WordPress.org

Make WordPress Core

Opened 3 years ago

Closed 3 years ago

Last modified 3 years ago

#17121 closed enhancement (fixed)

wp-admin redirects in multisite based on permissions

Reported by: jane Owned by:
Milestone: 3.2 Priority: normal
Severity: normal Version: 3.1
Component: Multisite Keywords: ux-feedback
Focuses: Cc:

Description

If you are in multisite and you try to go to wp-admin for a site you don't have permissions for, it automatically redirects you the primary site where you do have rights. This is confusing. It would be better to display an error message indicating that the user does not have permissions on this site, to contact netwrok admin if they feel this is an error, etc.

Marking as enhancement, but as a user this feels like a bug.

Attachments (2)

17121.diff (2.2 KB) - added by ryan 3 years ago.
Rough draft
access-denied.png (29.3 KB) - added by ryan 3 years ago.
The gist

Download all attachments as: .zip

Change History (14)

comment:1 andy3 years ago

Normal dashboard screen, empty menus, no buttons. Pluggable content: "You have reached the dashboard of /$blog_name/ but you have no privileges on this blog. Please visit one of your own dashboards or ask an administrator to add you to this one." List user's dashboards below. Hooks and a function (is_unprivileged_admin()?) to allow for custom handling.

comment:2 ryan3 years ago

add_action( 'admin_page_access_denied', 'redirect_user_to_blog', 99 );

Comment that out in wp-admin/includes/ms.php and you will get the standard "You do not have sufficient permissions to access this page." message rather than a redirect.

ryan3 years ago

Rough draft

comment:3 ryan3 years ago

Maybe also make it easy to log in as another user and come back to the dash.

ryan3 years ago

The gist

comment:4 jane3 years ago

  • Keywords ux-feedback added

comment:5 andy3 years ago

Avoid mixing parts of speech: "Visit" and "Dashboard" links. Instead, how about "Site" and "Dashboard"?

comment:6 ryan3 years ago

  • Milestone changed from Awaiting Review to 3.2

comment:7 ryan3 years ago

  • Resolution set to fixed
  • Status changed from new to closed

(In [17762]) Show access denied page and list a user's sites if they visit an admin they don't have permissions for rather than redirecting to the users' primary blog. fixes #17121

comment:8 jamescollins3 years ago

  • Resolution fixed deleted
  • Status changed from closed to reopened

Look good Ryan, but is it meant to say:

access the "Test" dashboard

?

Shouldn't the word Test be replaced with the name of the site the user is currently trying to access?

comment:9 nacin3 years ago

  • Resolution set to fixed
  • Status changed from reopened to closed

(In [17763]) Use proper placeholders. No need to exit after wp_die(). fixes #17121.

comment:10 nacin3 years ago

Thanks jamescollins.

Wow, the increment code in redirect_user_to_blog() was janky. I'll miss it.

comment:11 follow-up: ryan3 years ago

Bad cut-and-paste.

Aside: I use exit after wp_die on purpose even through it does nothing. A personal quirk in the name of explicitness. ;-)

comment:12 in reply to: ↑ 11 nacin3 years ago

Replying to ryan:

Bad cut-and-paste.

Aside: I use exit after wp_die on purpose even through it does nothing. A personal quirk in the name of explicitness. ;-)

I figured as much. It's much like using break in admin-ajax after a die(), or a break at the end of a switch. I do it too... But I have OCD and didn't like the parentheses.

Note: See TracTickets for help on using tickets.