Are you using our Profiles extension?
Hi Jeff,
I purchased the new extensions, but the porting to the new TML plugin will be done in the next months by our staff.
Currently, we use the 6.4.17 version.
The problem is that if I restrict a specific role form seeing the admin area the plugins blocks every call to admin-post.php.
Is there a way of allowing it thus restricting the full admin area to the role?
Thanks for your time.
Simone
It should already allow AJAX calls because it checks the DOING_AJAX constant before redirecting. Which 6.4 version do you have installed?
Hi,
the exact version is 6.4.17.
Yes it allows ajax calls, but it should allow post calls to admin-post.php too as in WP is possible to define calls for logged and not logged users
eg.
add_action( 'admin_post_add_foobar', 'prefix_admin_add_foobar' );
//this next action version allows users not logged in to submit requests
//if you want to have both logged in and not logged in users submitting, you have to add both actions!
add_action( 'admin_post_nopriv_add_foobar', 'prefix_admin_add_foobar' );
Sorry, I was mixing up admin-ajax.php and admin-post.php. You can probably override the restirct_admin option before it’s checked when viewing admin-post.php. This is untested but should probably work:
function allow_access_to_admin_post( $theme_my_login ) {
global $pagenow;
if ( 'admin-post.php' != $pagenow ) {
return;
}
if ( class_exists( 'Theme_My_Login_Themed_Profiles' ) ) {
$user = wp_get_current_user();
$user_role = reset( $user->roles );
if ( is_multisite() && empty( $user_role ) ) {
$user_role = 'subscriber';
}
$profiles = Theme_My_Login_Themed_Profiles::get_object();
$profiles->set_option( array( $user_role, 'restrict_admin' ), false );
}
}
add_action( 'tml_modules_loaded', 'allow_access_to_admin_post' );
Hi Jeff,
I’m afraid this doesn’t work.
Even the action is not fired while visiting an admin page.
I checked the code and it seems that the section where the user is redirected is this one:
public function init() {
global $current_user, $pagenow;
if ( is_user_logged_in() && is_admin() ) {
$redirect_to = Theme_My_Login::get_page_link( 'profile' );
$user_role = reset( $current_user->roles );
if ( is_multisite() && empty( $user_role ) )
$user_role = 'subscriber';
if ( 'profile.php' == $pagenow && ! isset( $_REQUEST['page'] ) ) {
if ( $this->get_option( array( $user_role, 'theme_profile' ) ) ) {
if ( ! empty( $_GET ) )
$redirect_to = add_query_arg( (array) $_GET, $redirect_to );
wp_redirect( $redirect_to );
exit;
}
} else {
if ( $this->get_option( array( $user_role, 'restrict_admin' ) ) ) {
if ( ! defined( 'DOING_AJAX' ) ) {
wp_redirect( $redirect_to );
exit;
}
}
}
}
}
Maybe this happens before triggering the tml_modules_loaded action ?
Jeff,
I think you should push an update for this as this is actually a bug, because WP allows calls to admin-post.php for not logged users.
Be sure that you used the updated code, I did change it a few times. And no, the tml_modules_loaded action is fired on plugins_loaded, which happens before init.
