Home Topic New role – admin access

Change WordPress user roles and capabilities Forums Restrict or Permit access inside WordPress – how to New role – admin access

Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
    Posts
  • 05/02/2017 at 09:25 #3330
    arjualeb
    Participant

    Hi,

    I created a new role for my accountant. I granted read/edit rights for shop orders.
    However with this role the user doesnt get into the backend (always redirected to my account page)

    Can you please tell me what setting I am missing to set correctly?

    05/02/2017 at 09:43 #3331
    Vladimir
    Keymaster

    Hi,

    I suppose you use WooCommerce.
    Add ‘view_admin_dashboard’ capability to to this role to resolve a redirection to front-end problem. Read this article for more details about it.

    05/02/2017 at 15:12 #3332
    arjualeb
    Participant

    Yes, I’m using WooCommerce.

    I added ‘view_admin_dashboard’ capability to to this role, but it will still redirect me to the frontend.

    I currently have this enabled for the role:
    Edit others shop orders
    Edit shop orders
    Read
    Read private shop orders
    Read shop order
    View admin dashboard

    05/02/2017 at 15:47 #3333
    Vladimir
    Keymaster

    Strange. Try to exclude redirection to front-end with this filter (add code to the functions.php file of your active theme):

    
add_filter('woocommerce_prevent_admin_access', '_wc_prevent_admin_access', 10, 1);
 
function _wc_prevent_admin_access($prevent_admin_access) {
 
    return false;
}

    Will it work?

    06/02/2017 at 01:26 #3334
    arjualeb
    Participant

    Works now.

    As we can se in class-wc-admin.php there we have the condition:
    if ( ‘yes’ === get_option( ‘woocommerce_lock_down_admin’, ‘yes’ ) && ! is_ajax() && basename( $_SERVER[“SCRIPT_FILENAME”] ) !== ‘admin-post.php’ && ! current_user_can( ‘edit_posts’ ) && ! current_user_can( ‘manage_woocommerce’ ) ) {
    $prevent_access = true;
    }

    where woocommerce_lock_down_admin is deprecated and defaults to yes in all cases. So what would actually be necessary to allow a user to edit posts or manage woocommerce so the backend works.
    Perhaps you include your filter in the next version of the role editor plugin os it works for all people without custom code.

    06/02/2017 at 02:00 #3335
    Vladimir
    Keymaster

    It seems that you use an older version of Woocommerce. If we look at the latest one, this code looks like:

    
public function prevent_admin_access() {
		$prevent_access = false;

		if ( 'yes' === get_option( 'woocommerce_lock_down_admin', 'yes' ) && ! is_ajax() && basename( $_SERVER["SCRIPT_FILENAME"] ) !== 'admin-post.php' ) {
			$has_cap     = false;
			$access_caps = array( 'edit_posts', 'manage_woocommerce', 'view_admin_dashboard' );

			foreach ( $access_caps as $access_cap ) {
				if ( current_user_can( $access_cap ) ) {
					$has_cap = true;
					break;
				}
			}

			if ( ! $has_cap ) {
				$prevent_access = true;
			}
		}

		if ( apply_filters( 'woocommerce_prevent_admin_access', $prevent_access ) ) {
			wp_safe_redirect( wc_get_page_permalink( 'myaccount' ) );
			exit;
		}
	}

    You can see that ‘view_admin_dashboard’ was added. This could be the reason why this capability did not work for you. Custom code to add WooCommerce’s ‘woocommerce_prevent_admin_access’ filter is not needed with it. So, in hope that the most of clients use the latest version of WooCommerce, there is no need to add such code to the User Role Editor.

  • Author
    Posts
Viewing 6 posts - 1 through 6 (of 6 total)
  • You must be logged in to reply to this topic.