fix permissions #15

This commit is contained in:
Joshua P Panter 2020-03-07 23:21:04 -05:00
parent 33a551c1b1
commit 531a17db3b
No known key found for this signature in database
GPG Key ID: 59903022E9AC64FC

View File

@ -3,7 +3,7 @@
Plugin Name: Auth Manager Plus Plugin Name: Auth Manager Plus
Plugin URI: https://github.com/joshp23/YOURLS-AuthMgrPlus Plugin URI: https://github.com/joshp23/YOURLS-AuthMgrPlus
Description: Role Based Access Controlls with seperated user data for authenticated users Description: Role Based Access Controlls with seperated user data for authenticated users
Version: 2.1.1 Version: 2.1.2
Author: Josh Panter, nicwaller, Ian Barber <ian.barber@gmail.com> Author: Josh Panter, nicwaller, Ian Barber <ian.barber@gmail.com>
Author URI: https://unfettered.net Author URI: https://unfettered.net
*/ */
@ -528,25 +528,17 @@ function amp_access_keyword( $keyword ) {
// Check user rights to a keyword ( can manage it ) // Check user rights to a keyword ( can manage it )
function amp_manage_keyword( $keyword, $capability ) { function amp_manage_keyword( $keyword, $capability ) {
// only authenticated users can manaage keywords $return = false; // default is to deny access
if ( !amp_is_valid_user() ) if ( amp_is_valid_user() ) { // only authenticated users can manaage keywords
return false; $owner = amp_keyword_owner($keyword);
// Admin? $user = YOURLS_USER !== false ? YOURLS_USER : NULL;
if ( amp_have_capability( ampCap::ManageUsrsURL ) ) if ( amp_have_capability( ampCap::ManageUsrsURL ) // Admin?
return true; || ( $owner === NULL && amp_have_capability( ampCap::ManageAnonURL ) ) // Editor?
// Editor? || ( $owner === $user && amp_have_capability( $capability ) ) ); // Self Edit?
$owner = amp_keyword_owner($keyword); $return = true;
if ( $owner === null && amp_have_capability( ampCap::ManageAnonURL ) ) }
return true; return $return;
else
return false;
// Self Edit?
$user = YOURLS_USER !== false ? YOURLS_USER : NULL;
if ( $owner === $user && amp_have_capability( $capability ) )
return true;
else
return false;
return false;
} }
// Check keyword ownership // Check keyword ownership