I decided to still provide an answer based on the premise of the title backend access per user status
Note this is an explanation to the concept of granting or restricting access based on user statuses (roles or capabilities). So this could or could not be applied directly to your situation since you make use of a third party plugin with it’s own logic. But still, I believe it relevant because I’m showing here some fundamental WP access logic which I’m sure your plugin is based in part or in whole upon.
Now for the long explanation!
Basically, what we want to do is
- Check our current user status level ( I would map statuses to capabilities)
- If status is
activethen grant access to dashboard. - If status is anything other (
pending,canceled,inactive, etc) then redirect to signup page - I’ll keep the complexity low for the purpose of this explanation, but we could check for more contexts and apply different rule for each context. Here it’s going to be “
active” andelse - The logic of attributing and modifying membership levels to a user will be kept out because this is what the membership plugin does (and is beyond the scope of this explanation). So again, I’ll focus on backend access per user status assuming that the status logic is taking care of by another process.
So WP roles and capabilities offer great flexibility to manage a user’s site access and restrictions.
A role is like a container for capabilities and defines the context of a user.
Capabilities are flags on which we can check on to know if an action is permitted or not. For instance edit_posts is a WP capability. Having the check if( current_user_can( 'edit_posts' ) ){ // Do something } will return true if the flag for edit_posts is set, the we do something, if not, it will fail and we can do something else or bail out.
A role can have 1 or more capabilities, we can add custom capabilities to roles and we can remove capabilities from roles. We could also just toggle the flag which is better in terms of DB query (flag toggle are done at runtime so no DB queries)
We could also make custom roles with core capabilities or our own custom ones. That is what makes WP so flexible for many use case.
We can add capabilities on the fly for specific user or special contexts with the use of filters.
Back to your membership plugin. I assume the plugin would do a bunch of checks to see if a membership subscription is valid or not. I also assume that you have at least 2 roles available. Let’s call them Active Members for valid memberships and Inactive Members for memberships that are expired, canceled etc. If you have a user that is not a member yet, he might use WP core role subscriber which has no real capabilities except access his/her profile page. Again, I take for granted that the membership plugin would programmatically change the role of a user based on the validation of his membership status. ( Normally this is/should be done by any (good) membership plugin )
Finally, once all that is set, we would have a function that would use the current_user_can function and user_has_cap filter and modify the user’s access based on is current role. (The current role is based by the plugins verification of membership status)
Here’s an example based on what I just layed out. Our Active Members roles should have a capability to see_premium_content (or whatever this is for the example) which our Inactive Members would not or be set to false. Based on that, we would need 2 functions to check and restrict. It would look something like this.
add_action( 'init', 'wpse_backend_access_rules' );
function wpse_backend_access_rules(){
// check to see if current logged in user can "see_premium_content" add restriction if not by modifying capabilities
if( ! current_user_can( 'see_premium_content' ) ){
add_filter( 'user_has_cap', 'inactive_membership_cap_filter', 10, 3 );
}
}
function inactive_membership_cap_filter( $allcaps, $cap, $args ) {
// give only permission to access own profile in dashboard.
// On the profile dashboard, you can output a message inviting to sign up again.
$allcaps = array(
'read' => true
);
return $allcaps;
}