Closed geraldo closed 4 years ago
remove && current_user_can('subscriber')
moreover, the second part, is disabling access to everything within /wp-admin/ folder. You gotta make sure that admin-ajax.php which is used to add, remove favorites is accessible too
I want admins to have dashboard access, that's why I limit it to current_user_can('subscriber'). So the point is that the plugin needs some files from /wp-admin/ folder, would be great to know which. I tried the following, but still without success:
if ($_SERVER['PHP_SELF'] == '/wp-admin/async-upload.php' || $_SERVER['PHP_SELF'] == '/wp-admin/admin-ajax.php') {
return true;
}
else if (is_admin() && current_user_can('subscriber')) {
wp_redirect(home_url());
exit;
}
I want admins to have dashboard access, that's why I limit it to current_user_can('subscriber'). So the point is that the plugin needs some files from /wp-admin/ folder, would be great to know which. I tried the following, but still without success:
if ($_SERVER['PHP_SELF'] == '/wp-admin/async-upload.php' || $_SERVER['PHP_SELF'] == '/wp-admin/admin-ajax.php') { return true; } else if (is_admin() && current_user_can('subscriber')) { wp_redirect(home_url()); exit; }
this is the logic. of if else and elseif
if (something) {do this} else {do that} elseif {none of the above but this instead}
you are doing if then elseif which is mistake in itself.
moreover, on second part you are telling that when it is_admin (user is administrator) or a subscriber then redirect to home_url. that is wrong.
by the way, there is nothing wrong with people being able to access dashboard. What I would recommend you is that to use a function to redirect everyone to the home page after login. then use another function to hide the dashboard from everyone.
Here is the way to remove dashboard access and still have favorite posts working:
add_action('init', 'remove_dashboard_access');
function remove_dashboard_access() {
if ( is_admin() ) {
if (defined( 'DOING_AJAX' ) && DOING_AJAX )
return;
if (strpos( $_SERVER[ 'REQUEST_URI' ], 'wp-admin/admin-ajax.php' ) !== false)
return;
if (strpos( $_SERVER[ 'REQUEST_URI' ], 'wp-admin/media-upload.php' ) !== false)
return;
if (strpos( $_SERVER[ 'REQUEST_URI' ], 'wp-admin/async-upload.php' ) !== false)
return;
// Remove backend access for subscribers
if ( !current_user_can('edit_posts') ) {
wp_redirect( home_url() );
exit;
}
}
}
Everything works fine with the default configuration and my wordpress subscribers can make favorites. But when I remove their dashboard access, the can't do favorites any more.
I use the following code to remove dashboard access:
Why does making favorites need dashboard access?