After login, redirect to admin only if user is allowed #1961

jajm · 2022-10-24T15:05:12Z

By default all roles have access to administration dashboard but modules can change permissions or create new roles that forbid access to it. Users with that kind of role should not be redirected to the admin dashboard, as they will land on an error page (with a confusing "Successfully logged in" message)

This patch verify that the user is allowed to see the admin dashboard before redirecting to it. If the user is not allowed, it will be redirected to the front page

To test:

Install https://omeka.org/s/modules/GuestRole
Create a user with the role "guest"
Log out
Go to /login (do not click on "Admin dashboard" link to go to the login form or you will still be redirected to /admin after login)
Try to login with the guest user. You should be redirected to the front page
Log out
Try to login with an admin user. You should be redirected to the admin dashboard

By default all roles have access to administration dashboard but modules can change permissions or create new roles that forbid access to it. Users with that kind of role should not be redirected to the admin dashboard, as they will land on an error page (with a confusing "Successfully logged in" message) This patch verify that the user is allowed to see the admin dashboard before redirecting to it. If the user is not allowed, it will be redirected to the front page

zerocrates merged commit 13b78cd into omeka:develop Dec 19, 2023

jajm deleted the redirect-to-admin-only-if-allowed branch December 20, 2023 07:30

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

After login, redirect to admin only if user is allowed #1961

After login, redirect to admin only if user is allowed #1961

jajm commented Oct 24, 2022

After login, redirect to admin only if user is allowed #1961

After login, redirect to admin only if user is allowed #1961

Conversation

jajm commented Oct 24, 2022