From 33e1402ce4762eeaf49a70e48db6219de5192198 Mon Sep 17 00:00:00 2001 From: joshp Date: Sat, 13 Mar 2021 00:43:02 -0500 Subject: [PATCH] remove disallowed buttons from admin page --- README.md | 4 ++-- authMgrPlus/plugin.php | 42 +++++++++++++++++++++++++++++++++++++++++- 2 files changed, 43 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index fc46f7c..f56301a 100644 --- a/README.md +++ b/README.md @@ -11,7 +11,7 @@ Features - All plugin pages, including main management page, hidden to non-admins by default. Easy to unblock pages. - Plenty of hooks to filter Roles, Role Capabilities, and _any_ of the default data environemnt (such as plugin page visibility) - Fine(r) tuned API access -- PHP 7 compatible +- PHP 8 compatible - No tracking of admins or editors by default Requirements @@ -73,7 +73,7 @@ $amp_allowed_plugin_pages = array( ``` Explore the code to see how to set `$amp_role_capabilities` and `$amp_anon_capabilities`. These are set to defaults in the `amp_env_check()` function. -You can also assign a default role to all logged-in users that have no explicit role: +You can also assign a default role to all logged-in users that have no explicit role (note, case sensative): ``` $amp_default_role = "Editor"; ``` diff --git a/authMgrPlus/plugin.php b/authMgrPlus/plugin.php index 1a0e842..f0e97f6 100644 --- a/authMgrPlus/plugin.php +++ b/authMgrPlus/plugin.php @@ -3,7 +3,7 @@ Plugin Name: Auth Manager Plus Plugin URI: https://github.com/joshp23/YOURLS-AuthMgrPlus Description: Role Based Access Controlls with seperated user data for authenticated users -Version: 2.2.5 +Version: 2.2.6 Author: Josh Panter, nicwaller, Ian Barber Author URI: https://unfettered.net */ @@ -24,6 +24,7 @@ class ampCap { const AddURL = 'AddURL'; const DeleteURL = 'DeleteURL'; const EditURL = 'EditURL'; + const ShareURL = 'ShareURL'; const Traceless = 'Traceless'; const ManageAnonURL = 'ManageAnonURL'; const ManageUsrsURL = 'ManageUsrsURL'; @@ -149,6 +150,41 @@ function amp_intercept_admin() { } } +/* + * Cosmetic filter: removes disallowed buttons from link list per short link +*/ + +yourls_add_filter( 'table_add_row_action_array', 'amp_ajax_button_check' ); +function amp_ajax_button_check( $actions, $keyword ) { + // define the amp capabilities that map to the buttons + $button_cap_map = array('stats' => ampCap::ViewStats, + 'share' => ampCap::ShareURL, + 'edit' => ampCap::EditURL, + 'delete' => ampCap::DeleteURL, + ); + + $button_cap_map = yourls_apply_filter( 'amp_button_capability_map', $button_cap_map ); + + // define restricted buttons + $restricted_buttons = array('delete', 'edit'); + if ( 'YOURLS_PRIVATE_INFOS' === true ) + array_push( $restricted_buttons, 'stats'); + + $restricted_buttons = yourls_apply_filter( 'amp_restricted_buttons', $restricted_buttons ); + + // unset any disallowed buttons + foreach ( $actions as $action => $vars ) { + $cap_needed = $button_cap_map[$action]; + if ( in_array( $action, $restricted_buttons) ) + $show = amp_manage_keyword( $keyword, $cap_needed ); + else + $show = amp_have_capability( $cap_needed ); + if (!$show) + unset( $actions[$action] ); + } + return $actions; +} + /* * Cosmetic filter: removes disallowed plugins from link list */ @@ -383,6 +419,7 @@ function amp_env_check() { ampCap::AddURL, ampCap::EditURL, ampCap::DeleteURL, + ampCap::ShareURL, ampCap::Traceless, ampCap::ManageAnonURL, ampCap::ManageUsrsURL, @@ -397,6 +434,7 @@ function amp_env_check() { ampCap::AddURL, ampCap::EditURL, ampCap::DeleteURL, + ampCap::ShareURL, ampCap::Traceless, ampCap::ManageAnonURL, ampCap::APIu, @@ -408,6 +446,7 @@ function amp_env_check() { ampCap::AddURL, ampCap::EditURL, ampCap::DeleteURL, + ampCap::ShareURL, ampCap::APIu, ampCap::ViewStats, ), @@ -479,6 +518,7 @@ function amp_current_capabilities() { ampCap::AddURL, ampCap::EditURL, ampCap::DeleteURL, + ampCap::ShareURL, ampCap::Traceless, ampCap::ManageAnonURL, ampCap::ManageUsrsURL,