deny access to url for role

  • losrack

    (@carlos-jaramillo)


    8 years, 6 months ago

    Hi,

    I need some help with this bit of code … the thing is I am trying to deny access to a role name for a specific part of the admin area. 

    /*
 * If user is not a SuperAdmin, when they try to access the below URLs they are redirected back to the dashboard.
 */
function restrict_admin_with_redirect() {

	$restrictions = array(
		'wp-admin/admin.php?page=wpca-settings'
			);

	foreach ( $restrictions as $restriction ) {

		if ( ! current_user_can( 'manage_network' ) && $_SERVER['PHP_SELF'] == $restriction ) {
			wp_redirect( admin_url() );
			exit;
		}

	}

}
add_action( 'admin_init', 'restrict_admin_with_redirect' );

    I am placing this code to my functions php but I can not get it to work.

    Any help would be much appreciated

Viewing 5 replies - 1 through 5 (of 5 total)
  • Moderator bcworkz

    (@bcworkz)

    $_SERVER['PHP_SELF'] does not include URL query strings, so in your example its value would simply be ‘/wp-admin/admin.php’, which could mean any number of menu pages. You are also not accounting for installations beyond the site’s root public folder. If you wish to use your code on other installations, this needs to be dealt with. If for your own installation only, don’t worry about it.

    However, note that the paths returned by $_SERVER values always begin an initial slash (at least for Apache/Linux installs), so the value to check for is “/wp-admin/admin.php?page=wpca-settings”. These values are better checked against $_SERVER['REQUEST_URI'], which includes the URL query string you need.

    While looping through an array of restricted URLs will work for you, consider using in_array() instead. It’s much simpler and probably faster, not that an array of one would make much difference. The entire loop then becomes just another if() condition to satisfy.
    if ( in_array( $_SERVER['REQUEST_URI'], $restrictions ) && ...

    Thread Starter losrack

    (@carlos-jaramillo)

    Hi bcworks,

    I have tried replacing the php_self by ‘ /wp-admin/admin.php’

    .. at east is what I understood that I needed to change. Forgive my ignorance. But I haven’t been able to get it working. I know very little of php.

    Would you mind writing what I need … for me to copy paste the code … I have spend so many hours writing stuff on so many other things .. i am trying to learn here … but give me some time LOL …

    Thanks for your reply

    Moderator bcworkz

    (@bcworkz)

    This is what I was thinking:

    function restrict_admin_with_redirect() {
   $restrictions = array(
      '/wp-admin/admin.php?page=wpca-settings',
   );
   if ( ! current_user_can( 'manage_network' ) && in_array( $_SERVER['REQUEST_URI'], $restrictions )) {
      wp_redirect( admin_url() );
      exit;
   }
}
add_action( 'admin_init', 'restrict_admin_with_redirect' );

    Untested though. If it’s still not working for you, temporarily add the following line as the first thing executed:
    print_r( $_SERVER['REQUEST_URI'] );

    Then go to a page that you want to restrict. Verify the output exactly matches the string in the restriction array. Depending on your theme, you might have to use your browser’s source view to see the output. This output will cause a headers already sent error if a redirect is attempted, but you’ll still get the data you need, after which remove or comment out the line.

    Thread Starter losrack

    (@carlos-jaramillo)

    Hi …

    It did not work …

    thanks thou.

    Moderator bcworkz

    (@bcworkz)

    Huh, seemed OK to me, so I tested on my installation and it works as expected. It’s critical the $restrictions array contains the proper value, which is why I suggested using print_r( $_SERVER['REQUEST_URI'] ); to verify this. Maybe the proper value is more like this:
    /wp-admin/admin.php?page=wpca-settings.php

    This is the one thing I cannot test for you. If you are sure the value is correct, the only other possibility is some unusual conflict with other code.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘deny access to url for role’ is closed to new replies.