Make WordPress Core

Opened 14 years ago

Closed 14 years ago

Last modified 14 years ago

#17121 closed enhancement (fixed)

wp-admin redirects in multisite based on permissions

Reported by: jane's profile jane Owned by:
Milestone: 3.2 Priority: normal
Severity: normal Version: 3.1
Component: Multisite Keywords: ux-feedback
Focuses: Cc:

Description

If you are in multisite and you try to go to wp-admin for a site you don't have permissions for, it automatically redirects you the primary site where you do have rights. This is confusing. It would be better to display an error message indicating that the user does not have permissions on this site, to contact netwrok admin if they feel this is an error, etc.

Marking as enhancement, but as a user this feels like a bug.

Attachments (2)

17121.diff (2.2 KB) - added by ryan 14 years ago.
Rough draft
access-denied.png (29.3 KB) - added by ryan 14 years ago.
The gist

Download all attachments as: .zip

Change History (14)

#1 @andy
14 years ago

Normal dashboard screen, empty menus, no buttons. Pluggable content: "You have reached the dashboard of /$blog_name/ but you have no privileges on this blog. Please visit one of your own dashboards or ask an administrator to add you to this one." List user's dashboards below. Hooks and a function (is_unprivileged_admin()?) to allow for custom handling.

#2 @ryan
14 years ago

add_action( 'admin_page_access_denied', 'redirect_user_to_blog', 99 );

Comment that out in wp-admin/includes/ms.php and you will get the standard "You do not have sufficient permissions to access this page." message rather than a redirect.

@ryan
14 years ago

Rough draft

#3 @ryan
14 years ago

Maybe also make it easy to log in as another user and come back to the dash.

@ryan
14 years ago

The gist

#4 @jane
14 years ago

  • Keywords ux-feedback added

#5 @andy
14 years ago

Avoid mixing parts of speech: "Visit" and "Dashboard" links. Instead, how about "Site" and "Dashboard"?

#6 @ryan
14 years ago

  • Milestone changed from Awaiting Review to 3.2

#7 @ryan
14 years ago

  • Resolution set to fixed
  • Status changed from new to closed

(In [17762]) Show access denied page and list a user's sites if they visit an admin they don't have permissions for rather than redirecting to the users' primary blog. fixes #17121

#8 @jamescollins
14 years ago

  • Resolution fixed deleted
  • Status changed from closed to reopened

Look good Ryan, but is it meant to say:

access the "Test" dashboard

?

Shouldn't the word Test be replaced with the name of the site the user is currently trying to access?

#9 @nacin
14 years ago

  • Resolution set to fixed
  • Status changed from reopened to closed

(In [17763]) Use proper placeholders. No need to exit after wp_die(). fixes #17121.

#10 @nacin
14 years ago

Thanks jamescollins.

Wow, the increment code in redirect_user_to_blog() was janky. I'll miss it.

#11 follow-up: @ryan
14 years ago

Bad cut-and-paste.

Aside: I use exit after wp_die on purpose even through it does nothing. A personal quirk in the name of explicitness. ;-)

#12 in reply to: ↑ 11 @nacin
14 years ago

Replying to ryan:

Bad cut-and-paste.

Aside: I use exit after wp_die on purpose even through it does nothing. A personal quirk in the name of explicitness. ;-)

I figured as much. It's much like using break in admin-ajax after a die(), or a break at the end of a switch. I do it too... But I have OCD and didn't like the parentheses.

Note: See TracTickets for help on using tickets.