- fixed admin_post and admin_post_nopriv requests when user hasn't ability to see wp-admin;

This commit is contained in:
nikitasinelnikov
2019-10-01 15:34:30 +03:00
parent b9eeb40012
commit ff9f6afe31
+12 -2
View File
@@ -7,8 +7,18 @@ if ( ! defined( 'ABSPATH' ) ) exit;
* Checks if user can access the backend
*/
function um_block_wpadmin_by_user_role() {
if ( is_admin() && ! defined( 'DOING_AJAX' ) && um_user( 'ID' ) && ! um_user( 'can_access_wpadmin' ) && ! is_super_admin( um_user( 'ID' ) ) ) {
um_redirect_home();
if ( is_admin() && ! defined( 'DOING_AJAX' ) ) {
$action = empty( $_REQUEST['action'] ) ? '' : $_REQUEST['action'];
// filter that it's not admin_post or admin_post_nopriv request
$url_attr = parse_url( UM()->permalinks()->get_current_url() );
if ( is_user_logged_in() && ! empty( $action ) && $url_attr['path'] == '/wp-admin/admin-post.php' ) {
return;
}
if ( um_user( 'ID' ) && ! um_user( 'can_access_wpadmin' ) && ! is_super_admin( um_user( 'ID' ) ) ) {
um_redirect_home();
}
}
}
add_action( 'init', 'um_block_wpadmin_by_user_role', 99 );