-
Andreas Gohr authored
This adds a new method that capsulates the access check that has to be done to decide if an admin plugin's page should be shown to the user. The default implementation is the same as before, relying only on the forAdminOnly() method and the users' isadmin or ismanager status. Admin plugins themselves can override the method to do additional checks. In this patch, I added that to the usermanager plugin which will only return true if the current auth backend can list users. However the real idea behind this change is that the new method emits a new event called ADMINPLUGIN_ACCESS_CHECK which would allow plugins to overwrite it. This way it could be possible to give certain user groups access to certain admin plugins without giving them admin or manager permissions. Note: this does not change how the "Admin" link is shown, it still depends on ismanager or isadmin. A plugin as mentioned above would need to influence the display via the MENU_ITEMS_ASSEMBLY event. Note: this only covers the basic access check. Admin plugins may need further adjustments for access to other parts of the plugin (like AJAX components). An additional commit will update this for the bundled plugins.
Andreas Gohr authoredThis adds a new method that capsulates the access check that has to be done to decide if an admin plugin's page should be shown to the user. The default implementation is the same as before, relying only on the forAdminOnly() method and the users' isadmin or ismanager status. Admin plugins themselves can override the method to do additional checks. In this patch, I added that to the usermanager plugin which will only return true if the current auth backend can list users. However the real idea behind this change is that the new method emits a new event called ADMINPLUGIN_ACCESS_CHECK which would allow plugins to overwrite it. This way it could be possible to give certain user groups access to certain admin plugins without giving them admin or manager permissions. Note: this does not change how the "Admin" link is shown, it still depends on ismanager or isadmin. A plugin as mentioned above would need to influence the display via the MENU_ITEMS_ASSEMBLY event. Note: this only covers the basic access check. Admin plugins may need further adjustments for access to other parts of the plugin (like AJAX components). An additional commit will update this for the bundled plugins.
Code owners
Assign users and groups as approvers for specific file changes. Learn more.
admin.php 3.14 KiB
<?php
/**
* Admin Plugin Prototype
*
* @license GPL 2 (http://www.gnu.org/licenses/gpl.html)
* @author Christopher Smith <chris@jalakai.co.uk>
*/
// must be run within Dokuwiki
if(!defined('DOKU_INC')) die();
/**
* All DokuWiki plugins to extend the admin function
* need to inherit from this class
*/
class DokuWiki_Admin_Plugin extends DokuWiki_Plugin {
/**
* Return the text that is displayed at the main admin menu
* (Default localized language string 'menu' is returned, override this function for setting another name)
*
* @param string $language language code
* @return string menu string
*/
public function getMenuText($language) {
$menutext = $this->getLang('menu');
if (!$menutext) {
$info = $this->getInfo();
$menutext = $info['name'].' ...';
}
return $menutext;
}
/**
* Return the path to the icon being displayed in the main admin menu.
* By default it tries to find an 'admin.svg' file in the plugin directory.
* (Override this function for setting another image)
*
* Important: you have to return a single path, monochrome SVG icon! It has to be
* under 2 Kilobytes!
*
* We recommend icons from https://materialdesignicons.com/ or to use a matching
* style.
*
* @return string full path to the icon file
*/
public function getMenuIcon() {
$plugin = $this->getPluginName();
return DOKU_PLUGIN . $plugin . '/admin.svg';
}
/**
* Determine position in list in admin window
* Lower values are sorted up
*
* @return int
*/
public function getMenuSort() {
return 1000;
}
/**
* Carry out required processing
*/
public function handle() {
trigger_error('handle() not implemented in '.get_class($this), E_USER_WARNING);
}
/**
* Output html of the admin page
*/ public function html() {
trigger_error('html() not implemented in '.get_class($this), E_USER_WARNING);
}
/**
* Checks if access should be granted to this admin plugin
*
* @return bool true if the current user may access this admin plugin
*/
public function isAccessibleByCurrentUser() {
global $INFO;
$data['hasAccess'] = false;
$event = new Doku_Event('ADMINPLUGIN_ACCESS_CHECK', $data);
if($event->advise_before()) {
if ($this->forAdminOnly()) {
$data['hasAccess'] = $INFO['isadmin'];
} else {
$data['hasAccess'] = $INFO['ismanager'];
}
}
$event->advise_after();
return $data['hasAccess'];
}
/**
* Return true for access only by admins (config:superuser) or false if managers are allowed as well
*
* @return bool
*/
public function forAdminOnly() {
return true;
}
/**
* Return array with ToC items. Items can be created with the html_mktocitem()
*
* @see html_mktocitem()
* @see tpl_toc()
*
* @return array
*/
public function getTOC(){
return array();
}
}
//Setup VIM: ex: et ts=4 :