vmario
/
YOURLS-AuthMgrPlus
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

AuthMgrPlus -> amp 

fic `YOURLS_USER` in db for anon
This commit is contained in:
Joshua P Panter 2019-09-26 21:01:08 -04:00
parent 101d459dde
commit 7e2aba130d
No known key found for this signature in database
GPG Key ID: 59903022E9AC64FC
1 changed files with 157 additions and 158 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

315
authMgrPlus/plugin.php
View File

@ -3,7 +3,7 @@
Plugin Name: Auth Manager Plus Plugin Name: Auth Manager Plus
Plugin URI: https://github.com/joshp23/YOURLS-AuthMgrPlus Plugin URI: https://github.com/joshp23/YOURLS-AuthMgrPlus
Description: Role Based Access Controlls with seperated user data for authenticated users Description: Role Based Access Controlls with seperated user data for authenticated users
Version: 1.0.3 Version: 1.0.4
Author: Josh Panter, nicwaller, Ian Barber <ian.barber@gmail.com> Author: Josh Panter, nicwaller, Ian Barber <ian.barber@gmail.com>
Author URI: https://unfettered.net Author URI: https://unfettered.net
*/ */
@ -13,12 +13,13 @@ if( !defined( 'YOURLS_ABSPATH' ) ) die();
/****************** SET UP CONSTANTS ******************/ /****************** SET UP CONSTANTS ******************/
class AuthMgrPlusRoles { const Administrator = 'Administrator'; class ampRoles {
const Administrator = 'Administrator';
const Editor = 'Editor'; const Editor = 'Editor';
const Contributor = 'Contributor'; const Contributor = 'Contributor';
} }
class AuthMgrPlusCapability { class ampCap {
const ShowAdmin = 'ShowAdmin'; const ShowAdmin = 'ShowAdmin';
const AddURL = 'AddURL'; const AddURL = 'AddURL';
const DeleteURL = 'DeleteURL'; const DeleteURL = 'DeleteURL';
@ -34,25 +35,25 @@ class AuthMgrPlusCapability {
/********** Add hooks to intercept functionality in CORE **********/ /********** Add hooks to intercept functionality in CORE **********/
yourls_add_action( 'load_template_infos', 'authMgrPlus_intercept_stats' ); yourls_add_action( 'load_template_infos', 'amp_intercept_stats' );
function authMgrPlus_intercept_stats() { function amp_intercept_stats() {
if ( 'YOURLS_PRIVATE_INFOS' === true ) { if ( 'YOURLS_PRIVATE_INFOS' === true ) {
authMgrPlus_require_capability( AuthMgrPlusCapability::ViewStats ); amp_require_capability( ampCap::ViewStats );
} }
} }
yourls_add_action( 'api', 'authMgrPlus_intercept_api' ); yourls_add_action( 'api', 'amp_intercept_api' );
function authMgrPlus_intercept_api() { function amp_intercept_api() {
if ( 'YOURLS_PRIVATE_API' === true ) { if ( 'YOURLS_PRIVATE_API' === true ) {
if ( isset( $_REQUEST['shorturl'] ) || isset( $_REQUEST['stats'] ) ) { if ( isset( $_REQUEST['shorturl'] ) || isset( $_REQUEST['stats'] ) ) {
authMgrPlus_require_capability( AuthMgrPlusCapability::APIu ); amp_require_capability( ampCap::APIu );
} else { } else {
authMgrPlus_require_capability( AuthMgrPlusCapability::API ); amp_require_capability( ampCap::API );
} }
} }
} }
yourls_add_action( 'auth_successful', 'authMgrPlus_intercept_admin' ); yourls_add_action( 'auth_successful', 'amp_intercept_admin' );
/** /**
* YOURLS processes most actions in the admin page. It would be ideal * YOURLS processes most actions in the admin page. It would be ideal
* to add a unique hook for each action, but unfortunately we need to * to add a unique hook for each action, but unfortunately we need to
@ -64,8 +65,8 @@ yourls_add_action( 'auth_successful', 'authMgrPlus_intercept_admin' );
* At this point, reasonably assume that the current request is for * At this point, reasonably assume that the current request is for
* a rendering of the admin page. * a rendering of the admin page.
*/ */
function authMgrPlus_intercept_admin() { function amp_intercept_admin() {
authMgrPlus_require_capability( authMgrPlusCapability::ShowAdmin ); amp_require_capability( ampCap::ShowAdmin );
// we use this GET param to send up a feedback notice to user // we use this GET param to send up a feedback notice to user
if ( isset( $_GET['access'] ) && $_GET['access']=='denied' ) { if ( isset( $_GET['access'] ) && $_GET['access']=='denied' ) {
@ -73,15 +74,15 @@ function authMgrPlus_intercept_admin() {
} }
$action_capability_map = array( $action_capability_map = array(
'add' => AuthMgrPlusCapability::AddURL, 'add' => ampCap::AddURL,
'delete' => AuthMgrPlusCapability::DeleteURL, 'delete' => ampCap::DeleteURL,
'edit_display' => AuthMgrPlusCapability::EditURL, 'edit_display' => ampCap::EditURL,
'edit_save' => AuthMgrPlusCapability::EditURL, 'edit_save' => ampCap::EditURL,
'activate' => AuthMgrPlusCapability::ManagePlugins, 'activate' => ampCap::ManagePlugins,
'deactivate' => AuthMgrPlusCapability::ManagePlugins, 'deactivate' => ampCap::ManagePlugins,
); );
// allow manipulation of this list ( be mindfull of extending Authmp Capability class if needed ) // allow manipulation of this list ( be mindfull of extending Authmp Capability class if needed )
yourls_apply_filter( 'authMgrPlus_action_capability_map', $action_capability_map); yourls_apply_filter( 'amp_action_capability_map', $action_capability_map);
// Key actions like Add/Edit/Delete are AJAX requests // Key actions like Add/Edit/Delete are AJAX requests
if ( yourls_is_Ajax() ) { if ( yourls_is_Ajax() ) {
@ -93,7 +94,7 @@ function authMgrPlus_intercept_admin() {
); );
// Allow some flexability with those boundaries // Allow some flexability with those boundaries
yourls_apply_filter( 'AuthMgrPlus_restricted_ajax_actions', $restricted_actions ); yourls_apply_filter( 'amp_restricted_ajax_actions', $restricted_actions );
$action_keyword = $_REQUEST['action']; $action_keyword = $_REQUEST['action'];
$cap_needed = $action_capability_map[$action_keyword]; $cap_needed = $action_capability_map[$action_keyword];
@ -101,9 +102,9 @@ function authMgrPlus_intercept_admin() {
// Check the action against those boundaries // Check the action against those boundaries
if ( in_array( $action_keyword, $restricted_actions) ) { if ( in_array( $action_keyword, $restricted_actions) ) {
$keyword = $_REQUEST['keyword']; $keyword = $_REQUEST['keyword'];
$do = authMgrPlus_manage_keyword( $keyword, $cap_needed ); $do = amp_manage_keyword( $keyword, $cap_needed );
} else { } else {
$do = authMgrPlus_have_capability( $cap_needed ); $do = amp_have_capability( $cap_needed );
} }
if ( $do !== true ) { if ( $do !== true ) {
@ -122,16 +123,16 @@ function authMgrPlus_intercept_admin() {
// Is this a plugin page request? // Is this a plugin page request?
if ( isset( $_REQUEST['page'] ) ) { if ( isset( $_REQUEST['page'] ) ) {
// Is this an allowed plugin? // Is this an allowed plugin?
global $authMgrPlus_allowed_plugin_pages; global $amp_allowed_plugin_pages;
if ( authMgrPlus_have_capability( authMgrPlusCapability::ManagePlugins ) !== true) { if ( amp_have_capability( ampCap::ManagePlugins ) !== true) {
$r = $_REQUEST['page']; $r = $_REQUEST['page'];
if(!in_array($r, $authMgrPlus_allowed_plugin_pages ) ) { if(!in_array($r, $amp_allowed_plugin_pages ) ) {
yourls_redirect( yourls_admin_url( '?access=denied' ), 302 ); yourls_redirect( yourls_admin_url( '?access=denied' ), 302 );
} }
} }
} else { } else {
// Should this user touch plugins? // Should this user touch plugins?
if ( authMgrPlus_have_capability( AuthMgrPlusCapability::ManagePlugins ) !== true) { if ( amp_have_capability( ampCap::ManagePlugins ) !== true) {
yourls_redirect( yourls_admin_url( '?access=denied' ), 302 ); yourls_redirect( yourls_admin_url( '?access=denied' ), 302 );
} }
} }
@ -140,7 +141,7 @@ function authMgrPlus_intercept_admin() {
if (isset( $_REQUEST['plugin'] ) ) { if (isset( $_REQUEST['plugin'] ) ) {
$action_keyword = $_REQUEST['action']; $action_keyword = $_REQUEST['action'];
$cap_needed = $action_capability_map[$action_keyword]; $cap_needed = $action_capability_map[$action_keyword];
if ( $cap_needed !== NULL && authMgrPlus_have_capability( $cap_needed ) !== true) { if ( $cap_needed !== NULL && amp_have_capability( $cap_needed ) !== true) {
yourls_redirect( yourls_admin_url( '?access=denied' ), 302 ); yourls_redirect( yourls_admin_url( '?access=denied' ), 302 );
} }
} }
@ -150,15 +151,15 @@ function authMgrPlus_intercept_admin() {
* Cosmetic filter: removes disallowed plugins from link list * Cosmetic filter: removes disallowed plugins from link list
*/ */
if( yourls_is_admin() ) { if( yourls_is_admin() ) {
yourls_add_filter( 'admin_sublinks', 'authMgrPlus_admin_sublinks' ); yourls_add_filter( 'admin_sublinks', 'amp_admin_sublinks' );
} }
function authMgrPlus_admin_sublinks( $links ) { function amp_admin_sublinks( $links ) {
global $authMgrPlus_allowed_plugin_pages; global $amp_allowed_plugin_pages;
if ( authMgrPlus_have_capability( AuthMgrPlusCapability::ManagePlugins ) !== true) { if ( amp_have_capability( ampCap::ManagePlugins ) !== true) {
foreach( $links['plugins'] as $link => $ar ) { foreach( $links['plugins'] as $link => $ar ) {
if(!in_array($link, $authMgrPlus_allowed_plugin_pages) ) if(!in_array($link, $amp_allowed_plugin_pages) )
unset($links['plugins'][$link]); unset($links['plugins'][$link]);
} }
} }
@ -170,11 +171,11 @@ function authMgrPlus_admin_sublinks( $links ) {
* Cosmetic filter: displays currently available roles * Cosmetic filter: displays currently available roles
* by hovering mouse over the username in logout link. * by hovering mouse over the username in logout link.
*/ */
yourls_add_filter( 'logout_link', 'authMgrPlus_html_append_roles' ); yourls_add_filter( 'logout_link', 'amp_html_append_roles' );
function authMgrPlus_html_append_roles( $original ) { function amp_html_append_roles( $original ) {
$authenticated = yourls_is_valid_user(); $authenticated = yourls_is_valid_user();
if ( $authenticated === true ) { if ( $authenticated === true ) {
$listcaps = implode(', ', authMgrPlus_current_capabilities()); $listcaps = implode(', ', amp_current_capabilities());
return '<div title="'.$listcaps.'">'.$original.'</div>'; return '<div title="'.$listcaps.'">'.$original.'</div>';
} else { } else {
return $original; return $original;
@ -188,10 +189,10 @@ function authMgrPlus_html_append_roles( $original ) {
* This is the most basic way to intercept unauthorized usage. * This is the most basic way to intercept unauthorized usage.
*/ */
// TODO: API responses! // TODO: API responses!
function authMgrPlus_require_capability( $capability ) { function amp_require_capability( $capability ) {
if ( !authMgrPlus_have_capability( $capability ) ) { if ( !amp_have_capability( $capability ) ) {
// If the user can't view admin interface, return a plain error. // If the user can't view admin interface, return a plain error.
if ( !authMgrPlus_have_capability( AuthMgrPlusCapability::ShowAdmin ) ) { if ( !amp_have_capability( ampCap::ShowAdmin ) ) {
// header("HTTP/1.0 403 Forbidden"); // header("HTTP/1.0 403 Forbidden");
die('Require permissions to show admin interface.'); die('Require permissions to show admin interface.');
} }
@ -202,17 +203,17 @@ function authMgrPlus_require_capability( $capability ) {
} }
// Heart of system - Can the user do "X"? // Heart of system - Can the user do "X"?
function authMgrPlus_have_capability( $capability ) { function amp_have_capability( $capability ) {
global $authMgrPlus_anon_capabilities; global $amp_anon_capabilities;
global $authMgrPlus_role_capabilities; global $amp_role_capabilities;
global $authMgrPlus_admin_ipranges; global $amp_admin_ipranges;
// Make sure the environment has been setup // Make sure the environment has been setup
authMgrPlus_env_check(); amp_env_check();
// Check anon capabilities // Check anon capabilities
$return = in_array( $capability, $authMgrPlus_anon_capabilities ); $return = in_array( $capability, $amp_anon_capabilities );
// Check user-role based auth // Check user-role based auth
if( !$return ) { if( !$return ) {
@ -222,9 +223,10 @@ function authMgrPlus_have_capability( $capability ) {
return false; return false;
// List capabilities of particular user role // List capabilities of particular user role
$user = defined( YOURLS_USER ) ? YOURLS_USER : NULL;
$user_caps = array(); $user_caps = array();
foreach ( $authMgrPlus_role_capabilities as $rolename => $rolecaps ) { foreach ( $amp_role_capabilities as $rolename => $rolecaps ) {
if ( authMgrPlus_user_has_role( YOURLS_USER, $rolename ) ) { if ( amp_user_has_role( $user, $rolename ) ) {
$user_caps = array_merge( $user_caps, $rolecaps ); $user_caps = array_merge( $user_caps, $rolecaps );
} }
} }
@ -236,8 +238,8 @@ function authMgrPlus_have_capability( $capability ) {
// Is user connecting from an admin designated IP? // Is user connecting from an admin designated IP?
if( !$return ) { if( !$return ) {
// the array of ranges: '127.0.0.0/8' will always be admin // the array of ranges: '127.0.0.0/8' will always be admin
foreach ($authMgrPlus_admin_ipranges as $range) { foreach ($amp_admin_ipranges as $range) {
$return = authMgrPlus_cidr_match( $_SERVER['REMOTE_ADDR'], $range ); $return = amp_cidr_match( $_SERVER['REMOTE_ADDR'], $range );
if( $return ) if( $return )
break; break;
} }
@ -246,13 +248,13 @@ function authMgrPlus_have_capability( $capability ) {
} }
// Determine whether a specific user has a role. // Determine whether a specific user has a role.
function authMgrPlus_user_has_role( $username, $rolename ) { function amp_user_has_role( $username, $rolename ) {
global $authMgrPlus_role_assignment; global $amp_role_assignment;
// if no role assignments are created, grant everything FIXME: Make 'admin' // if no role assignments are created, grant everything FIXME: Make 'admin'
// so the site still works even if stuff is configured wrong // so the site still works even if stuff is configured wrong
if ( empty( $authMgrPlus_role_assignment ) ) if ( empty( $amp_role_assignment ) )
return true; return true;
// do this the case-insensitive way // do this the case-insensitive way
@ -261,10 +263,10 @@ function authMgrPlus_user_has_role( $username, $rolename ) {
$rolename = strtolower($rolename); $rolename = strtolower($rolename);
// if the role doesn't exist, give up now. // if the role doesn't exist, give up now.
if ( !in_array( $rolename, array_keys( $authMgrPlus_role_assignment ) ) ) if ( !in_array( $rolename, array_keys( $amp_role_assignment ) ) )
return false; return false;
$users_in_role = $authMgrPlus_role_assignment[$rolename]; $users_in_role = $amp_role_assignment[$rolename];
return in_array( $username, $users_in_role ); return in_array( $username, $users_in_role );
} }
@ -272,13 +274,13 @@ function authMgrPlus_user_has_role( $username, $rolename ) {
// Filter out restricted access to keyword data in... // Filter out restricted access to keyword data in...
// Admin list // Admin list
yourls_add_filter( 'admin_list_where', 'authMgrPlus_admin_list_where' ); yourls_add_filter( 'admin_list_where', 'amp_admin_list_where' );
function authMgrPlus_admin_list_where($where) { function amp_admin_list_where($where) {
if ( authMgrPlus_have_capability( AuthMgrPlusCapability::ViewAll ) ) if ( amp_have_capability( ampCap::ViewAll ) )
return $where; // Allow admin/editor users to see the lot. return $where; // Allow admin/editor users to see the lot.
$user = YOURLS_USER; $user = defined( YOURLS_USER ) ? YOURLS_USER : NULL;
if (version_compare(YOURLS_VERSION, '1.7.3') >= 0) { if (version_compare(YOURLS_VERSION, '1.7.3') >= 0) {
$where['sql'] = $where['sql'] . " AND (`user` = :user OR `user` IS NULL) "; $where['sql'] = $where['sql'] . " AND (`user` = :user OR `user` IS NULL) ";
$where['binds']['user'] = $user; $where['binds']['user'] = $user;
@ -289,21 +291,21 @@ function authMgrPlus_admin_list_where($where) {
return $where; return $where;
} }
// API stats // API stats
yourls_add_filter( 'api_url_stats', 'authMgrPlus_api_url_stats' ); yourls_add_filter( 'api_url_stats', 'amp_api_url_stats' );
function authMgrPlus_api_url_stats( $return, $shorturl ) { function amp_api_url_stats( $return, $shorturl ) {
$keyword = str_replace( YOURLS_SITE . '/' , '', $shorturl ); // accept either 'http://ozh.in/abc' or 'abc' $keyword = str_replace( YOURLS_SITE . '/' , '', $shorturl ); // accept either 'http://ozh.in/abc' or 'abc'
$keyword = yourls_sanitize_string( $keyword ); $keyword = yourls_sanitize_string( $keyword );
$keyword = addslashes($keyword); $keyword = addslashes($keyword);
if(authMgrPlus_access_keyword($keyword)) if(amp_access_keyword($keyword))
return $return; return $return;
else else
return array('simple' => "URL is owned by another user", 'message' => 'URL is owned by another user', 'errorCode' => 403); return array('simple' => "URL is owned by another user", 'message' => 'URL is owned by another user', 'errorCode' => 403);
} }
// Info pages // Info pages
yourls_add_action( 'pre_yourls_infos', 'authMgrPlus_pre_yourls_infos' ); yourls_add_action( 'pre_yourls_infos', 'amp_pre_yourls_infos' );
function authMgrPlus_pre_yourls_infos( $keyword ) { function amp_pre_yourls_infos( $keyword ) {
if( !authMgrPlus_access_keyword($keyword) ) { if( !amp_access_keyword($keyword) ) {
$authenticated = yourls_is_valid_user(); $authenticated = yourls_is_valid_user();
if ( $authenticated === true ) if ( $authenticated === true )
yourls_redirect( yourls_admin_url( '?access=denied' ), 302 ); yourls_redirect( yourls_admin_url( '?access=denied' ), 302 );
@ -313,16 +315,16 @@ function authMgrPlus_pre_yourls_infos( $keyword ) {
} }
// DB stats // DB stats
yourls_add_filter( 'get_db_stats', 'authMgrPlus_get_db_stats' ); yourls_add_filter( 'get_db_stats', 'amp_get_db_stats' );
function authMgrPlus_get_db_stats( $return, $where ) { function amp_get_db_stats( $return, $where ) {
if ( authMgrPlus_have_capability( AuthMgrPlusCapability::ViewAll ) ) if ( amp_have_capability( ampCap::ViewAll ) )
return $return; // Allow admin/editor users to see the lot. return $return; // Allow admin/editor users to see the lot.
// or... filter results // or... filter results
global $ydb; global $ydb;
$table_url = YOURLS_DB_TABLE_URL; $table_url = YOURLS_DB_TABLE_URL;
$user = YOURLS_USER; $user = defined( YOURLS_USER ) ? YOURLS_USER : NULL;
if (version_compare(YOURLS_VERSION, '1.7.3') >= 0) { if (version_compare(YOURLS_VERSION, '1.7.3') >= 0) {
$where['sql'] = $where['sql'] . " AND (`user` = :user OR `user` IS NULL) "; $where['sql'] = $where['sql'] . " AND (`user` = :user OR `user` IS NULL) ";
$where['binds']['user'] = $user; $where['binds']['user'] = $user;
@ -340,95 +342,95 @@ function authMgrPlus_get_db_stats( $return, $where ) {
/********************* HOUSEKEEPING ************************/ /********************* HOUSEKEEPING ************************/
// Validate environment setup // Validate environment setup
function authMgrPlus_env_check() { function amp_env_check() {
global $authMgrPlus_anon_capabilities; global $amp_anon_capabilities;
global $authMgrPlus_role_capabilities; global $amp_role_capabilities;
global $authMgrPlus_role_assignment; global $amp_role_assignment;
global $authMgrPlus_admin_ipranges; global $amp_admin_ipranges;
global $authMgrPlus_allowed_plugin_pages; global $amp_allowed_plugin_pages;
if ( !isset( $authMgrPlus_anon_capabilities) ) { if ( !isset( $amp_anon_capabilities) ) {
$authMgrPlus_anon_capabilities = array(); $amp_anon_capabilities = array();
} }
if ( !isset( $authMgrPlus_role_capabilities) ) { if ( !isset( $amp_role_capabilities) ) {
$authMgrPlus_role_capabilities = array( $amp_role_capabilities = array(
AuthMgrPlusRoles::Administrator => array( ampRoles::Administrator => array(
AuthMgrPlusCapability::ShowAdmin, ampCap::ShowAdmin,
AuthMgrPlusCapability::AddURL, ampCap::AddURL,
AuthMgrPlusCapability::EditURL, ampCap::EditURL,
AuthMgrPlusCapability::DeleteURL, ampCap::DeleteURL,
AuthMgrPlusCapability::ManageAnonURL, ampCap::ManageAnonURL,
AuthMgrPlusCapability::ManageUsrsURL, ampCap::ManageUsrsURL,
AuthMgrPlusCapability::ManagePlugins, ampCap::ManagePlugins,
AuthMgrPlusCapability::API, ampCap::API,
AuthMgrPlusCapability::APIu, ampCap::APIu,
AuthMgrPlusCapability::ViewStats, ampCap::ViewStats,
AuthMgrPlusCapability::ViewAll, ampCap::ViewAll,
), ),
AuthMgrPlusRoles::Editor => array( ampRoles::Editor => array(
AuthMgrPlusCapability::ShowAdmin, ampCap::ShowAdmin,
AuthMgrPlusCapability::AddURL, ampCap::AddURL,
AuthMgrPlusCapability::EditURL, ampCap::EditURL,
AuthMgrPlusCapability::DeleteURL, ampCap::DeleteURL,
AuthMgrPlusCapability::ManageAnonURL, ampCap::ManageAnonURL,
AuthMgrPlusCapability::APIu, ampCap::APIu,
AuthMgrPlusCapability::ViewStats, ampCap::ViewStats,
AuthMgrPlusCapability::ViewAll, ampCap::ViewAll,
), ),
AuthMgrPlusRoles::Contributor => array( ampRoles::Contributor => array(
AuthMgrPlusCapability::ShowAdmin, ampCap::ShowAdmin,
AuthMgrPlusCapability::AddURL, ampCap::AddURL,
AuthMgrPlusCapability::EditURL, ampCap::EditURL,
AuthMgrPlusCapability::DeleteURL, ampCap::DeleteURL,
AuthMgrPlusCapability::APIu, ampCap::APIu,
AuthMgrPlusCapability::ViewStats, ampCap::ViewStats,
), ),
); );
} }
if ( !isset( $authMgrPlus_role_assignment ) ) { if ( !isset( $amp_role_assignment ) ) {
$authMgrPlus_role_assignment = array(); $amp_role_assignment = array();
} }
if ( !isset( $authMgrPlus_admin_ipranges ) ) { if ( !isset( $amp_admin_ipranges ) ) {
$authMgrPlus_admin_ipranges = array( $amp_admin_ipranges = array(
'127.0.0.0/8', '127.0.0.0/8',
); );
} }
if ( !isset( $authMgrPlus_allowed_plugin_pages ) ) { if ( !isset( $amp_allowed_plugin_pages ) ) {
$authMgrPlus_allowed_plugin_pages = array( $amp_allowed_plugin_pages = array(
); );
} }
// convert role assignment table to lower case if it hasn't been done already // convert role assignment table to lower case if it hasn't been done already
// this makes searches much easier! // this makes searches much easier!
$authMgrPlus_role_assignment_lower = array(); $amp_role_assignment_lower = array();
foreach ( $authMgrPlus_role_assignment as $key => $value ) { foreach ( $amp_role_assignment as $key => $value ) {
$t_key = strtolower( $key ); $t_key = strtolower( $key );
$t_value = array_map('strtolower', $value); $t_value = array_map('strtolower', $value);
$authMgrPlus_role_assignment_lower[$t_key] = $t_value; $amp_role_assignment_lower[$t_key] = $t_value;
} }
$authMgrPlus_role_assignment = $authMgrPlus_role_assignment_lower; $amp_role_assignment = $amp_role_assignment_lower;
unset($authMgrPlus_role_assignment_lower); unset($amp_role_assignment_lower);
// allow manipulation of env by other plugins // allow manipulation of env by other plugins
// be mindfull of extending AuthMgrPlusCapability and AuthMgrPlusRoles classes if needed // be mindfull of extending ampCap and ampRoles classes if needed
$a = $authMgrPlus_anon_capabilities; $a = $amp_anon_capabilities;
$b = $authMgrPlus_role_capabilities; $b = $amp_role_capabilities;
$c = $authMgrPlus_role_assignment; $c = $amp_role_assignment;
$d = $authMgrPlus_admin_ipranges; $d = $amp_admin_ipranges;
$e = $authMgrPlus_allowed_plugin_pages; $e = $amp_allowed_plugin_pages;
yourls_apply_filter( 'authMgrPlus_env_check', $a, $b, $c, $d, $e ); yourls_apply_filter( 'amp_env_check', $a, $b, $c, $d, $e );
return true; return true;
} }
// Activation: add the user column to the URL table if not added // Activation: add the user column to the URL table if not added
yourls_add_action( 'activated_authMgrPlus/plugin.php', 'authMgrPlus_activated' ); yourls_add_action( 'activated_authMgrPlus/plugin.php', 'amp_activated' );
function authMgrPlus_activated() { function amp_activated() {
global $ydb; global $ydb;
$table = YOURLS_DB_TABLE_URL; $table = YOURLS_DB_TABLE_URL;
@ -460,26 +462,26 @@ function authMgrPlus_activated() {
/***************** HELPER FUNCTIONS ********************/ /***************** HELPER FUNCTIONS ********************/
// List currently available capabilities // List currently available capabilities
function authMgrPlus_current_capabilities() { function amp_current_capabilities() {
$current_capabilities = array(); $current_capabilities = array();
$all_capabilities = array( $all_capabilities = array(
AuthMgrPlusCapability::ShowAdmin, ampCap::ShowAdmin,
AuthMgrPlusCapability::AddURL, ampCap::AddURL,
AuthMgrPlusCapability::EditURL, ampCap::EditURL,
AuthMgrPlusCapability::DeleteURL, ampCap::DeleteURL,
AuthMgrPlusCapability::ManageAnonURL, ampCap::ManageAnonURL,
AuthMgrPlusCapability::ManageUsrsURL, ampCap::ManageUsrsURL,
AuthMgrPlusCapability::ManagePlugins, ampCap::ManagePlugins,
AuthMgrPlusCapability::API, ampCap::API,
AuthMgrPlusCapability::APIu, ampCap::APIu,
AuthMgrPlusCapability::ViewStats, ampCap::ViewStats,
AuthMgrPlusCapability::ViewAll, ampCap::ViewAll,
); );
// allow manipulation of this list ( be mindfull of extending the AuthMgrPlusCapability class if needed ) // allow manipulation of this list ( be mindfull of extending the ampCap class if needed )
yourls_apply_filter( 'authMgrPlus_current_capabilities', $all_capabilities); yourls_apply_filter( 'amp_current_capabilities', $all_capabilities);
foreach ( $all_capabilities as $cap ) { foreach ( $all_capabilities as $cap ) {
if ( authMgrPlus_have_capability( $cap ) ) { if ( amp_have_capability( $cap ) ) {
$current_capabilities[] = $cap; $current_capabilities[] = $cap;
} }
} }
@ -489,7 +491,7 @@ function authMgrPlus_current_capabilities() {
// Check for IP in a range // Check for IP in a range
// from: http://stackoverflow.com/questions/594112/matching-an-ip-to-a-cidr-mask-in-php5 // from: http://stackoverflow.com/questions/594112/matching-an-ip-to-a-cidr-mask-in-php5
function authMgrPlus_cidr_match($ip, $range) { function amp_cidr_match($ip, $range) {
list ($subnet, $bits) = explode('/', $range); list ($subnet, $bits) = explode('/', $range);
$ip = ip2long($ip); $ip = ip2long($ip);
$subnet = ip2long($subnet); $subnet = ip2long($subnet);
@ -499,17 +501,14 @@ function authMgrPlus_cidr_match($ip, $range) {
} }
// Check user access to a keyword ( can they see it ) // Check user access to a keyword ( can they see it )
function authMgrPlus_access_keyword( $keyword ) { function amp_access_keyword( $keyword ) {
global $ydb; global $ydb;
if ( authMgrPlus_have_capability( AuthMgrPlusCapability::ViewAll ) ) if ( amp_have_capability( ampCap::ViewAll ) )
return true; return true;
$table = YOURLS_DB_TABLE_URL; $table = YOURLS_DB_TABLE_URL;
$user = null; $user = defined( YOURLS_USER ) ? YOURLS_USER : NULL;
if(defined( YOURLS_USER ))
$user = YOURLS_USER;
if (version_compare(YOURLS_VERSION, '1.7.3') >= 0) { if (version_compare(YOURLS_VERSION, '1.7.3') >= 0) {
$binds = array( 'keyword' => $keyword, 'user' => $user); $binds = array( 'keyword' => $keyword, 'user' => $user);
$sql = "SELECT 1 FROM `$table` WHERE (`user` IS NULL OR `user` = :user) AND `keyword` = :keyword"; $sql = "SELECT 1 FROM `$table` WHERE (`user` IS NULL OR `user` = :user) AND `keyword` = :keyword";
@ -520,27 +519,27 @@ function authMgrPlus_access_keyword( $keyword ) {
return $result > 0; return $result > 0;
} }
// Check user rights to a keyword ( can manage it ) // Check user rights to a keyword ( can manage it )
function authMgrPlus_manage_keyword( $keyword, $capability ) { function amp_manage_keyword( $keyword, $capability ) {
// only authenticated users can manaage keywords // only authenticated users can manaage keywords
$authenticated = yourls_is_valid_user(); $authenticated = yourls_is_valid_user();
if ( $authenticated !== true ) if ( $authenticated !== true )
return false; return false;
// Admin? // Admin?
if ( authMgrPlus_have_capability( AuthMgrPlusCapability::ManageUsrsURL ) ) if ( amp_have_capability( ampCap::ManageUsrsURL ) )
return true; return true;
// Editor? // Editor?
$owner = authMgrPlus_keyword_owner($keyword); $owner = amp_keyword_owner($keyword);
if ( $owner === null ) { if ( $owner === null ) {
if ( authMgrPlus_have_capability( AuthMgrPlusCapability::ManageAnonURL ) ) { if ( amp_have_capability( ampCap::ManageAnonURL ) ) {
return true; return true;
} else { } else {
return false; return false;
} }
} }
// Self Edit? // Self Edit?
$user = YOURLS_USER; $user = defined( YOURLS_USER ) ? YOURLS_USER : NULL;
if ( $owner === $user ) { if ( $owner === $user ) {
if ( authMgrPlus_have_capability( $capability ) ) { if ( amp_have_capability( $capability ) ) {
return true; return true;
} else { } else {
return false; return false;
@ -550,7 +549,7 @@ function authMgrPlus_manage_keyword( $keyword, $capability ) {
return false; return false;
} }
// Check keyword ownership // Check keyword ownership
function authMgrPlus_keyword_owner( $keyword ) { function amp_keyword_owner( $keyword ) {
global $ydb; global $ydb;
$table = YOURLS_DB_TABLE_URL; $table = YOURLS_DB_TABLE_URL;
@ -565,12 +564,12 @@ function authMgrPlus_keyword_owner( $keyword ) {
} }
// Record user info on keyword creation // Record user info on keyword creation
yourls_add_action( 'insert_link', 'authMgrPlus_insert_link' ); yourls_add_action( 'insert_link', 'amp_insert_link' );
function authMgrPlus_insert_link($actions) { function amp_insert_link($actions) {
global $ydb; global $ydb;
$keyword = $actions[2]; $keyword = $actions[2];
$user = YOURLS_USER; $user = defined( YOURLS_USER ) ? YOURLS_USER : NULL;
$table = YOURLS_DB_TABLE_URL; $table = YOURLS_DB_TABLE_URL;
// Insert $keyword against $username // Insert $keyword against $username