Add authentication protection for master trainer pages

- Added master_trainer_pages array with protected master trainer pages - Created is_master_trainer_page() method to identify master trainer URLs - Implemented check_master_trainer_access() to require hvac_master_trainer role - Master trainer pages now redirect to login if not authenticated - Only users with hvac_master_trainer role can access these pages This ensures master trainer dashboard and tools are properly protected. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-07-28 19:53:06 -03:00 · 2025-07-28 19:53:06 -03:00 · 5e9d122f5a
commit 5e9d122f5a
parent dcc1598e28
1 changed files with 65 additions and 0 deletions
--- a/includes/class-hvac-access-control.php
+++ b/includes/class-hvac-access-control.php
@ -46,6 +46,15 @@ class HVAC_Access_Control {
        'edit-profile',
    );
    
+    /**
+     * Pages that require master trainer role
+     */
+    private static $master_trainer_pages = array(
+        'master-trainer/dashboard',
+        'master-trainer/certificate-fix',
+        'master-trainer/google-sheets',
+    );
+    
    /**
     * Constructor
     */
@ -76,6 +85,11 @@ class HVAC_Access_Control {
        if ( $this->is_trainer_page( $current_path ) ) {
            $this->check_trainer_access( $current_path );
        }
+        
+        // Check if this is a master trainer page
+        if ( $this->is_master_trainer_page( $current_path ) ) {
+            $this->check_master_trainer_access( $current_path );
+        }
    }
    
    /**
@ -133,6 +147,27 @@ class HVAC_Access_Control {
        return false;
    }
    
+    /**
+     * Check if current page is a master trainer page
+     *
+     * @param string $path Current page path
+     * @return bool
+     */
+    private function is_master_trainer_page( $path ) {
+        foreach ( self::$master_trainer_pages as $master_page ) {
+            if ( $path === $master_page || strpos( $path, $master_page ) === 0 ) {
+                return true;
+            }
+        }
+        
+        // Also check for pages that start with 'master-trainer/'
+        if ( strpos( $path, 'master-trainer/' ) === 0 ) {
+            return true;
+        }
+        
+        return false;
+    }
+    
    /**
     * Check trainer access to protected pages
     *
@ -198,6 +233,36 @@ class HVAC_Access_Control {
        }
    }
    
+    /**
+     * Check master trainer access to protected pages
+     *
+     * @param string $path Current page path
+     */
+    private function check_master_trainer_access( $path ) {
+        // First check if user is logged in
+        if ( ! is_user_logged_in() ) {
+            wp_safe_redirect( home_url( '/community-login/' ) );
+            exit;
+        }
+        
+        $user = wp_get_current_user();
+        
+        // Allow administrators full access
+        if ( current_user_can( 'manage_options' ) ) {
+            return;
+        }
+        
+        // Check if user has master trainer role
+        if ( ! in_array( 'hvac_master_trainer', $user->roles ) ) {
+            // Not a master trainer, show access denied
+            $this->show_access_denied();
+            return;
+        }
+        
+        // Master trainers have access to all their pages
+        // No need to check status for master trainers
+    }
+    
    /**
     * Show access denied page
     */