Access Denied Redirect
The AAM_Framework_Service_AccessDeniedRedirect service manages how AAM responds when access to a protected resource is denied.
This service allows developers to define custom behaviors for different application areas:
- Frontend
- WordPress backend
- REST/API requests
Typical use cases include:
- Redirecting unauthorized users to a login page
- Redirecting users to a custom URL
- Showing a custom message
- Executing a callback
- Returning default WordPress behavior
Definition
class AAM_Framework_Service_AccessDeniedRedirect {
public set_redirect(string $area, array $redirect) : bool
public get_redirect(string $area = null) : array
public reset(string $area = null) : bool
}
Supported Areas
The service supports the following areas:
| Area | Description |
|---|---|
frontend | Public website pages |
backend | WordPress admin dashboard |
api | REST API and other programmatic endpoints |
Supported Redirect Types
The following redirect types are supported:
| Type | Description |
|---|---|
default | Use WordPress/AAM default access denied behavior |
custom_message | Display a custom message |
page_redirect | Redirect to an internal WordPress page |
url_redirect | Redirect to an external or custom URL |
trigger_callback | Execute a custom PHP callback |
login_redirect | Redirect user to the login page |
Service Methods
set_redirect
Configure access denied behavior for a specific area.
public function set_redirect(string $area, array $redirect) : bool
Parameters
$area
Target application area.
Allowed values:
frontend
backend
api
$redirect
Redirect configuration array.
The incoming array may contain the following fields:
[
'type' => 'string',
'page_slug' => 'string',
'page_id' => 'numeric',
'url' => 'string',
'callback' => 'string',
'message' => 'string',
'http_status_code' => 'numeric'
]
Return Value
| Type | Description |
|---|---|
bool | Returns true on success |
Exceptions
Internally, the service throws an InvalidArgumentException if the $area argument is empty.
get_redirect
Retrieve configured redirect settings.
public function get_redirect(string $area = null) : array
Parameters
$area
Optional target area. If omitted, all configured areas are returned.
Return Value
Return Single Area
[
'type' => 'default'
]
Return All Areas
[
'frontend' => [
'type' => 'default'
],
'backend' => [
'type' => 'default'
],
'api' => [
'type' => 'default'
]
]
Default Behavior
If no redirect is configured for a specific area, the service automatically returns:
[
'type' => 'default'
]
reset
Reset redirect configuration.
public function reset(string $area = null) : bool
Parameters
$area
Optional target area. If omitted, all redirect settings are removed.
Return Value
| Type | Description |
|---|---|
bool | Returns true on success |
Redirect Configuration Models
Default Redirect
Use standard AAM/WordPress access denied handling.
[
'type' => 'default'
]
Custom Message
Display a custom access denied message.
[
'type' => 'custom_message',
'message' => 'You are not allowed to access this resource.'
]
Internal Page Redirect
Redirect users to a WordPress page.
Using Page ID
[
'type' => 'page_redirect',
'page_id' => 42
]
Using Page Slug
[
'type' => 'page_redirect',
'page_slug' => 'membership-required'
]
URL Redirect
Redirect users to a custom URL.
[
'type' => 'url_redirect',
'url' => 'https://example.com/upgrade-account'
]
Optional HTTP status code:
[
'type' => 'url_redirect',
'url' => 'https://example.com/login',
'http_status_code' => 302
]
Callback Trigger
Execute a custom PHP callback.
[
'type' => 'trigger_callback',
'callback' => 'my_custom_access_denied_handler'
]
Example callback:
function my_custom_access_denied_handler() {
wp_die('Custom access denied response');
}
Login Redirect
Redirect unauthorized users to the WordPress login page.
[
'type' => 'login_redirect'
]
Usage Examples
Configure Frontend Redirect
$service = AAM::api()->access_denied_redirect();
$service->set_redirect('frontend', [
'type' => 'login_redirect'
]);
Configure Backend Redirect
$service = AAM::api()->access_denied_redirect();
$service->set_redirect('backend', [
'type' => 'custom_message',
'message' => 'Administrator access required.'
]);
Configure API Redirect
$service = AAM::api()->access_denied_redirect();
$service->set_redirect('api', [
'type' => 'url_redirect',
'url' => 'https://example.com/api-access-required'
]);
Retrieve All Redirect Rules
$service = AAM::api()->access_denied_redirect();
$rules = $service->get_redirect();
Retrieve Frontend Rule
$frontend = $service->get_redirect('frontend');
Reset Frontend Redirect
$service->reset('frontend');
Reset All Redirects
$service->reset();
Internal Sanitization
The service sanitizes incoming redirect data through:
$this->redirect->sanitize_redirect(...)
Only redirect types listed in ALLOWED_REDIRECT_TYPES are accepted.
Notes
Area Validation
Although the class defines allowed areas internally:
frontend
backend
api
the set_redirect() method does not explicitly validate them. Developers should ensure valid area names are used.
Redirect Model Validation
The service sanitizes redirect data but does not fully validate all fields or field combinations.
For example:
page_redirectshould contain eitherpage_idorpage_slugurl_redirectshould contain a valid URLtrigger_callbackshould reference a valid callable
Developers are responsible for providing valid configurations.
Virtual Assistant