Only intercept admin page load after authentication occurs, so anonymous access always results in login screen.
This commit is contained in:
parent
a443013339
commit
10457d70c6
@ -52,12 +52,15 @@ function authmgr_intercept_api() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
yourls_add_action( 'admin_init', 'authmgr_intercept_admin' );
|
yourls_add_action( 'auth_successful', 'authmgr_intercept_admin' );
|
||||||
/**
|
/**
|
||||||
* YOURLS processes most actions in the admin page. It would be ideal
|
* YOURLS processes most actions in the admin page. It would be ideal
|
||||||
* to add a unique hook for each action, but unfortunately we need to
|
* to add a unique hook for each action, but unfortunately we need to
|
||||||
* hook the admin page load itself, and try to figure out what action
|
* hook the admin page load itself, and try to figure out what action
|
||||||
* is intended.
|
* is intended.
|
||||||
|
*
|
||||||
|
* At this point, reasonably assume that the current request is for
|
||||||
|
* a rendering of the admin page.
|
||||||
*/
|
*/
|
||||||
function authmgr_intercept_admin() {
|
function authmgr_intercept_admin() {
|
||||||
authmgr_require_capability( AuthmgrCapability::ShowAdmin );
|
authmgr_require_capability( AuthmgrCapability::ShowAdmin );
|
||||||
@ -124,6 +127,12 @@ function authmgr_html_append_roles( $original ) {
|
|||||||
*/
|
*/
|
||||||
function authmgr_require_capability( $capability ) {
|
function authmgr_require_capability( $capability ) {
|
||||||
if ( !authmgr_have_capability( $capability ) ) {
|
if ( !authmgr_have_capability( $capability ) ) {
|
||||||
|
// If the user can't view admin interface, return a plain error.
|
||||||
|
if ( !authmgr_have_capability( AuthmgrCapability::ShowAdmin ) ) {
|
||||||
|
header("HTTP/1.0 403 Forbidden");
|
||||||
|
die('Require permissions to show admin interface.');
|
||||||
|
}
|
||||||
|
// Otherwise, render errors in admin interface
|
||||||
yourls_redirect( yourls_admin_url( '?access=denied' ), 302 );
|
yourls_redirect( yourls_admin_url( '?access=denied' ), 302 );
|
||||||
die();
|
die();
|
||||||
}
|
}
|
||||||
@ -310,7 +319,6 @@ function authmgr_environment_check() {
|
|||||||
if ( !isset( $authmgr_anon_capabilities) ) {
|
if ( !isset( $authmgr_anon_capabilities) ) {
|
||||||
$authmgr_anon_capabilities = array(
|
$authmgr_anon_capabilities = array(
|
||||||
AuthmgrCapability::API,
|
AuthmgrCapability::API,
|
||||||
AuthmgrCapability::ShowAdmin,
|
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user