#3714 closed defect (bug) (no action required)
Buddypress users can log in via wp-admin, view site details
Reported by: |
|
Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | 1.5 |
Component: | Core | Keywords: | |
Cc: |
Description
Issue: Buddypress users can log-in via both wp-admin panel and the buddypress login widget/home page login.
If a normal (standard permissions) buddypress user logs in via wp-admin, it logs them in and redirects them to the homepage.
Problem: By typing wp-admin back into the browser, a logged in user can navigate back into the admin panel and view post count, user count, wordpress version, and other interesting information. This is data that the user does not need.
Can we remove permissions to access this data for normal buddypress users? See attachment.
Attachments (1)
Change History (3)
#1
follow-up:
↓ 2
@
13 years ago
- Milestone Awaiting Review deleted
- Resolution set to invalid
- Status changed from new to closed
This is intended behavior. If you don't want users to have access to wp-admin, do something like the following:
function bbg_redirect_from_admin() { if ( !current_user_can( 'edit_posts' ) ) { bp_core_redirect( bp_get_root_domain() ); } } add_action( 'admin_init', 'bbg_redirect_from_admin', 1 );
#2
in reply to:
↑ 1
@
13 years ago
Thanks for the code snippit, Mr. Gorges. Appreciate your help. I'm not sure why this would be intended behavior for users without blog access, but I am happy never the less. :)
Replying to boonebgorges:
This is intended behavior. If you don't want users to have access to wp-admin, do something like the following:
function bbg_redirect_from_admin() { if ( !current_user_can( 'edit_posts' ) ) { bp_core_redirect( bp_get_root_domain() ); } } add_action( 'admin_init', 'bbg_redirect_from_admin', 1 );
Displays information about post count, version number, etc.