Converted TODO lines into GitHub issues
This commit is contained in:
parent
67e55fd7ff
commit
fa75a38a3d
@ -58,8 +58,6 @@ yourls_add_action( 'admin_init', 'authmgr_intercept_admin' );
|
|||||||
* to add a unique hook for each action, but unfortunately we need to
|
* to add a unique hook for each action, but unfortunately we need to
|
||||||
* hook the admin page load itself, and try to figure out what action
|
* hook the admin page load itself, and try to figure out what action
|
||||||
* is intended.
|
* is intended.
|
||||||
*
|
|
||||||
* TODO: Maybe YOURLS could be improved with more detailed action hooks.
|
|
||||||
*/
|
*/
|
||||||
function authmgr_intercept_admin() {
|
function authmgr_intercept_admin() {
|
||||||
authmgr_require_capability( AuthmgrCapability::ShowAdmin );
|
authmgr_require_capability( AuthmgrCapability::ShowAdmin );
|
||||||
@ -126,8 +124,6 @@ function authmgr_html_append_roles( $original ) {
|
|||||||
*/
|
*/
|
||||||
function authmgr_require_capability( $capability ) {
|
function authmgr_require_capability( $capability ) {
|
||||||
if ( !authmgr_have_capability( $capability ) ) {
|
if ( !authmgr_have_capability( $capability ) ) {
|
||||||
// TODO: display a much nicer error page
|
|
||||||
//die('Sorry, you are not authorized for the action: '.$capability);
|
|
||||||
yourls_redirect( yourls_admin_url( '?access=denied' ), 302 );
|
yourls_redirect( yourls_admin_url( '?access=denied' ), 302 );
|
||||||
die();
|
die();
|
||||||
}
|
}
|
||||||
@ -150,7 +146,6 @@ function authmgr_enumerate_current_capabilities() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
function authmgr_enumerate_all_capabilities() {
|
function authmgr_enumerate_all_capabilities() {
|
||||||
// TODO: generalize this, instead of just repeating the total declaration
|
|
||||||
return array(
|
return array(
|
||||||
AuthmgrCapability::ShowAdmin,
|
AuthmgrCapability::ShowAdmin,
|
||||||
AuthmgrCapability::AddURL,
|
AuthmgrCapability::AddURL,
|
||||||
@ -169,10 +164,6 @@ function authmgr_enumerate_all_capabilities() {
|
|||||||
* is permitted in the current context. Any function in the filter
|
* is permitted in the current context. Any function in the filter
|
||||||
* chain can change the response, but well-behaved functions will
|
* chain can change the response, but well-behaved functions will
|
||||||
* only change 'false' to 'true', never the other way around.
|
* only change 'false' to 'true', never the other way around.
|
||||||
*
|
|
||||||
* TODO: how to convey context when we later implement "ownership" on
|
|
||||||
* URL rows? maybe send an array that includes capabilitity
|
|
||||||
* and other context variables.
|
|
||||||
*/
|
*/
|
||||||
function authmgr_have_capability( $capability ) {
|
function authmgr_have_capability( $capability ) {
|
||||||
return yourls_apply_filter( AUTHMGR_ALLOW, false, $capability);
|
return yourls_apply_filter( AUTHMGR_ALLOW, false, $capability);
|
||||||
@ -201,10 +192,6 @@ function authmgr_check_anon_capability( $original, $capability ) {
|
|||||||
|
|
||||||
/*
|
/*
|
||||||
* What capabilities are available through role assignments to the active user?
|
* What capabilities are available through role assignments to the active user?
|
||||||
*
|
|
||||||
* TODO: maybe pre-calculate an access token for the current user with all
|
|
||||||
* of the permitted capabilities. Then this function would simply
|
|
||||||
* check the contents of the access token.
|
|
||||||
*/
|
*/
|
||||||
yourls_add_filter( AUTHMGR_ALLOW, 'authmgr_check_user_capability', 10 );
|
yourls_add_filter( AUTHMGR_ALLOW, 'authmgr_check_user_capability', 10 );
|
||||||
function authmgr_check_user_capability( $original, $capability ) {
|
function authmgr_check_user_capability( $original, $capability ) {
|
||||||
@ -270,22 +257,14 @@ function authmgr_check_apiuser_capability( $original, $capability ) {
|
|||||||
// In API mode and not using user/path authn? Let it go.
|
// In API mode and not using user/path authn? Let it go.
|
||||||
if ( yourls_is_API() && !isset($_REQUEST['username']) )
|
if ( yourls_is_API() && !isset($_REQUEST['username']) )
|
||||||
return true;
|
return true;
|
||||||
// TODO: add controls for actions, like
|
|
||||||
// shorturl, stats, db-stats, url-stats, expand
|
|
||||||
|
|
||||||
return $original;
|
return $original;
|
||||||
}
|
}
|
||||||
|
|
||||||
/******************** ROLE TEST AND ENUMERATION ***********************/
|
/******************** ROLE TEST AND ENUMERATION ***********************/
|
||||||
|
|
||||||
/*
|
|
||||||
* TODO: consider moving roles into a database table, and manipulate with web GUI
|
|
||||||
* TODO: consider allowing other plugins to contribute capabilities with a filter chain
|
|
||||||
*/
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Determine whether a specific user has a role.
|
* Determine whether a specific user has a role.
|
||||||
* TODO: don't use filter chains for role enumeration. that's silly.
|
|
||||||
*/
|
*/
|
||||||
function authmgr_user_has_role( $username, $rolename ) {
|
function authmgr_user_has_role( $username, $rolename ) {
|
||||||
return yourls_apply_filter( AUTHMGR_HASROLE, false, $username, $rolename );
|
return yourls_apply_filter( AUTHMGR_HASROLE, false, $username, $rolename );
|
||||||
@ -331,7 +310,7 @@ function authmgr_environment_check() {
|
|||||||
if ( !isset( $authmgr_anon_capabilities) ) {
|
if ( !isset( $authmgr_anon_capabilities) ) {
|
||||||
$authmgr_anon_capabilities = array(
|
$authmgr_anon_capabilities = array(
|
||||||
AuthmgrCapability::API,
|
AuthmgrCapability::API,
|
||||||
AuthmgrCapability::ShowAdmin,//TODO: hack! how to allow logon page?
|
AuthmgrCapability::ShowAdmin,
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -373,7 +352,6 @@ function authmgr_environment_check() {
|
|||||||
|
|
||||||
// convert role assignment table to lower case if it hasn't been done already
|
// convert role assignment table to lower case if it hasn't been done already
|
||||||
// this makes searches much easier!
|
// this makes searches much easier!
|
||||||
// TODO: avoid doing this every time we validate
|
|
||||||
$authmgr_role_assignment_lower = array();
|
$authmgr_role_assignment_lower = array();
|
||||||
foreach ( $authmgr_role_assignment as $key => $value ) {
|
foreach ( $authmgr_role_assignment as $key => $value ) {
|
||||||
$t_key = strtolower( $key );
|
$t_key = strtolower( $key );
|
||||||
|
Loading…
Reference in New Issue
Block a user