fix permissions #15

2020-03-07 23:21:04 -05:00 · 2020-03-07 23:21:04 -05:00 · 531a17db3b
parent 33a551c1b1
commit 531a17db3b
1 changed files with 12 additions and 20 deletions
--- a/authMgrPlus/plugin.php
+++ b/authMgrPlus/plugin.php
@ -3,7 +3,7 @@
 Plugin Name: Auth Manager Plus
 Plugin URI:  https://github.com/joshp23/YOURLS-AuthMgrPlus
 Description: Role Based Access Controlls with seperated user data for authenticated users
-Version:     2.1.1
+Version:     2.1.2
 Author:      Josh Panter, nicwaller, Ian Barber <ian.barber@gmail.com>
 Author URI:  https://unfettered.net
 */
@ -528,25 +528,17 @@ function amp_access_keyword( $keyword ) {
 // Check user rights to a keyword ( can manage it )
 function amp_manage_keyword( $keyword, $capability ) {
-	// only authenticated users can manaage keywords
+	$return = false; 				// default is to deny access
-	if ( !amp_is_valid_user() )
+	if ( amp_is_valid_user() ) { 	// only authenticated users can manaage keywords
-		return false;
+		$owner = amp_keyword_owner($keyword);
-	// Admin?
+		$user = YOURLS_USER !== false ? YOURLS_USER : NULL;
-	if ( amp_have_capability( ampCap::ManageUsrsURL ) )
+		if ( amp_have_capability( ampCap::ManageUsrsURL )							// Admin?
-		return true;
+			|| ( $owner === NULL && amp_have_capability( ampCap::ManageAnonURL ) )	// Editor?
-	// Editor?
+			|| ( $owner === $user && amp_have_capability( $capability ) ) );		// Self Edit?
-	$owner = amp_keyword_owner($keyword);
+			$return = true;
-	if ( $owner === null && amp_have_capability( ampCap::ManageAnonURL ) )
+	}
-		return true;
+	return $return;
-	else
+
 		return false;
 	// Self Edit?
 	$user = YOURLS_USER !== false ? YOURLS_USER : NULL;
 	if ( $owner === $user && amp_have_capability( $capability ) )
 			return true;
 		else
 			return false;
 	return false;
 }
 // Check keyword ownership