Only intercept admin page load after authentication occurs, so anonymous access always results in login screen.

This commit is contained in:
Nic Waller 2013-06-01 06:42:27 +00:00
parent a443013339
commit 10457d70c6

View File

@ -52,12 +52,15 @@ function authmgr_intercept_api() {
} }
yourls_add_action( 'admin_init', 'authmgr_intercept_admin' ); yourls_add_action( 'auth_successful', 'authmgr_intercept_admin' );
/** /**
* YOURLS processes most actions in the admin page. It would be ideal * YOURLS processes most actions in the admin page. It would be ideal
* to add a unique hook for each action, but unfortunately we need to * to add a unique hook for each action, but unfortunately we need to
* hook the admin page load itself, and try to figure out what action * hook the admin page load itself, and try to figure out what action
* is intended. * is intended.
*
* At this point, reasonably assume that the current request is for
* a rendering of the admin page.
*/ */
function authmgr_intercept_admin() { function authmgr_intercept_admin() {
authmgr_require_capability( AuthmgrCapability::ShowAdmin ); authmgr_require_capability( AuthmgrCapability::ShowAdmin );
@ -124,6 +127,12 @@ function authmgr_html_append_roles( $original ) {
*/ */
function authmgr_require_capability( $capability ) { function authmgr_require_capability( $capability ) {
if ( !authmgr_have_capability( $capability ) ) { if ( !authmgr_have_capability( $capability ) ) {
// If the user can't view admin interface, return a plain error.
if ( !authmgr_have_capability( AuthmgrCapability::ShowAdmin ) ) {
header("HTTP/1.0 403 Forbidden");
die('Require permissions to show admin interface.');
}
// Otherwise, render errors in admin interface
yourls_redirect( yourls_admin_url( '?access=denied' ), 302 ); yourls_redirect( yourls_admin_url( '?access=denied' ), 302 );
die(); die();
} }
@ -310,7 +319,6 @@ function authmgr_environment_check() {
if ( !isset( $authmgr_anon_capabilities) ) { if ( !isset( $authmgr_anon_capabilities) ) {
$authmgr_anon_capabilities = array( $authmgr_anon_capabilities = array(
AuthmgrCapability::API, AuthmgrCapability::API,
AuthmgrCapability::ShowAdmin,
); );
} }