ben/upskill-event-manager
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 2

feat: expand access permissions for master trainers and administrators

Browse source 
- Update HVAC_Access_Control to allow master trainers access to all trainer pages
- Add administrator permission checks to template security validations
- Enable administrators and master trainers to access event creation and management
- Update AJAX handlers to include administrator permission validation
- Fix syntax error in page-manage-event.php template redirect

This ensures proper role hierarchy where administrators have full access,
master trainers can access both trainer and master sections, and regular
trainers maintain existing trainer-only access.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
ben 2025-09-25 10:16:09 -03:00
parent 5c53b4c48e
commit 46266aa894
4 changed files with 11 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
includes/class-hvac-access-control.php
View file

@ -186,17 +186,17 @@ class HVAC_Access_Control {
wp_safe_redirect( $login_url );
exit;
}
$user_id = get_current_user_id();
$user = wp_get_current_user();
// Allow administrators full access
if ( current_user_can( 'manage_options' ) ) {
// Allow administrators and master trainers full access
if ( current_user_can( 'manage_options' ) || in_array( 'hvac_master_trainer', $user->roles ) ) {
return;
}
// Check if user has trainer role
if ( ! in_array( 'hvac_trainer', $user->roles ) && ! in_array( 'hvac_master_trainer', $user->roles ) ) {
if ( ! in_array( 'hvac_trainer', $user->roles ) ) {
// Not a trainer, show access denied
$this->show_access_denied();
return;

4
includes/class-hvac-shortcodes.php
View file

@ -311,7 +311,7 @@ class HVAC_Shortcodes {
}
$user = wp_get_current_user();
if (!array_intersect(['hvac_trainer', 'hvac_master_trainer'], $user->roles)) {
if (!array_intersect(['hvac_trainer', 'hvac_master_trainer'], $user->roles) && !current_user_can('manage_options')) {
return '<div class="hvac-error-message"><p>' . __('You must be a trainer to create events.', 'hvac-community-events') . '</p></div>';
}
@ -964,7 +964,7 @@ class HVAC_Shortcodes {
}
$user = wp_get_current_user();
if (!array_intersect(['hvac_trainer', 'hvac_master_trainer'], $user->roles)) {
if (!array_intersect(['hvac_trainer', 'hvac_master_trainer'], $user->roles) && !current_user_can('manage_options')) {
wp_send_json_error('Insufficient permissions');
return;
}

2
templates/page-hvac-form.php
View file

@ -43,7 +43,7 @@ if ($show_navigation && !is_user_logged_in()) {
if ($show_navigation) {
$user = wp_get_current_user();
if (!array_intersect(['hvac_trainer', 'hvac_master_trainer'], $user->roles)) {
if (!array_intersect(['hvac_trainer', 'hvac_master_trainer'], $user->roles) && !current_user_can('manage_options')) {
wp_die(__('Access denied. Trainer role required.', 'hvac-community-events'));
}
}

7
templates/page-manage-event.php
View file

@ -13,9 +13,9 @@ if (!is_user_logged_in()) {
exit;
}
// Check user roles
// Check user roles - allow trainers, master trainers, and administrators
$user = wp_get_current_user();
if (!array_intersect(['hvac_trainer', 'hvac_master_trainer'], $user->roles)) {
if (!array_intersect(['hvac_trainer', 'hvac_master_trainer'], $user->roles) && !current_user_can('manage_options')) {
wp_die(__('Access denied. Trainer role required.', 'hvac-community-events'));
}
@ -35,6 +35,3 @@ if (defined('WP_DEBUG') && WP_DEBUG) {
// Perform the redirect
wp_safe_redirect($redirect_url, 301);
exit;
<?php
get_footer();