Skip to:
Content

BuddyPress.org

Opened 12 years ago

Closed 12 years ago

Last modified 12 years ago

#3714 closed defect (bug) (no action required)

Buddypress users can log in via wp-admin, view site details

Reported by: justin-mason's profile justin mason Owned by:
Milestone: Priority: normal
Severity: normal Version: 1.5
Component: Core Keywords:
Cc:

Description

Issue: Buddypress users can log-in via both wp-admin panel and the buddypress login widget/home page login.

If a normal (standard permissions) buddypress user logs in via wp-admin, it logs them in and redirects them to the homepage.

Problem: By typing wp-admin back into the browser, a logged in user can navigate back into the admin panel and view post count, user count, wordpress version, and other interesting information. This is data that the user does not need.

Can we remove permissions to access this data for normal buddypress users? See attachment.

Attachments (1)

wp-admin.jpg (72.6 KB) - added by justin mason 12 years ago.
Displays information about post count, version number, etc.

Download all attachments as: .zip

Change History (3)

@justin mason
12 years ago

Displays information about post count, version number, etc.

#1 follow-up: @boonebgorges
12 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to invalid
  • Status changed from new to closed

This is intended behavior. If you don't want users to have access to wp-admin, do something like the following:

function bbg_redirect_from_admin() {
   if ( !current_user_can( 'edit_posts' ) ) {
      bp_core_redirect( bp_get_root_domain() );
   }
}
add_action( 'admin_init', 'bbg_redirect_from_admin', 1 );

#2 in reply to: ↑ 1 @justin mason
12 years ago

Thanks for the code snippit, Mr. Gorges. Appreciate your help. I'm not sure why this would be intended behavior for users without blog access, but I am happy never the less. :)

Replying to boonebgorges:

This is intended behavior. If you don't want users to have access to wp-admin, do something like the following:

function bbg_redirect_from_admin() {
   if ( !current_user_can( 'edit_posts' ) ) {
      bp_core_redirect( bp_get_root_domain() );
   }
}
add_action( 'admin_init', 'bbg_redirect_from_admin', 1 );

Note: See TracTickets for help on using tickets.