diff --git a/wordpress-dev/wordpress/wp-content/plugins/hvac-community-events/hvac-community-events.php b/wordpress-dev/wordpress/wp-content/plugins/hvac-community-events/hvac-community-events.php
index e73d5b10..7024e759 100644
--- a/wordpress-dev/wordpress/wp-content/plugins/hvac-community-events/hvac-community-events.php
+++ b/wordpress-dev/wordpress/wp-content/plugins/hvac-community-events/hvac-community-events.php
@@ -164,6 +164,15 @@ function hvac_ce_create_required_pages() {
} else {
HVAC_Logger::error('Failed to create hvac_trainer role.', 'Activation');
}
+
+ // Grant administrators access to dashboard to prevent redirect loops
+ $admin_access = $roles_manager->grant_admin_dashboard_access();
+ if ($admin_access) {
+ HVAC_Logger::info('Successfully granted admin dashboard access.', 'Activation');
+ } else {
+ HVAC_Logger::error('Failed to grant admin dashboard access.', 'Activation');
+ }
+
HVAC_Logger::info('Completed page creation and role setup process', 'Activation');
} // <<-- Brace moved here
@@ -177,7 +186,8 @@ function hvac_ce_remove_roles() {
require_once HVAC_CE_PLUGIN_DIR . 'includes/class-hvac-roles.php';
$roles_manager = new HVAC_Roles();
$roles_manager->remove_trainer_role();
- HVAC_Logger::info('Deactivation hook fired, attempted to remove hvac_trainer role.', 'Deactivation');
+ $roles_manager->revoke_admin_dashboard_access();
+ HVAC_Logger::info('Deactivation hook fired, removed hvac_trainer role and admin dashboard access.', 'Deactivation');
}
register_deactivation_hook(__FILE__, 'hvac_ce_remove_roles');
diff --git a/wordpress-dev/wordpress/wp-content/plugins/hvac-community-events/includes/class-hvac-roles.php b/wordpress-dev/wordpress/wp-content/plugins/hvac-community-events/includes/class-hvac-roles.php
index 0bc28043..82dfc23d 100644
--- a/wordpress-dev/wordpress/wp-content/plugins/hvac-community-events/includes/class-hvac-roles.php
+++ b/wordpress-dev/wordpress/wp-content/plugins/hvac-community-events/includes/class-hvac-roles.php
@@ -86,6 +86,31 @@ class HVAC_Roles {
return $caps;
}
+ /**
+ * Grant administrators access to HVAC dashboard capabilities
+ * This prevents redirect loops when admins try to access the dashboard
+ */
+ public function grant_admin_dashboard_access() {
+ $admin_role = get_role('administrator');
+ if ($admin_role) {
+ $admin_role->add_cap('view_hvac_dashboard');
+ $admin_role->add_cap('manage_hvac_events');
+ return true;
+ }
+ return false;
+ }
+
+ /**
+ * Remove HVAC dashboard capabilities from administrators
+ */
+ public function revoke_admin_dashboard_access() {
+ $admin_role = get_role('administrator');
+ if ($admin_role) {
+ $admin_role->remove_cap('view_hvac_dashboard');
+ $admin_role->remove_cap('manage_hvac_events');
+ }
+ }
+
/**
* Check if current user has a specific HVAC trainer capability
*/
diff --git a/wordpress-dev/wordpress/wp-content/plugins/hvac-community-events/includes/community/class-login-handler.php b/wordpress-dev/wordpress/wp-content/plugins/hvac-community-events/includes/community/class-login-handler.php
index 9285b689..a80620d7 100644
--- a/wordpress-dev/wordpress/wp-content/plugins/hvac-community-events/includes/community/class-login-handler.php
+++ b/wordpress-dev/wordpress/wp-content/plugins/hvac-community-events/includes/community/class-login-handler.php
@@ -168,10 +168,26 @@ class Login_Handler {
public function redirect_logged_in_user() {
// Check if we are on the custom login page (adjust slug if needed)
if ( is_page( 'community-login' ) && is_user_logged_in() ) {
- // Redirect logged-in users to the dashboard
- $dashboard_url = home_url( '/hvac-dashboard/' );
- wp_safe_redirect( $dashboard_url );
- exit;
+ // Get current user
+ $user = wp_get_current_user();
+
+ // Redirect based on user role/capabilities
+ if ( in_array( 'hvac_trainer', (array) $user->roles ) || current_user_can( 'view_hvac_dashboard' ) ) {
+ // HVAC trainers go to their dashboard
+ $dashboard_url = home_url( '/hvac-dashboard/' );
+ wp_safe_redirect( $dashboard_url );
+ exit;
+ } elseif ( current_user_can( 'manage_options' ) ) {
+ // Administrators can choose - redirect to WP admin or allow access to dashboard
+ // For now, let them stay on the login page with a message, or redirect to admin
+ $admin_url = admin_url();
+ wp_safe_redirect( $admin_url );
+ exit;
+ } else {
+ // Other logged-in users get redirected to home page
+ wp_safe_redirect( home_url() );
+ exit;
+ }
}
}
diff --git a/wordpress-dev/wordpress/wp-content/plugins/hvac-community-events/templates/template-hvac-dashboard.php b/wordpress-dev/wordpress/wp-content/plugins/hvac-community-events/templates/template-hvac-dashboard.php
index 208634bb..bfed3dd7 100644
--- a/wordpress-dev/wordpress/wp-content/plugins/hvac-community-events/templates/template-hvac-dashboard.php
+++ b/wordpress-dev/wordpress/wp-content/plugins/hvac-community-events/templates/template-hvac-dashboard.php
@@ -18,10 +18,64 @@ if ( ! defined( 'ABSPATH' ) ) {
// --- Security Check & Data Loading ---
-// Ensure user is logged in and has the correct role
-if ( ! is_user_logged_in() || ! current_user_can( 'view_hvac_dashboard' ) ) {
- // Redirect to login page or show an error message
- wp_safe_redirect( home_url( '/community-login/' ) ); // Redirect to the custom login page
+// Ensure user is logged in and has access to the dashboard
+if ( ! is_user_logged_in() ) {
+ // Redirect to login page if not logged in
+ wp_safe_redirect( home_url( '/community-login/' ) );
+ exit;
+}
+
+// Check if user has permission to view dashboard
+// Allow administrators and users with view_hvac_dashboard capability
+if ( ! current_user_can( 'view_hvac_dashboard' ) && ! current_user_can( 'manage_options' ) ) {
+ // Show access denied message instead of redirect to prevent loops
+ get_header();
+ ?>
+
+
+