From 7e8ca9caf2f35232fb0df8207b99e1aba9a6f070 Mon Sep 17 00:00:00 2001
From: William Earnhardt <wearnhardt@gmail.com>
Date: Thu, 4 May 2023 09:33:10 -0400
Subject: [PATCH 1/2] Fix user cap check

---
 includes/LoginRedirect.php | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/includes/LoginRedirect.php b/includes/LoginRedirect.php
index 624557518..0d80157ea 100644
--- a/includes/LoginRedirect.php
+++ b/includes/LoginRedirect.php
@@ -4,6 +4,7 @@
 use DateTime;
 use NewfoldLabs\WP\Module\Onboarding\Permissions;
 use NewfoldLabs\WP\Module\Onboarding\Data\Options;
+use WP_User;
 
 /**
  * Contains functionalities that redirect users to Onboarding on login to WordPress.
@@ -13,11 +14,19 @@ class LoginRedirect {
 	 * Handles the redirect to onboarding
 	 *
 	 * @param string $original_redirect The requested redirect URL
-	 * @return string
+	 * @return string The filtered url to redirect to
 	 */
 	public static function handle_redirect( $original_redirect ) {
-		// Don't redirect if user is not an admin
-		if ( ! current_user_can( 'manage_options' ) ) {
+		// Current user not always available from wp_get_current_user(), so must reference out of the global
+		global $user;
+		// Loading the login screen, or login failures set $user as a WP_Error object.
+		// We should only override the redirect param if we have a valid logged in user
+		if ( ! ( $user instanceof WP_User ) ) {
+			return $original_redirect;
+		}
+
+		// Only admins should get the onboarding redirect
+		if ( ! user_can( $user, 'manage_options' ) ) {
 			return $original_redirect;
 		}
 

From aee51dc480ba0e0c1f6b50eff7df2a960264c926 Mon Sep 17 00:00:00 2001
From: William Earnhardt <wearnhardt@gmail.com>
Date: Thu, 4 May 2023 09:40:52 -0400
Subject: [PATCH 2/2] Remove use statement and use FQCN for consistency

---
 includes/LoginRedirect.php | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/includes/LoginRedirect.php b/includes/LoginRedirect.php
index 0d80157ea..31129db8e 100644
--- a/includes/LoginRedirect.php
+++ b/includes/LoginRedirect.php
@@ -2,9 +2,7 @@
 namespace NewfoldLabs\WP\Module\Onboarding;
 
 use DateTime;
-use NewfoldLabs\WP\Module\Onboarding\Permissions;
 use NewfoldLabs\WP\Module\Onboarding\Data\Options;
-use WP_User;
 
 /**
  * Contains functionalities that redirect users to Onboarding on login to WordPress.
@@ -21,7 +19,7 @@ public static function handle_redirect( $original_redirect ) {
 		global $user;
 		// Loading the login screen, or login failures set $user as a WP_Error object.
 		// We should only override the redirect param if we have a valid logged in user
-		if ( ! ( $user instanceof WP_User ) ) {
+		if ( ! ( $user instanceof \WP_User ) ) {
 			return $original_redirect;
 		}