diff --git a/includes/Admin.php b/includes/Admin.php index 5de4f6e66..15543b738 100644 --- a/includes/Admin.php +++ b/includes/Admin.php @@ -39,6 +39,9 @@ public function __construct() { // enqueue common scripts that will load throughout WordPress dashboard. notice, what's new etc. add_action( 'admin_enqueue_scripts', [ $this, 'enqueue_common_scripts' ] ); add_action( 'admin_enqueue_scripts', [ $this, 'enqueue_cpt_page_scripts' ] ); + + // block admin access as per wpuf settings + add_action( 'admin_init', [ $this, 'block_admin_access' ] ); } /** @@ -130,4 +133,27 @@ public function enqueue_cpt_page_scripts( $hook_suffix ) { } } } + + /** + * Block user access to admin panel for specific roles + * + * @global string $pagenow + */ + public function block_admin_access() { + global $pagenow; + + // bail out if we are from WP Cli + if ( defined( 'WP_CLI' ) ) { + return; + } + + $access_level = wpuf_get_option( 'admin_access', 'wpuf_general', 'read' ); + $valid_pages = [ 'admin-ajax.php', 'admin-post.php', 'async-upload.php', 'media-upload.php' ]; + + if ( ! current_user_can( $access_level ) && ! in_array( $pagenow, $valid_pages ) ) { + // wp_die( __( 'Access Denied. Your site administrator has blocked your access to the WordPress back-office.', 'wpuf' ) ); + wp_redirect( home_url() ); + exit; + } + } } diff --git a/includes/Frontend.php b/includes/Frontend.php index c1c3423c4..1d27c19aa 100644 --- a/includes/Frontend.php +++ b/includes/Frontend.php @@ -25,6 +25,9 @@ public function __construct() { $this->form_preview = new Frontend\Form_Preview(); add_action( 'wp_enqueue_scripts', [ $this, 'enqueue_scripts' ] ); + + // show admin bar as per wpuf settings + add_filter( 'show_admin_bar', [ $this, 'show_admin_bar' ] ); } /** @@ -159,4 +162,31 @@ private function dokan_is_seller_dashboard() { && dokan_is_seller_dashboard() && ! empty( $wp->query_vars['posts'] ); } + + + + /** + * Show/hide admin bar to the permitted user level + * + * @since 2.2.3 + * + * @return bool + */ + public function show_admin_bar( $val ) { + if ( ! is_user_logged_in() ) { + return false; + } + + $roles = wpuf_get_option( 'show_admin_bar', 'wpuf_general', [ 'administrator', 'editor', 'author', 'contributor', 'subscriber' ] ); + $roles = $roles && is_string( $roles ) ? [ strtolower( $roles ) ] : $roles; + $current_user = wp_get_current_user(); + + if ( ! empty( $current_user->roles ) && ! empty( $current_user->roles[0] ) ) { + if ( ! in_array( $current_user->roles[0], $roles ) ) { + return false; + } + } + + return $val; + } }