The MU forums have moved to WordPress.org

get current user role on current blog? (9 posts)

  1. stacef
    Member
    Posted 14 years ago #

    Hi,
    I'm trying to figure out a way to test for the current user's role or level on the current blog.

    I'm working out an admin redirect for subscribers and unless the subscriber has a role on the current blog, the redirect fails.

    Here is my code

    function redirect_subscribers() {
    	global $user_level
    	if ($user_level == '0' ) {
    		wp_redirect('http://www.mysite.org/wpmu/blog1');
    	}
    }
    add_action('admin_menu', 'redirect_subscribers');

    What happens is subscriber A indeed has a user level of 0 and is associated with the current blog (shows up in current blog's list of users) is redirected as desired.
    Subscriber B also has a user level of 0 but is not associated with the current blog and is redirected to wp-admin of the main blog.

    I know why this happens and understand the functionality but I need help in creating more specific conditionals to get around it. The end goal here is really just to keep any Subscribers from the wp-admin area.

    Thanks for any thoughts or suggestions

  2. DeannaS
    Member
    Posted 14 years ago #

    Try doing the below.

    function redirect_subscribers() {
    	global $user_level
    var_dump ($user_level);
    wp_die('see what is going on');
    	if ($user_level == '0' ) {
    
    		wp_redirect('http://www.mysite.org/wpmu/blog1');
    	}
    }
    add_action('admin_menu', 'redirect_subscribers');

    See what is in the $user_level variable for those that aren't part of the current blog. My guess is that it's a null, and that you'd just need to add

    if ($user_level == '0' || $user_level == 'NULL' )

    But, dumping the variable and seeing what you're getting is the way to figure out what's going on.

  3. stacef
    Member
    Posted 14 years ago #

    DeannaS, thanks for taking a look at this.

    I tried the var dump and got int(0), which I think is consistent with with my testing of the current user's level - that it's reading user level correctly as zero. And adding the NULL conditional didn't affect things.

    The only difference between Subscriber A - who is redirected as desired - and Subscriber B - who is redirected to the umbrella site's dashboard - is that Subscriber A is listed as a user for blog1; Subscriber B is not.

    Any ideas on how to test for a user's association with a blog, or anything else that might make this work? Doesn't seem to far off the beaten path to deny subscribers access to wp-admin.

    Thanks,
    Stace

    Oh, and for those trying to copy the previous code snippets, I inadvertently deleted a semicolon in my original post that has carried through in subsequent copy-and-pastes. Second line should be global $user_level; Sorry!

  4. DeannaS
    Member
    Posted 14 years ago #

    Hm... Oddly enough, when I test this code on 2.9.1.1., it always redirects. It looks like the user level is always 0. No matter who is logged in. It makes sense in that user levels are on a blog by blog basis.

    Anyway, this code correctly differentiates between subscribers on the current blog and non-subscribers.

    function redirect_subscribers() {
    	global $current_user, $wpdb;
    
    $var = $wpdb->prefix . 'capabilities';
    $caps = $current_user->$var;
    
    if((count($caps) == 0 || $caps['subscriber'] == true) && !is_site_admin()) {
    	wp_redirect(get_option('siteurl'));
    }
    
    }
    
    add_action('admin_menu', 'redirect_subscribers');

    However, it will always redirect subscribers to the main blog if you're using sub-directories, because the sanitize function strips out slashes from the redirect location url. If you want it to go to the main site of the blog they're on, you'd have to re-write the sanitize function (it's pluggable) or not use wp_redirect.

  5. stacef
    Member
    Posted 14 years ago #

    Thanks for testing this but you've hit the nail - my nail, anyway - on the head in your last paragraph.

    However, it will always redirect subscribers to the main blog if you're using sub-directories, because the sanitize function strips out slashes from the redirect location url. If you want it to go to the main site of the blog they're on, you'd have to re-write the sanitize function (it's pluggable) or not use wp_redirect.

    I am using subdirectories and it is always redirecting to the main blog wp-admin area so it sounds like I should stop banging my head on my current code.
    You mention two options, re-writing the sanitize code as a plugin or use a different option - any chance you could point me in the right direction, given what I'm trying to accomplish?
    Thanks very much,
    Stace

  6. DeannaS
    Member
    Posted 14 years ago #

    I would suggest you go the route of not using wp_redirect() and redirecting in another way. DSader's privacy plugin does redirects this way:

    nocache_headers();
    header("HTTP/1.1 302 Moved Temporarily");
    
    $redirect = get_option('siteurl');
    
    header('Location: ' .  $redirect);
  7. stacef
    Member
    Posted 14 years ago #

    Thanks as always for the pointer.

    Sad to say I'm getting the same behavior with this new method of redirection. My only guess is that the sanitize function you mentioned earlier is interfering with any redirect attempt.

    I'm not familiar at all with that function so I'd welcome any ideas on getting it plugged.

    Thanks again

  8. stacef
    Member
    Posted 14 years ago #

    Still banging on this without luck.

    I've taken a look at the wp_redirect and wp_sanitize_redirect functions and I'm not sure that's where the problem lies.

    As a test, I went in to wp-includes/pluggable.php and found the wp_redirect function. I took out the line $location = wp_sanitize_redirect($location); and got no change in behavior. I then kept taking out lines to see if I could produce a different outcome, ending up with this.

    function wp_redirect($location, $status = 302) {
    	global $is_IIS;
    
    	//$location = apply_filters('wp_redirect', $location, $status);
    	//$status = apply_filters('wp_redirect_status', $status, $location);
    
    	//if ( !$location ) // allows the wp_redirect filter to cancel a redirect
    	//	return false;
    
    	//$location = wp_sanitize_redirect($location);
    
    	//if ( $is_IIS ) {
    	//	header("Refresh: 0;url=$location");
    	//} else {
    		if ( php_sapi_name() != 'cgi-fcgi' )
    			status_header($status); // This causes problems on IIS and some FastCGI setups
    		header("Location: $location");
    	//}
    }

    Got no change whatsoever.
    This really has me stumped and frustrated. Is it really that difficult to keep subscribers out of wp-admin?

  9. stacef
    Member
    Posted 14 years ago #

    The crux of my issue revolves around a user not having a specified role on the current blog. Without that, any conditionals around role or access fail. And not just with this redirect - I discovered other code failing as well. Maybe this is basic but I think I was having trouble seeing the forest through the trees.

    Answer is to give every user a role! This was easily done with the help of a plugin called WPMU Default User Role, written by DeannaS.

    Thanks!

About this Topic