fix: Resolve redirect loop when WordPress admin accesses HVAC dashboard

- Updated dashboard template to show access denied message instead of redirect for non-authorized users - Enhanced login handler to redirect admins to WP admin instead of causing loops - Added view_hvac_dashboard capability to administrator role during plugin activation - Improved access control logic to allow administrators to view dashboard - Added proper cleanup of admin capabilities on plugin deactivation - Prevents ERR_TOO_MANY_REDIRECTS when WordPress admin users try to access trainer dashboard 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-05-22 15:59:33 -03:00 · 2025-05-22 15:59:33 -03:00 · a014a9d7f7
commit a014a9d7f7
parent 45b8192715
4 changed files with 114 additions and 9 deletions
--- a/wordpress-dev/wordpress/wp-content/plugins/hvac-community-events/hvac-community-events.php
+++ b/wordpress-dev/wordpress/wp-content/plugins/hvac-community-events/hvac-community-events.php
@ -164,6 +164,15 @@ function hvac_ce_create_required_pages() {
    } else {
        HVAC_Logger::error('Failed to create hvac_trainer role.', 'Activation');
    }
+    
+    // Grant administrators access to dashboard to prevent redirect loops
+    $admin_access = $roles_manager->grant_admin_dashboard_access();
+    if ($admin_access) {
+        HVAC_Logger::info('Successfully granted admin dashboard access.', 'Activation');
+    } else {
+        HVAC_Logger::error('Failed to grant admin dashboard access.', 'Activation');
+    }
+    
    HVAC_Logger::info('Completed page creation and role setup process', 'Activation');

 } // <<-- Brace moved here
@ -177,7 +186,8 @@ function hvac_ce_remove_roles() {
    require_once HVAC_CE_PLUGIN_DIR . 'includes/class-hvac-roles.php';
    $roles_manager = new HVAC_Roles();
    $roles_manager->remove_trainer_role();
-    HVAC_Logger::info('Deactivation hook fired, attempted to remove hvac_trainer role.', 'Deactivation');
+    $roles_manager->revoke_admin_dashboard_access();
+    HVAC_Logger::info('Deactivation hook fired, removed hvac_trainer role and admin dashboard access.', 'Deactivation');
 }
 register_deactivation_hook(__FILE__, 'hvac_ce_remove_roles');

--- a/wordpress-dev/wordpress/wp-content/plugins/hvac-community-events/includes/class-hvac-roles.php
+++ b/wordpress-dev/wordpress/wp-content/plugins/hvac-community-events/includes/class-hvac-roles.php
@ -86,6 +86,31 @@ class HVAC_Roles {
        return $caps;
    }
    
+    /**
+     * Grant administrators access to HVAC dashboard capabilities
+     * This prevents redirect loops when admins try to access the dashboard
+     */
+    public function grant_admin_dashboard_access() {
+        $admin_role = get_role('administrator');
+        if ($admin_role) {
+            $admin_role->add_cap('view_hvac_dashboard');
+            $admin_role->add_cap('manage_hvac_events');
+            return true;
+        }
+        return false;
+    }
+    
+    /**
+     * Remove HVAC dashboard capabilities from administrators
+     */
+    public function revoke_admin_dashboard_access() {
+        $admin_role = get_role('administrator');
+        if ($admin_role) {
+            $admin_role->remove_cap('view_hvac_dashboard');
+            $admin_role->remove_cap('manage_hvac_events');
+        }
+    }
+    
    /**
     * Check if current user has a specific HVAC trainer capability
     */
--- a/wordpress-dev/wordpress/wp-content/plugins/hvac-community-events/includes/community/class-login-handler.php
+++ b/wordpress-dev/wordpress/wp-content/plugins/hvac-community-events/includes/community/class-login-handler.php
@ -168,10 +168,26 @@ class Login_Handler {
 	public function redirect_logged_in_user() {
 	 // Check if we are on the custom login page (adjust slug if needed)
 	 if ( is_page( 'community-login' ) && is_user_logged_in() ) {
-	 	// Redirect logged-in users to the dashboard
-	 	$dashboard_url = home_url( '/hvac-dashboard/' );
-	 	wp_safe_redirect( $dashboard_url );
-	 	exit;
+	 	// Get current user
+	 	$user = wp_get_current_user();
+	 	
+	 	// Redirect based on user role/capabilities
+	 	if ( in_array( 'hvac_trainer', (array) $user->roles ) || current_user_can( 'view_hvac_dashboard' ) ) {
+	 		// HVAC trainers go to their dashboard
+	 		$dashboard_url = home_url( '/hvac-dashboard/' );
+	 		wp_safe_redirect( $dashboard_url );
+	 		exit;
+	 	} elseif ( current_user_can( 'manage_options' ) ) {
+	 		// Administrators can choose - redirect to WP admin or allow access to dashboard
+	 		// For now, let them stay on the login page with a message, or redirect to admin
+	 		$admin_url = admin_url();
+	 		wp_safe_redirect( $admin_url );
+	 		exit;
+	 	} else {
+	 		// Other logged-in users get redirected to home page
+	 		wp_safe_redirect( home_url() );
+	 		exit;
+	 	}
 	 }
 	}

--- a/wordpress-dev/wordpress/wp-content/plugins/hvac-community-events/templates/template-hvac-dashboard.php
+++ b/wordpress-dev/wordpress/wp-content/plugins/hvac-community-events/templates/template-hvac-dashboard.php
@ -18,10 +18,64 @@ if ( ! defined( 'ABSPATH' ) ) {

 // --- Security Check &amp; Data Loading ---

-// Ensure user is logged in and has the correct role
-if ( ! is_user_logged_in() || ! current_user_can( 'view_hvac_dashboard' ) ) {
-	// Redirect to login page or show an error message
-	wp_safe_redirect( home_url( '/community-login/' ) ); // Redirect to the custom login page
+// Ensure user is logged in and has access to the dashboard
+if ( ! is_user_logged_in() ) {
+	// Redirect to login page if not logged in
+	wp_safe_redirect( home_url( '/community-login/' ) );
+	exit;
+}
+
+// Check if user has permission to view dashboard
+// Allow administrators and users with view_hvac_dashboard capability
+if ( ! current_user_can( 'view_hvac_dashboard' ) && ! current_user_can( 'manage_options' ) ) {
+	// Show access denied message instead of redirect to prevent loops
+	get_header();
+	?>
+	<style>
+	.hvac-access-denied {
+		max-width: 600px;
+		margin: 60px auto;
+		padding: 40px;
+		text-align: center;
+		background: #fff;
+		border-radius: 8px;
+		box-shadow: 0 2px 10px rgba(0,0,0,0.1);
+	}
+	.hvac-access-denied h1 {
+		color: #d63638;
+		margin-bottom: 20px;
+	}
+	.hvac-access-denied p {
+		margin-bottom: 15px;
+		color: #666;
+		line-height: 1.6;
+	}
+	.hvac-access-denied .button {
+		background: #0073aa;
+		color: white;
+		padding: 12px 24px;
+		text-decoration: none;
+		border-radius: 4px;
+		display: inline-block;
+		margin-top: 20px;
+	}
+	.hvac-access-denied .button:hover {
+		background: #005a87;
+		color: white;
+	}
+	</style>
+	<div class="content-area primary ast-container">
+		<main class="site-main">
+			<div class="hvac-access-denied">
+				<h1><?php _e('Access Denied', 'hvac-community-events'); ?></h1>
+				<p><?php _e('Sorry, you do not have permission to access the HVAC Trainer Dashboard.', 'hvac-community-events'); ?></p>
+				<p><?php _e('If you are an HVAC trainer, please contact an administrator to get the proper role assigned.', 'hvac-community-events'); ?></p>
+				<a href="<?php echo esc_url( home_url() ); ?>" class="button"><?php _e('Return to Home', 'hvac-community-events'); ?></a>
+			</div>
+		</main>
+	</div>
+	<?php
+	get_footer();
 	exit;
 }