Project

General

Profile

Feature #9907

Ability to change error page for non-approved users?

Added by Michael Shields about 1 year ago. Updated about 1 year ago.

Status:
Resolved
Priority name:
Normal
Assignee:
Category name:
-
Target version:
Start date:
2018-06-08
Due date:
% Done:

0%

Estimated time:

Description

Hey everyone,

Is there a way to create a custom page for a private site if a user is not approved to access that site (regardless of if they are a Commons member or not)? For example, if someone goes to CUNY.IS/OIRAP, instead of simply asking them to log in, is it possible to tell them to email an email address to request access?

Thank you!

-Michael

Screenshot_2018-06-11_12-13-43.png (18.7 KB) Screenshot_2018-06-11_12-13-43.png Boone Gorges, 2018-06-11 01:16 PM

Related issues

Related to CUNY Academic Commons - Feature #5525: Mapped domains should be administered over *.commons.gc.cuny.eduResolved2016-05-03

Related to CUNY Academic Commons - Feature #9915: Merge upstream updates in More Privacy OptionsResolved2018-06-12

Related to CUNY Academic Commons - Feature #9916: Remove redirect interstitial from More Privacy OptionsNew2018-06-12

History

#1 Updated by Boone Gorges about 1 year ago

For reference, the question here is related to a site, which has been locked down via More Privacy Options to " I would like my site to be visible only to users I add to it. "

There are two flows in question:
1. Non-logged-in user. The user is sent directly to wp-login.php on the main site.
2. Logged-in user who is not a member of the site. The user sees the interstitial in the screenshot and is redirected to wp-login.php on the main site after 8 seconds.

Part of the confusion here is that there's no status message shown on the login page. This appears to be because we redirect all logins to the main site, which means that MPO's registered_users_login_message() isn't able to work correctly. If it did work, users would at least see a message along the lines of "You must be a registered user to see this site" or whatever. Ray, I'm copying you here because I think that the login behavior is part of 1.13 changes. It's possible that we could fix this by detecting where the wp-login.php request came from (HTTP_REFERER? looking at the redirect_to param? a new URL parameter that we'd add specifically to MPO redirects?), but I'd like your thoughts on it. (Note that we're running a pretty old fork of MPO in mu-plugins, and we might want to consider updating the plugin before modifying it further.)

As for Michael's specific question about having a custom page: This is not currently possible. Is the idea that you'd choose a different page on your site to redirect non-authorized users to? The problem with that is that users wouldn't be authorized to view this page, so we'd need some magic to exclude it from the privacy redirects. Another thought is to be able to customize the "error" text on wp-login.php after redirect, but this requires that we first fix the issue described above.

My recommendation for now is that we do the necessary work to reinstate the lost message that should appear on wp-login.php, which will be general but far better than nothing, and then see where things stand. It could be that this additional language provides enough context for your users, with no further customization required.

#2 Updated by Michael Shields about 1 year ago

Thanks, Boone! This is very helpful. Basically, I just wanted users to see who to contact if they weren't members of the site. It seems like this is how it works for people who are already members of the CUNY Academic Commons but not for people who aren't members.

#3 Updated by Raymond Hoh about 1 year ago

  • Related to Bug #6650: Force SSL for *.commons.gc.cuny.edu pages added

#4 Updated by Raymond Hoh about 1 year ago

  • Related to deleted (Bug #6650: Force SSL for *.commons.gc.cuny.edu pages)

#5 Updated by Raymond Hoh about 1 year ago

  • Related to Feature #5525: Mapped domains should be administered over *.commons.gc.cuny.edu added

#6 Updated by Raymond Hoh about 1 year ago

  • Status changed from New to Resolved

For reference, the question here is related to a site, which has been locked down via More Privacy Options to " I would like my site to be visible only to users I add to it. "

Good catch. This is related to the changes we made to force logins to the main site - #5525.

I did not account for the messaging added by the More Privacy Options plugin. This is now implemented in the following commit - https://github.com/cuny-academic-commons/cac/commit/5a0ad40dcd737fa4ffed499254a389fa2a10a307.

It's possible that we could fix this by detecting where the wp-login.php request came from (HTTP_REFERER? looking at the redirect_to param? a new URL parameter that we'd add specifically to MPO redirects?), but I'd like your thoughts on it.

This is basically what I did. I added a parameter to the login redirect URL so I can track which site requires the additional messaging. Then, I added the message above the login form.

(Note that we're running a pretty old fork of MPO in mu-plugins, and we might want to consider updating the plugin before modifying it further.)

I chose not to update our fork for now because there looked to be some non-trivial changes:
https://github.com/cuny-academic-commons/cac/commits/1.13.x/wp-content/mu-plugins/ds_wp3_private_blog.php

One thing that I'd like to implement is to remove the interstitual for the "I would like my site to be visible only to users I add to it" option. Right now, if a non-site user visits such a site, a gray page with the message "Wait 8 seconds or click to continue" is displayed. After the 8 seconds, the user is redirected to the login page, which also displays similar messaging.

#7 Updated by Boone Gorges about 1 year ago

  • Related to Feature #9915: Merge upstream updates in More Privacy Options added

#8 Updated by Boone Gorges about 1 year ago

  • Related to Feature #9916: Remove redirect interstitial from More Privacy Options added

#9 Updated by Boone Gorges about 1 year ago

Thanks, Ray! I've opened new tickets for merging upstream changes and removing the interstitial.

Michael, have a look at the new behavior after the release later today. The text still is not customizable, but at least it gives some indication to visitors of why they're being redirected; and logged-in users will see a notice about contacting the site's administrator (ie, you) to gain access.

#10 Updated by Michael Shields about 1 year ago

Thanks, guys! I took a look and this looks great!

Also available in: Atom PDF