Status Media Upload Redirects With Admin Dashboard Restriction

I have traced down my issue to ajax loading… I am using the following code to restrict authors away from the admin dashboard. The media upload still works on the Frontier Post front end forms, but fails when using Status. Can you please help me modify the code so it works for both Frontier Post and Status? Thank You!!!

function fp_restrict_backend_access()

{

if ( is_admin() && ! current_user_can( ‘manage_options’ ) && ! ( defined( ‘DOING_AJAX’ ) && DOING_AJAX ) )

{

wp_redirect( home_url() );

exit;

}

}

add_action( ‘init’, ‘fp_restrict_backend_access’ );

  • Tyler Postle
    • CGO

    Hey James,

    Hope you’re doing well today!

    I added that code to my site and I was still able to upload images through the status media upload.

    Could you grant support access for us so we can test it out on your site as well :slight_smile:

    You can grant support access via admin dashboard – WPMU DEV > Support > Support Access > Grant Access.

    Look forward to hearing back!

    All the best,

    Tyler

  • Tyler Postle
    • CGO

    Hey James,

    Even with Author user role I’m still able to upload media with Status. I just created an author user on your site and I do see the issue on yours. It should work fine far as I can tell, something else could be conflicting as well here.

    Have you tried using this plugin instead of the code? https://wordpress.org/plugins/remove-dashboard-access-for-non-admins/

    If you want to stick with the code route, could you send in your FTP so we can have a closer look?

    You can send that privately through our contact form: https://premium.wpmudev.org/contact/

    Select “I have a different question” for your topic – this and the subject line ensure that it gets assigned to me :slight_smile:

    Send in:

    Subject: “Attn: Tyler Postle

    -FTP credentials (host/username/password)

    -link back to this thread for reference

    -any other relevant urls

    Look forward to hearing back!

    All the best,

    Tyler

  • James
    • Site Builder, Child of Zeus

    It looks like the culprit is probably here…

    function showVideoUpload () {

    var pfx = _isPublicPage ? _wdqs.admin_url + ‘/’ : ”;

    var height = $(window).height*0.35;

    tb_show(“Upload Video”, pfx + “media-upload.php?type=video&TB_iframe=1&width=640&height=”+height);

    _oldSentToEditor = window.send_to_editor;

    window.send_to_editor = videoToEditor;

    }

    function showImageUpload () {

    var pfx = _isPublicPage ? _wdqs.admin_url + ‘/’ : ”;

    var height = $(window).height*0.35;

    tb_show(“Upload Image”, pfx + “media-upload.php?type=image&TB_iframe=1&width=640&height=”+height);

    _oldSentToEditor = window.send_to_editor;

    window.send_to_editor = imageToEditor;

    }

  • Tyler Postle
    • CGO

    Hey James,

    Thanks for your thorough investigating here. I am able to replicate the issue as well. This is a little beyond my level of coding, I’m going to call in one of our SLS(coding experts) staff to have a closer look at this and see what our best way around it is :slight_smile:

    Keep in mind, SLS deal with more advanced issues, so can sometimes take a little longer to respond than normal.

    In the meantime, let us know if you have any further questions!

    Cheers,

    Tyler

  • Tyler Postle
    • CGO

    Hey James,

    SLS works through their que from oldest to newest, it’s actually a little more backed up that usual but they should be getting to yours soon :slight_smile: I’m going to let them know to make sure they tell you before they make any changes.

    I am now finding more errors than before. When I click video, it does not give me the embed option after uploading which has been standard on wp since 3.6.

    Is this with the code above again? Video was also redirecting for me when I was testing this.

    Or is it giving you errors even without the above issue? What errors is it giving you? That should help us find the issue.

    Talk to you soon!

    Cheers,

    Tyler

  • James
    • Site Builder, Child of Zeus

    Tyler… I like the status plugin’s “idea” so much that I have enabled backend access and just tried to make it harder to find FOR NOW!!! It will not be this way by the time I am done. I expect that you all are in an uproar right now because of Membership 2 coming out and allowing auto updates to the old version. I am going to start a thread on it now too… Lots of problems that were non-existant a week ago…

  • James
    • Site Builder, Child of Zeus

    <strike>I have also enabled “unfiltered” html and video for authors to test if it helps Status function… </strike>”Unfiltered” scares the piss out of me, it was not causing the problem. Even admins don’t get the option. The site i am developing has open membership to the public.

  • Jose
    • Bruno Diaz

    Hello there James,

    Hope you are doing great.

    Apologizes for the delay to jump here, we have been really busy over here.

    The problem with your hook is that you are assuming that Status plugin is performing an AJAX call. Unfortunately, it is not the case. It uses an iframe, so the condition for DOING_AJAX won’t behave as expected.

    I made a small modification to your code. It should work fine in the following way:

    function fp_restrict_backend_access()
    {
    if ( is_admin() && ! current_user_can( 'manage_options' ) && ! ( defined( 'DOING_AJAX' ) && DOING_AJAX ) )
    {
    if( 'media-upload' != get_current_screen()->id){
    wp_redirect( home_url() );
    exit;
    }
    }
    }
    add_action( 'current_screen', 'fp_restrict_backend_access' );

    Note that I changed the action from ‘init’ to ‘current_screen’. This is because the method get_current_screen() is still not available on ‘init’ hook.

    Please give it a go and let me know how it works for you.

    Cheers,

    Jose

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.