Restore logic that got dropped when fixing merge conflicts.

trustedlogin · Oct 30, 2017 · 3f6d9e8 · 3f6d9e8
1 parent d988560
commit 3f6d9e8
Showing 1 changed file with 70 additions and 6 deletions.
diff --git a/inc/class-rda-remove-access.php b/inc/class-rda-remove-access.php
@@ -81,43 +81,107 @@ public function lock_it_up() {
 	}
 
 	/**
-	 * Hides menus other than profile.php.
+	 * Hides menus other than allowed admin pages.
+	 *
+	 * Note: It is up to third-party developers to handle capability checking for any allowed pages.
 	 *
 	 * @since 1.1
 	 */
 	public function hide_menus() {
 		/** @global array $menu */
 		global $menu;
 
+		/** @global array $submenu */
+		global $submenu;
+
+		// Drop menu pages.
 		if ( ! empty( $menu ) && is_array( $menu ) ) {
-			// Gather menu IDs (minus profile.php).
+			// Gather menu IDs (minus allowed pages).
 			foreach ( $menu as $index => $values ) {
 
-				if ( isset( $values[2] ) && 'profile.php' === $values[2] ) {
+				if ( isset( $values[2] ) && in_array( $values[2], $this->get_allowed_pages(), true ) ) {
 					continue;
 				}
 
 				// Remove menu pages.
 				remove_menu_page( $values[2] );
 			}
 		}
+
+		// Drop submenu pages.
+		if ( ! empty( $submenu ) && is_array( $submenu ) ) {
+			// Gather submenu IDs (minus allowed pages).
+			foreach ( $submenu as $parent => $positions ) {
+				foreach ( $positions as $position => $entry ) {
+					if ( isset( $entry[2] ) && in_array( $entry[2], $this->get_allowed_pages(), true ) ) {
+						continue;
+					}
+
+					remove_submenu_page( $parent, $entry[2] );
+				}
+
+			}
+		}
 	}
 
 	/**
 	 * Handles the redirect for disallowed users.
 	 *
 	 * @since 0.1
 	 */
-	public function dashboard_redirect() {
+	function dashboard_redirect() {
 		/** @global string $pagenow */
 		global $pagenow;
 
-		if ( 'profile.php' !== $pagenow || ! $this->settings['enable_profile'] ) {
-			wp_redirect( $this->settings['redirect_url'] );
+		/**
+		 * Filters the URL to redirect disallowed users to.
+		 *
+		 * If the redirect URL passed to this hook is empty, the redirect will be skipped.
+		 *
+		 * Example to disable the redirect:
+		 *
+		 *     add_filter( 'rda_redirect_url', '__return_empty_string' );
+		 *
+		 * @since 1.2.0
+		 *
+		 * @param string             $url   URL to redirect disallowed users to.
+		 * @param \RDA_Remove_Access $this  RDA_Remove_Access instance.
+		 */
+		$redirect_url = apply_filters( 'rda_redirect_url', $this->settings['redirect_url'], $this );
+
+		if ( ( ! in_array( (string) $pagenow, $this->get_allowed_pages(), true ) || ! $this->settings['enable_profile'] )
+		     && ! empty( $redirect_url )
+		) {
+			wp_redirect( $redirect_url );
 			exit;
 		}
 	}
 
+	/**
+	 * Retrieves the list of pages restricted users can access in the admin.
+	 *
+	 * Note: It is up to third-party developers to handle capability checking for any allowed pages.
+	 *
+	 * @since 1.2
+	 *
+	 * @return array List of allowed pages.
+	 */
+	public function get_allowed_pages() {
+
+		/**
+		 * Filters the list of pages restricted users can access in the admin.
+		 *
+		 * Note: It is up to third-party developers to handle capability checking for any allowed pages.
+		 *
+		 * @since 1.2
+		 *
+		 * @param array $pages List of allowed pages.
+		 */
+		$allowed_pages = apply_filters( 'rda_allowed_pages', array( 'profile.php' ) );
+
+		return array_merge( $allowed_pages, array( 'profile.php' ) );
+	}
+
 	/**
 	 * Hides Toolbar items for disallowed users.
 	 *