adjust bundled plugins that check for admin permissions

This adjusts the bundled plugins to do their admin permission checks based on their admin component's isAccessibleByCurrentUser() method instead of doing their own isAdmin checks.

adjust bundled plugins that check for admin permissions
This adjusts the bundled plugins to do their admin permission checks based on their admin component's isAccessibleByCurrentUser() method instead of doing their own isAdmin checks.
dda9db03 · Andreas Gohr · 32adf586 · dda9db03 · dda9db03 · dda9db03
Commit dda9db03 authored 6 years ago by Andreas Gohr
--- a/lib/plugins/acl/action.php
+++ b/lib/plugins/acl/action.php
@@ -34,7 +34,7 @@ class action_plugin_acl extends DokuWiki_Action_Plugin {
     * @return void
     */

-    public function handle_ajax_call_acl(Doku_Event &$event, $param) {
+    public function handle_ajax_call_acl(Doku_Event $event, $param) {
        if($event->data !== 'plugin_acl') {
            return;
        }
@@ -44,7 +44,10 @@ class action_plugin_acl extends DokuWiki_Action_Plugin {
        global $ID;
        global $INPUT;

-        if(!auth_isadmin()) {
+        /** @var $acl admin_plugin_acl */
+        $acl = plugin_load('admin', 'acl');
+
+        if(!$acl->isAccessibleByCurrentUser()) {
            echo 'for admins only';
            return;
        }
@@ -54,9 +57,6 @@ class action_plugin_acl extends DokuWiki_Action_Plugin {
        }

        $ID = getID();
-
-        /** @var $acl admin_plugin_acl */
-        $acl = plugin_load('admin', 'acl');
        $acl->handle();

        $ajax = $INPUT->str('ajax');

--- a/lib/plugins/extension/action.php
+++ b/lib/plugins/extension/action.php
@@ -36,7 +36,9 @@ class action_plugin_extension extends DokuWiki_Action_Plugin {
        $event->preventDefault();
        $event->stopPropagation();

-        if(empty($_SERVER['REMOTE_USER']) || !auth_isadmin($_SERVER['REMOTE_USER'], $USERINFO['grps'])) {
+        /** @var admin_plugin_extension $admin */
+        $admin = plugin_load('admin', 'extension');
+        if(!$admin->isAccessibleByCurrentUser()) {
            http_status(403);
            echo 'Forbidden';
            exit;

--- a/lib/plugins/styling/action.php
+++ b/lib/plugins/styling/action.php
@@ -41,7 +41,9 @@ class action_plugin_styling extends DokuWiki_Action_Plugin {
        global $ACT;
        global $INPUT;
        if($ACT != 'admin' || $INPUT->str('page') != 'styling') return;
-        if(!auth_isadmin()) return;
+        /** @var admin_plugin_styling $admin */
+        $admin = plugin_load('admin', 'styling');
+        if(!$admin->isAccessibleByCurrentUser()) return;

        // set preview
        $len = count($event->data['link']);

--- a/lib/plugins/styling/popup.php
+++ b/lib/plugins/styling/popup.php
@@ -8,7 +8,7 @@ header('X-UA-Compatible: IE=edge,chrome=1');

 /** @var admin_plugin_styling $plugin */
 $plugin = plugin_load('admin', 'styling');
-if(!auth_isadmin()) die('only admins allowed');
+if(!$plugin->isAccessibleByCurrentUser()) die('only admins allowed');
 $plugin->ispopup = true;

 // handle posts