add event to check access to admin plugins
This adds a new method that capsulates the access check that has to be done to decide if an admin plugin's page should be shown to the user. The default implementation is the same as before, relying only on the forAdminOnly() method and the users' isadmin or ismanager status. Admin plugins themselves can override the method to do additional checks. In this patch, I added that to the usermanager plugin which will only return true if the current auth backend can list users. However the real idea behind this change is that the new method emits a new event called ADMINPLUGIN_ACCESS_CHECK which would allow plugins to overwrite it. This way it could be possible to give certain user groups access to certain admin plugins without giving them admin or manager permissions. Note: this does not change how the "Admin" link is shown, it still depends on ismanager or isadmin. A plugin as mentioned above would need to influence the display via the MENU_ITEMS_ASSEMBLY event. Note: this only covers the basic access check. Admin plugins may need further adjustments for access to other parts of the plugin (like AJAX components). An additional commit will update this for the bundled plugins.
Showing
- inc/Action/Admin.php 1 addition, 1 deletioninc/Action/Admin.php
- inc/Ui/Admin.php 53 additions, 59 deletionsinc/Ui/Admin.php
- inc/pluginutils.php 1 addition, 1 deletioninc/pluginutils.php
- lib/plugins/admin.php 23 additions, 0 deletionslib/plugins/admin.php
- lib/plugins/usermanager/admin.php 18 additions, 0 deletionslib/plugins/usermanager/admin.php
Loading
Please register or sign in to comment