked from viewing the Admin Dashboard—there's not setting in the plugin that should be exhibiting that behavior.

— Reply to this email directly or view it on GitHub.

[cferdinandi]

@xavsio4 - If you're trying to view the "logged out only" page on the front end, you would be redirected (since you're logged in). If you're just looking at the list of all your pages in the admin area, you shouldn't be redirected.

Is it redirecting you when you try to view the Login page, or All Pages?

[xavsio4]

Only when i try to view the list of pages in admin ui.

Sent from my iPhone

On 11 oct. 2013, at 17:05, Chris Ferdinandi notifications@github.com wrote:

@xavsio4 - If you're trying to view the "logged out only" page on the front end, you would be redirected (since you're logged in). If you're just looking at the list of all your pages in the admin area, you shouldn't be redirected.

Is it redirecting you when you try to view the Login page, or All Pages?

— Reply to this email directly or view it on GitHub.

[cferdinandi]

Do you have any other plugins installed? I wonder if there's a conflict somewhere...

[xavsio4]

No plugin ! Fresh install! I can zip you th whole thing if you want to. But just creta a login, registration and change password page. Copy the adequate shortcodes in each of them and then just change the change password one to only for logged out (ok, that's twisted !) go to the site, get back in admin ui and try getting to the page list. For me, on 2 fresh installs it redirects me to the site.

Xavier

On 11 oct. 2013, at 19:18, Chris Ferdinandi notifications@github.com wrote:

Do you have any other plugins installed? I wonder if there's a conflict somewhere...

— Reply to this email directly or view it on GitHub.

[cferdinandi]

Just managed to reproduce the error! That's not a good thing, obviously, but it's a start. Now I can begin to figure out what's going on here... Thanks for all the info, Xavier. I'll get this fixed!

[cferdinandi]

So the combination I'm seeing: the signup form shortcode with logged out only access creates the issue. All other setting types do not. Oddly, you can still get to the individual pages, just not the all pages list.

[xavsio4]

Yes, that's it. On Oct 12, 2013, at 4:28 , Chris Ferdinandi notifications@github.com wrote:

So the combination I'm seeing: the signup form shortcode with logged out only access creates the issue. All other setting types do not. Oddly, you can still get to the individual pages, just not the all pages list.

— Reply to this email directly or view it on GitHub.

[cferdinandi]

Fixed with commit: https://github.com/cferdinandi/web-app-starter-kit/commit/909db1a3eb7f3075c232111cff28a272ba1b5e17

Here's what was happening. This function gets the user access for any given post, and assesses if the user has permission to view it. If not, it redirect them.

function wpwebapp_process_user_access_page_settings() {

    // Variables
    global $post;
    $user_access_setting = get_post_meta( $post->ID, 'wpwebapp_user_access_setting', true );
    $redirect_logged_in = esc_url_raw( wpwebapp_get_redirect_url_logged_in() );
    $redirect_logged_out = esc_url_raw( wpwebapp_get_redirect_url_logged_out() );

    // If user doesn't meet required criteria, redirect them
    if ( $user_access_setting == 'loggedin' && !is_user_logged_in() ) {
        wp_safe_redirect( $redirect_logged_out, 302 );
        exit;
    } else if ( $user_access_setting == 'loggedout' && is_user_logged_in() && !is_admin() ) {
        wp_safe_redirect( $redirect_logged_in, 302 );
        exit;
    }

}

In the admin screen, the "All Pages" view is a loop. In a list of multiple posts or pages, the first post is the one who's values get grabbed. So, the wpwebapp_user_access_setting for the first page in the "All Pages" area gets applied to that whole list of pages. When the first post is for logged out users only, there's no way to see it because you can only see that list while logged in, and the plugin would redirect you.

Adding a simple check to make sure the user isn't in the Admin dashboard before applying a redirect fixed the bug.

Thanks for letting me know about this! Really appreciate it!

[xavsio4]

Thank you chris for the very quick fix. Again, nice job here ! Cheers. Xavier

Sent from my iPhone

On 12 oct. 2013, at 16:24, Chris Ferdinandi notifications@github.com wrote:

Fixed with commit: 909db1a

Here's what was happening. This function gets the user access for any given post, and assesses if the user has permission to view it. If not, it redirect them.

function wpwebapp_process_user_access_page_settings() {

// Variables
global $post;
$user_access_setting = get_post_meta( $post->ID, 'wpwebapp_user_access_setting', true );
$redirect_logged_in = esc_url_raw( wpwebapp_get_redirect_url_logged_in() );
$redirect_logged_out = esc_url_raw( wpwebapp_get_redirect_url_logged_out() );

// If user doesn't meet required criteria, redirect them
if ( $user_access_setting == 'loggedin' && !is_user_logged_in() ) {
    wp_safe_redirect( $redirect_logged_out, 302 );
    exit;
} else if ( $user_access_setting == 'loggedout' && is_user_logged_in() && !is_admin() ) {
    wp_safe_redirect( $redirect_logged_in, 302 );
    exit;
}

} In the admin screen, the "All Pages" view is just a simple foreach loop. In a list of multiple posts or pages, the first post is the one who's values get grabbed. So, the wpwebapp_user_access_setting for the first page in the "All Pages" area gets applied to that whole list of pages. When the first post is for logged out users only, there's no way to see it because you can only see that list while logged in, and the plugin would redirect you.

Adding a simple check to make sure the user isn't in the Admin dashboard before applying a redirect fixed the bug.

Thanks for letting me know about this! Really appreciate it!

— Reply to this email directly or view it on GitHub.

[cferdinandi]

Happy to help! Thanks for the bug report...