Project

General

Profile

Actions

Feature #9907

closed

Ability to change error page for non-approved users?

Added by Michael Shields over 6 years ago. Updated over 6 years ago.

Status:
Resolved
Priority name:
Normal
Assignee:
Category name:
-
Target version:
Start date:
2018-06-08
Due date:
% Done:

0%

Estimated time:
Deployment actions:

Description

Hey everyone,

Is there a way to create a custom page for a private site if a user is not approved to access that site (regardless of if they are a Commons member or not)? For example, if someone goes to CUNY.IS/OIRAP, instead of simply asking them to log in, is it possible to tell them to email an email address to request access?

Thank you!

-Michael


Files

Screenshot_2018-06-11_12-13-43.png (18.7 KB) Screenshot_2018-06-11_12-13-43.png Boone Gorges, 2018-06-11 01:16 PM

Related issues

Related to CUNY Academic Commons - Feature #5525: Mapped domains should be administered over *.commons.gc.cuny.eduResolvedRaymond Hoh2016-05-03

Actions
Related to CUNY Academic Commons - Feature #9915: Merge upstream updates in More Privacy OptionsResolvedBoone Gorges2018-06-12

Actions
Related to CUNY Academic Commons - Feature #9916: Remove redirect interstitial from More Privacy OptionsResolvedRaymond Hoh2018-06-12

Actions
Related to CUNY Academic Commons - Bug #11855: "More Privacy Options" message not showing on login pageResolvedRaymond Hoh2019-09-13

Actions
Actions #1

Updated by Boone Gorges over 6 years ago

For reference, the question here is related to a site, which has been locked down via More Privacy Options to " I would like my site to be visible only to users I add to it. "

There are two flows in question:
1. Non-logged-in user. The user is sent directly to wp-login.php on the main site.
2. Logged-in user who is not a member of the site. The user sees the interstitial in the screenshot and is redirected to wp-login.php on the main site after 8 seconds.

Part of the confusion here is that there's no status message shown on the login page. This appears to be because we redirect all logins to the main site, which means that MPO's registered_users_login_message() isn't able to work correctly. If it did work, users would at least see a message along the lines of "You must be a registered user to see this site" or whatever. Ray, I'm copying you here because I think that the login behavior is part of 1.13 changes. It's possible that we could fix this by detecting where the wp-login.php request came from (HTTP_REFERER? looking at the redirect_to param? a new URL parameter that we'd add specifically to MPO redirects?), but I'd like your thoughts on it. (Note that we're running a pretty old fork of MPO in mu-plugins, and we might want to consider updating the plugin before modifying it further.)

As for Michael's specific question about having a custom page: This is not currently possible. Is the idea that you'd choose a different page on your site to redirect non-authorized users to? The problem with that is that users wouldn't be authorized to view this page, so we'd need some magic to exclude it from the privacy redirects. Another thought is to be able to customize the "error" text on wp-login.php after redirect, but this requires that we first fix the issue described above.

My recommendation for now is that we do the necessary work to reinstate the lost message that should appear on wp-login.php, which will be general but far better than nothing, and then see where things stand. It could be that this additional language provides enough context for your users, with no further customization required.

Actions #2

Updated by Michael Shields over 6 years ago

Thanks, Boone! This is very helpful. Basically, I just wanted users to see who to contact if they weren't members of the site. It seems like this is how it works for people who are already members of the CUNY Academic Commons but not for people who aren't members.

Actions #3

Updated by Raymond Hoh over 6 years ago

  • Related to Bug #6650: Force SSL for *.commons.gc.cuny.edu pages added
Actions #4

Updated by Raymond Hoh over 6 years ago

  • Related to deleted (Bug #6650: Force SSL for *.commons.gc.cuny.edu pages)
Actions #5

Updated by Raymond Hoh over 6 years ago

  • Related to Feature #5525: Mapped domains should be administered over *.commons.gc.cuny.edu added
Actions #6

Updated by Raymond Hoh over 6 years ago

  • Status changed from New to Resolved

For reference, the question here is related to a site, which has been locked down via More Privacy Options to " I would like my site to be visible only to users I add to it. "

Good catch. This is related to the changes we made to force logins to the main site - #5525.

I did not account for the messaging added by the More Privacy Options plugin. This is now implemented in the following commit - https://github.com/cuny-academic-commons/cac/commit/5a0ad40dcd737fa4ffed499254a389fa2a10a307.

It's possible that we could fix this by detecting where the wp-login.php request came from (HTTP_REFERER? looking at the redirect_to param? a new URL parameter that we'd add specifically to MPO redirects?), but I'd like your thoughts on it.

This is basically what I did. I added a parameter to the login redirect URL so I can track which site requires the additional messaging. Then, I added the message above the login form.

(Note that we're running a pretty old fork of MPO in mu-plugins, and we might want to consider updating the plugin before modifying it further.)

I chose not to update our fork for now because there looked to be some non-trivial changes:
https://github.com/cuny-academic-commons/cac/commits/1.13.x/wp-content/mu-plugins/ds_wp3_private_blog.php

One thing that I'd like to implement is to remove the interstitual for the "I would like my site to be visible only to users I add to it" option. Right now, if a non-site user visits such a site, a gray page with the message "Wait 8 seconds or click to continue" is displayed. After the 8 seconds, the user is redirected to the login page, which also displays similar messaging.

Actions #7

Updated by Boone Gorges over 6 years ago

  • Related to Feature #9915: Merge upstream updates in More Privacy Options added
Actions #8

Updated by Boone Gorges over 6 years ago

  • Related to Feature #9916: Remove redirect interstitial from More Privacy Options added
Actions #9

Updated by Boone Gorges over 6 years ago

Thanks, Ray! I've opened new tickets for merging upstream changes and removing the interstitial.

Michael, have a look at the new behavior after the release later today. The text still is not customizable, but at least it gives some indication to visitors of why they're being redirected; and logged-in users will see a notice about contacting the site's administrator (ie, you) to gain access.

Actions #10

Updated by Michael Shields over 6 years ago

Thanks, guys! I took a look and this looks great!

Actions #11

Updated by Raymond Hoh about 5 years ago

  • Related to Bug #11855: "More Privacy Options" message not showing on login page added
Actions

Also available in: Atom PDF