Do you wonder why some users at WooCommerce enabled site have access to the top admin bar and WordPress admin dashboard, but some users don’t?
It is by design: WooCommerce plugin developers decided for us for whom they allow access to WordPress admin dashboard and for whom they prohibit it. But thanks them for the professionalism – it is possible to change that default WooCommerce logic via special filters.
WooCommerce has two code snippets which blocks access to the WordPress admin dashboard for the users without needed permissions:
WooCommerce admin dashboard access
1st one is located at woocommerce/includes/admin/class-wc-admin.php file (line #138) and redirects user with insufficient permissions to the front-end user account page:
/**
* Prevent any user who cannot 'edit_posts' (subscribers, customers etc) from accessing admin.
*/
public function prevent_admin_access() {
$prevent_access = false;
if ( 'yes' === get_option( 'woocommerce_lock_down_admin', 'yes' ) && ! is_ajax() && basename( $_SERVER["SCRIPT_FILENAME"] ) !== 'admin-post.php' ) {
$has_cap = false;
$access_caps = array( 'edit_posts', 'manage_woocommerce', 'view_admin_dashboard' );
foreach ( $access_caps as $access_cap ) {
if ( current_user_can( $access_cap ) ) {
$has_cap = true;
break;
}
}
if ( ! $has_cap ) {
$prevent_access = true;
}
}
if ( apply_filters( 'woocommerce_prevent_admin_access', $prevent_access ) ) {
wp_safe_redirect( wc_get_page_permalink( 'myaccount' ) );
exit;
}
}
WooCommerce admin bar access
2nd one is located at woocommerce/includes/wc-user-functions.php file (line #17) and disables admin top menu bar for user with insufficient permissions:
/**
* Prevent any user who cannot 'edit_posts' (subscribers, customers etc) from seeing the admin bar
*
* Note: get_option( 'woocommerce_lock_down_admin', true ) is a deprecated option here for backwards compat. Defaults to true.
*
* @access public
* @param bool $show_admin_bar
* @return bool
*/
function wc_disable_admin_bar( $show_admin_bar ) {
if ( apply_filters( 'woocommerce_disable_admin_bar', get_option( 'woocommerce_lock_down_admin', 'yes' ) === 'yes' ) && ! ( current_user_can( 'edit_posts' ) || current_user_can( 'manage_woocommerce' ) ) ) {
$show_admin_bar = false;
}
return $show_admin_bar;
}
Who has access to the admin bar
Access to the admin bar and admin dashboard is allowed to the users with ‘manage_woocommerce’ or ‘edit_posts’ capabilities. Access to the admin back-end is allowed to the users with “view_admin_dashboard” capability. All other users will be redirected to the front-end user account page and never see top admin menu bar.
Provide access to the admin bar for other users
It is possible to provide access to the top admin menu bar and admin dashboard for all users. We may change WooCommerce default logic using its filters. Use this code snippet:
add_filter('woocommerce_disable_admin_bar', '_wc_disable_admin_bar', 10, 1);
function _wc_disable_admin_bar($prevent_admin_access) {
return false;
}
add_filter('woocommerce_prevent_admin_access', '_wc_prevent_admin_access', 10, 1);
function _wc_prevent_admin_access($prevent_admin_access) {
return false;
}
Just place it to the functions.php file of your active WordPress theme. All registered users will have access to your admin dashboard and see top admin menu bar at front-end after that.
If you wish to allow such access for the selected role only, like ‘example_role’, use this modified code:
add_filter('woocommerce_disable_admin_bar', '_wc_disable_admin_bar', 10, 1);
function _wc_disable_admin_bar($prevent_admin_access) {
if (!current_user_can('example_role')) {
return $prevent_admin_access;
}
return false;
}
add_filter('woocommerce_prevent_admin_access', '_wc_prevent_admin_access', 10, 1);
function _wc_prevent_admin_access($prevent_admin_access) {
if (!current_user_can('example_role')) {
return $prevent_admin_access;
}
return false;
}
If you don’t wish to allow access the the top admin menu bar, but just wish to allow access to the admin back-end add ‘view_admin_dashboard’ user capability to the user role. This capability does not exists by default, you need to create it manually.
