Viktor Miller
4706f72ba4
- Create DDHH_JM_Access_Control class with redirect logic - Redirect providers from WP-Admin to dashboard page - Preserve access to profile.php for password/email changes - Preserve access to admin-ajax.php for AJAX requests - Integrate access control hooks in main plugin class Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
120 lines
3.1 KiB
PHP
120 lines
3.1 KiB
PHP
<?php
|
|
/**
|
|
* Access Control class
|
|
*
|
|
* Handles access restrictions and redirects for provider role
|
|
*
|
|
* @package DDHH_Job_Manager
|
|
*/
|
|
|
|
// Exit if accessed directly.
|
|
defined( 'ABSPATH' ) || exit;
|
|
|
|
/**
|
|
* Access Control class
|
|
*/
|
|
class DDHH_JM_Access_Control {
|
|
|
|
/**
|
|
* Initialize hooks
|
|
*/
|
|
public static function setup_hooks() {
|
|
// Redirect providers away from WP-Admin
|
|
add_action( 'admin_init', array( __CLASS__, 'redirect_providers_from_admin' ) );
|
|
|
|
// Protect dashboard page (logged-in providers only)
|
|
add_action( 'template_redirect', array( __CLASS__, 'protect_dashboard' ) );
|
|
}
|
|
|
|
/**
|
|
* Redirect providers away from WP-Admin (except profile and AJAX)
|
|
*/
|
|
public static function redirect_providers_from_admin() {
|
|
// Get current user
|
|
$user = wp_get_current_user();
|
|
|
|
// Check if user has ddhh_provider role
|
|
if ( ! in_array( 'ddhh_provider', (array) $user->roles, true ) ) {
|
|
return; // Not a provider, allow access
|
|
}
|
|
|
|
// Allow access to profile.php (providers can edit their profile)
|
|
// phpcs:ignore WordPress.Security.NonceVerification.Recommended
|
|
if ( isset( $_SERVER['SCRIPT_NAME'] ) && strpos( $_SERVER['SCRIPT_NAME'], 'profile.php' ) !== false ) {
|
|
return;
|
|
}
|
|
|
|
// Allow access to admin-ajax.php (needed for AJAX requests)
|
|
// phpcs:ignore WordPress.Security.NonceVerification.Recommended
|
|
if ( isset( $_SERVER['SCRIPT_NAME'] ) && strpos( $_SERVER['SCRIPT_NAME'], 'admin-ajax.php' ) !== false ) {
|
|
return;
|
|
}
|
|
|
|
// Get dashboard page URL
|
|
$dashboard_page_id = get_option( 'ddhh_jm_dashboard_page_id' );
|
|
if ( ! $dashboard_page_id ) {
|
|
return; // Dashboard page not created yet
|
|
}
|
|
|
|
$dashboard_url = get_permalink( $dashboard_page_id );
|
|
if ( ! $dashboard_url ) {
|
|
return; // Could not get dashboard URL
|
|
}
|
|
|
|
// Redirect to dashboard
|
|
wp_redirect( $dashboard_url );
|
|
exit;
|
|
}
|
|
|
|
/**
|
|
* Protect dashboard page (logged-in providers only)
|
|
*/
|
|
public static function protect_dashboard() {
|
|
// Get dashboard page ID
|
|
$dashboard_page_id = get_option( 'ddhh_jm_dashboard_page_id' );
|
|
if ( ! $dashboard_page_id ) {
|
|
return; // Dashboard page not created yet
|
|
}
|
|
|
|
// Check if current page is dashboard page
|
|
if ( ! is_page( $dashboard_page_id ) ) {
|
|
return; // Not dashboard page
|
|
}
|
|
|
|
// Check if user is logged in
|
|
if ( ! is_user_logged_in() ) {
|
|
// Get login page URL
|
|
$login_page_id = get_option( 'ddhh_jm_login_page_id' );
|
|
if ( $login_page_id ) {
|
|
$login_url = get_permalink( $login_page_id );
|
|
if ( $login_url ) {
|
|
wp_redirect( $login_url );
|
|
exit;
|
|
}
|
|
}
|
|
|
|
// Fallback to WordPress login
|
|
wp_redirect( wp_login_url( get_permalink( $dashboard_page_id ) ) );
|
|
exit;
|
|
}
|
|
|
|
// Check if user has ddhh_provider role
|
|
$user = wp_get_current_user();
|
|
if ( ! in_array( 'ddhh_provider', (array) $user->roles, true ) ) {
|
|
// User is logged in but not a provider
|
|
$login_page_id = get_option( 'ddhh_jm_login_page_id' );
|
|
if ( $login_page_id ) {
|
|
$login_url = get_permalink( $login_page_id );
|
|
if ( $login_url ) {
|
|
wp_redirect( $login_url );
|
|
exit;
|
|
}
|
|
}
|
|
|
|
// Fallback to WordPress login
|
|
wp_redirect( wp_login_url( get_permalink( $dashboard_page_id ) ) );
|
|
exit;
|
|
}
|
|
}
|
|
}
|