ben/upskill-event-manager
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 2
upskill-event-manager/includes/class-hvac-access-control.php
bengizmo a1abbf1577 fix: Resolve duplicate content and raw shortcode display on manage event page 
- Strip WordPress block editor comments (<\!-- wp:shortcode -->) from content
- Prevent duplicate header rendering when using page template vs shortcode
- Add conditional header rendering based on URL path to avoid duplication
- Header now only renders for non-hierarchical URLs where template isn't used

The manage event page was showing duplicate "Create and Manage Your HVAC Training Events"
sections and raw block editor comments because both the template and the header class
were outputting content, and block editor wrapper comments weren't being stripped.

Co-Authored-By: Ben Reed <ben@tealmaker.com>
2025-07-30 10:06:49 -03:00

359 lines
No EOL
11 KiB
PHP
Raw Blame History

<?php
/**
* HVAC Community Events - Access Control
*
* Handles page access restrictions based on trainer status
*
* @package HVAC_Community_Events
* @since 1.0.0
*/
// Exit if accessed directly
if ( ! defined( 'ABSPATH' ) ) {
exit;
}
/**
* Class HVAC_Access_Control
*
* Manages access control for trainer pages based on account status
*/
class HVAC_Access_Control {
/**
* Pages that require authentication but no specific status
*/
private static $public_pages = array(
'trainer/registration',
'registration-pending',
'community-login',
'training-login',
'trainer-account-pending',
'trainer-account-disabled',
);
/**
* Pages that require trainer to be active or inactive
*/
private static $trainer_pages = array(
'trainer/dashboard',
'trainer/event/manage',
'trainer/generate-certificates',
'trainer/certificate-reports',
'trainer/event-summary',
'trainer/email-attendees',
'trainer/communication-templates',
'edit-profile',
);
/**
* Pages that require master trainer role
*/
private static $master_trainer_pages = array(
'master-trainer/dashboard',
'master-trainer/certificate-fix',
'master-trainer/google-sheets',
);
/**
* Constructor
*/
public function __construct() {
// Hook into template_redirect for access control
add_action( 'template_redirect', array( $this, 'check_page_access' ), 10 );
}
/**
* Check page access based on user status
*/
public function check_page_access() {
// Get current page path
$current_path = trim( parse_url( $_SERVER['REQUEST_URI'], PHP_URL_PATH ), '/' );
// Check if this is a legacy URL that will be redirected
if ( $this->is_legacy_url( $current_path ) ) {
// Allow the redirect to happen first
return;
}
// Check if this is a public page
if ( $this->is_public_page( $current_path ) ) {
return;
}
// Check if this is a trainer page
if ( $this->is_trainer_page( $current_path ) ) {
$this->check_trainer_access( $current_path );
}
// Check if this is a master trainer page
if ( $this->is_master_trainer_page( $current_path ) ) {
$this->check_master_trainer_access( $current_path );
}
}
/**
* Check if current URL is a legacy URL that should be redirected
*
* @param string $path Current page path
* @return bool
*/
private function is_legacy_url( $path ) {
// Get the route manager instance
if ( ! class_exists( 'HVAC_Route_Manager' ) ) {
return false;
}
$route_manager = HVAC_Route_Manager::instance();
// Check if this path needs a redirect
return $route_manager->needs_redirect( $path ) !== false;
}
/**
* Check if current page is public
*
* @param string $path Current page path
* @return bool
*/
private function is_public_page( $path ) {
foreach ( self::$public_pages as $public_page ) {
if ( $path === $public_page || strpos( $path, $public_page ) === 0 ) {
return true;
}
}
return false;
}
/**
* Check if current page is a trainer page
*
* @param string $path Current page path
* @return bool
*/
private function is_trainer_page( $path ) {
foreach ( self::$trainer_pages as $trainer_page ) {
if ( $path === $trainer_page || strpos( $path, $trainer_page ) === 0 ) {
return true;
}
}
// Also check for pages that start with 'trainer/'
if ( strpos( $path, 'trainer/' ) === 0 ) {
return true;
}
return false;
}
/**
* Check if current page is a master trainer page
*
* @param string $path Current page path
* @return bool
*/
private function is_master_trainer_page( $path ) {
foreach ( self::$master_trainer_pages as $master_page ) {
if ( $path === $master_page || strpos( $path, $master_page ) === 0 ) {
return true;
}
}
// Also check for pages that start with 'master-trainer/'
if ( strpos( $path, 'master-trainer/' ) === 0 ) {
return true;
}
return false;
}
/**
* Check trainer access to protected pages
*
* @param string $path Current page path
*/
private function check_trainer_access( $path ) {
// First check if user is logged in
if ( ! is_user_logged_in() ) {
// Preserve the original URL for redirect after login
$redirect_url = home_url( '/' . $path . '/' );
$login_url = add_query_arg( 'redirect_to', urlencode( $redirect_url ), home_url( '/training-login/' ) );
wp_safe_redirect( $login_url );
exit;
}
$user_id = get_current_user_id();
$user = wp_get_current_user();
// Allow administrators full access
if ( current_user_can( 'manage_options' ) ) {
return;
}
// Check if user has trainer role
if ( ! in_array( 'hvac_trainer', $user->roles ) && ! in_array( 'hvac_master_trainer', $user->roles ) ) {
// Not a trainer, show access denied
$this->show_access_denied();
return;
}
// Get trainer status
if ( ! class_exists( 'HVAC_Trainer_Status' ) ) {
require_once HVAC_PLUGIN_DIR . 'includes/class-hvac-trainer-status.php';
}
$status = HVAC_Trainer_Status::get_trainer_status( $user_id );
// Handle based on status
switch ( $status ) {
case HVAC_Trainer_Status::STATUS_PENDING:
// Redirect to pending page
if ( $path !== 'trainer-account-pending' && strpos( $path, 'trainer-account-pending' ) !== 0 ) {
wp_safe_redirect( home_url( '/trainer-account-pending/' ) );
exit;
}
break;
case HVAC_Trainer_Status::STATUS_DISABLED:
// Redirect to disabled page
if ( $path !== 'trainer-account-disabled' && strpos( $path, 'trainer-account-disabled' ) !== 0 ) {
wp_safe_redirect( home_url( '/trainer-account-disabled/' ) );
exit;
}
break;
case HVAC_Trainer_Status::STATUS_APPROVED:
case HVAC_Trainer_Status::STATUS_ACTIVE:
case HVAC_Trainer_Status::STATUS_INACTIVE:
// Allow access
break;
default:
// Unknown status, treat as pending
wp_safe_redirect( home_url( '/trainer-account-pending/' ) );
exit;
}
}
/**
* Check master trainer access to protected pages
*
* @param string $path Current page path
*/
private function check_master_trainer_access( $path ) {
// First check if user is logged in
if ( ! is_user_logged_in() ) {
// Preserve the original URL for redirect after login
$redirect_url = home_url( '/' . $path . '/' );
$login_url = add_query_arg( 'redirect_to', urlencode( $redirect_url ), home_url( '/training-login/' ) );
wp_safe_redirect( $login_url );
exit;
}
$user = wp_get_current_user();
// Allow administrators full access
if ( current_user_can( 'manage_options' ) ) {
return;
}
// Check if user has master trainer role
if ( ! in_array( 'hvac_master_trainer', $user->roles ) ) {
// Not a master trainer, show access denied
$this->show_access_denied();
return;
}
// Master trainers have access to all their pages
// No need to check status for master trainers
}
/**
* Show access denied page
*/
private function show_access_denied() {
get_header();
?>
<style>
.hvac-access-denied {
max-width: 600px;
margin: 60px auto;
padding: 40px;
text-align: center;
background: #fff;
border-radius: 8px;
box-shadow: 0 2px 10px rgba(0,0,0,0.1);
}
.hvac-access-denied h1 {
color: #d63638;
margin-bottom: 20px;
}
.hvac-access-denied p {
margin-bottom: 15px;
color: #666;
line-height: 1.6;
}
.hvac-access-denied .button {
background: #0073aa;
color: white;
padding: 12px 24px;
text-decoration: none;
border-radius: 4px;
display: inline-block;
margin-top: 20px;
}
.hvac-access-denied .button:hover {
background: #005a87;
color: white;
}
</style>
<div class="content-area primary ast-container">
<main class="site-main">
<div class="hvac-access-denied">
<h1><?php _e( 'Access Denied', 'hvac-community-events' ); ?></h1>
<p><?php _e( 'You do not have permission to access this page.', 'hvac-community-events' ); ?></p>
<p><?php _e( 'If you believe this is an error, please contact an administrator.', 'hvac-community-events' ); ?></p>
<a href="<?php echo esc_url( home_url() ); ?>" class="button"><?php _e( 'Return to Home', 'hvac-community-events' ); ?></a>
</div>
</main>
</div>
<?php
get_footer();
exit;
}
/**
* Add custom pages that require specific access
*
* @param string $page Page path
* @param string $type 'public' or 'trainer'
*/
public static function add_custom_page( $page, $type = 'trainer' ) {
if ( $type === 'public' ) {
self::$public_pages[] = $page;
} else {
self::$trainer_pages[] = $page;
}
}
/**
* Remove a page from access control
*
* @param string $page Page path
* @param string $type 'public' or 'trainer'
*/
public static function remove_custom_page( $page, $type = 'trainer' ) {
if ( $type === 'public' ) {
$key = array_search( $page, self::$public_pages );
if ( $key !== false ) {
unset( self::$public_pages[$key] );
}
} else {
$key = array_search( $page, self::$trainer_pages );
if ( $key !== false ) {
unset( self::$trainer_pages[$key] );
}
}
}
}
Reference in a new issue View git blame Copy permalink