Compare commits
16 Commits
Author | SHA1 | Date |
---|---|---|
Mario Voigt | a936333a97 | |
Josh Panter | ff31aff5c2 | |
Josh Panter | 475417ff91 | |
Josh Panter | 87560573c6 | |
Josh Panter | 63d91b01fd | |
rizlas | 16e7899a63 | |
Filippo Lazzarini | e3cb3401c1 | |
Josh Panter | d7d5d00b78 | |
Josh Panter | 6d84f6e0e2 | |
Josh Panter | 37c769d44b | |
Josh Panter | 0277e6b114 | |
Marcos de Oliveira | 9512298328 | |
joshp | 338e0299f1 | |
joshp | 727c9d8c35 | |
joshp | abd6231fc7 | |
joshp | 33e1402ce4 |
11
README.md
11
README.md
|
@ -11,7 +11,7 @@ Features
|
|||
- All plugin pages, including main management page, hidden to non-admins by default. Easy to unblock pages.
|
||||
- Plenty of hooks to filter Roles, Role Capabilities, and _any_ of the default data environemnt (such as plugin page visibility)
|
||||
- Fine(r) tuned API access
|
||||
- PHP 7 compatible
|
||||
- PHP 8 compatible
|
||||
- No tracking of admins or editors by default
|
||||
|
||||
Requirements
|
||||
|
@ -27,6 +27,7 @@ Installation
|
|||
1. Copy the `authMgrPlus` folder into your `user/plugins` folder for YOURLS.
|
||||
1. Set up some parameters for authMgrPlus (details below)
|
||||
1. Activate the plugin with the plugin manager in the YOURLS admin interface.
|
||||
1. If you have pre-existing links in your database, you will have to manually asign them a user via an sql querry.
|
||||
|
||||
Default Roles
|
||||
-------------
|
||||
|
@ -73,7 +74,7 @@ $amp_allowed_plugin_pages = array(
|
|||
```
|
||||
Explore the code to see how to set `$amp_role_capabilities` and `$amp_anon_capabilities`. These are set to defaults in the `amp_env_check()` function.
|
||||
|
||||
You can also assign a default role to all logged-in users that have no explicit role:
|
||||
You can also assign a default role to all logged-in users that have no explicit role (note, case sensative):
|
||||
```
|
||||
$amp_default_role = "Editor";
|
||||
```
|
||||
|
@ -82,10 +83,8 @@ $amp_default_role = "Editor";
|
|||
#### NOTE:
|
||||
This is a fork of nicwaller's [Authmgr](https://github.com/nicwaller/yourls-authmgr-plugin) merged with Ian barber's [Separate Users](https://github.com/joshp23/Yourls-Separate-Users) plugin. Both code bases underwent heavy rewrites, and have been extensively updated and tightly integrated here, resulting in a lean and highly functional user authorization management environment.
|
||||
|
||||
### Support Dev
|
||||
All of my published code is developed and maintained in spare time, if you would like to support development of this, or any of my published code, I have set up a Liberpay account for just this purpose. Thank you.
|
||||
|
||||
<noscript><a href="https://liberapay.com/joshu42/donate"><img alt="Donate using Liberapay" src="https://liberapay.com/assets/widgets/donate.svg"></a></noscript>
|
||||
### Tips
|
||||
Dogecoin: DARhgg9q3HAWYZuN95DKnFonADrSWUimy3
|
||||
|
||||
License
|
||||
-------
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
Plugin Name: Auth Manager Plus
|
||||
Plugin URI: https://github.com/joshp23/YOURLS-AuthMgrPlus
|
||||
Description: Role Based Access Controlls with seperated user data for authenticated users
|
||||
Version: 2.2.5
|
||||
Version: 2.3.1
|
||||
Author: Josh Panter, nicwaller, Ian Barber <ian.barber@gmail.com>
|
||||
Author URI: https://unfettered.net
|
||||
*/
|
||||
|
@ -24,6 +24,7 @@ class ampCap {
|
|||
const AddURL = 'AddURL';
|
||||
const DeleteURL = 'DeleteURL';
|
||||
const EditURL = 'EditURL';
|
||||
const ShareURL = 'ShareURL';
|
||||
const Traceless = 'Traceless';
|
||||
const ManageAnonURL = 'ManageAnonURL';
|
||||
const ManageUsrsURL = 'ManageUsrsURL';
|
||||
|
@ -149,6 +150,41 @@ function amp_intercept_admin() {
|
|||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* Cosmetic filter: removes disallowed buttons from link list per short link
|
||||
*/
|
||||
|
||||
yourls_add_filter( 'table_add_row_action_array', 'amp_ajax_button_check' );
|
||||
function amp_ajax_button_check( $actions, $keyword ) {
|
||||
// define the amp capabilities that map to the buttons
|
||||
$button_cap_map = array('stats' => ampCap::ViewStats,
|
||||
'share' => ampCap::ShareURL,
|
||||
'edit' => ampCap::EditURL,
|
||||
'delete' => ampCap::DeleteURL,
|
||||
);
|
||||
|
||||
$button_cap_map = yourls_apply_filter( 'amp_button_capability_map', $button_cap_map );
|
||||
|
||||
// define restricted buttons
|
||||
$restricted_buttons = array('delete', 'edit');
|
||||
if ( 'YOURLS_PRIVATE_INFOS' === true )
|
||||
$restricted_buttons += ['stats'];
|
||||
|
||||
$restricted_buttons = yourls_apply_filter( 'amp_restricted_buttons', $restricted_buttons );
|
||||
|
||||
// unset any disallowed buttons
|
||||
foreach ( $actions as $action => $vars ) {
|
||||
$cap_needed = $button_cap_map[$action];
|
||||
if ( in_array( $action, $restricted_buttons) )
|
||||
$show = amp_manage_keyword( $keyword, $cap_needed );
|
||||
else
|
||||
$show = amp_have_capability( $cap_needed );
|
||||
if (!$show)
|
||||
unset( $actions[$action] );
|
||||
}
|
||||
return $actions;
|
||||
}
|
||||
|
||||
/*
|
||||
* Cosmetic filter: removes disallowed plugins from link list
|
||||
*/
|
||||
|
@ -165,12 +201,16 @@ function amp_admin_sublinks( $links ) {
|
|||
} else {
|
||||
|
||||
if ( amp_have_capability( ampCap::ManagePlugins ) !== true) {
|
||||
foreach( $links['plugins'] as $link => $ar ) {
|
||||
if(!in_array($link, $amp_allowed_plugin_pages) )
|
||||
unset($links['plugins'][$link]);
|
||||
if(!empty($links['plugins'])) {
|
||||
foreach( $links['plugins'] as $link => $ar ) {
|
||||
if(!in_array($link, $amp_allowed_plugin_pages) )
|
||||
unset($links['plugins'][$link]);
|
||||
}
|
||||
}
|
||||
}
|
||||
sort($links['plugins']);
|
||||
if(!empty($links['plugins'])) {
|
||||
sort($links['plugins']);
|
||||
}
|
||||
}
|
||||
return $links;
|
||||
}
|
||||
|
@ -230,13 +270,16 @@ function amp_have_capability( $capability ) {
|
|||
if ( !amp_is_valid_user() ) //XXX
|
||||
return false;
|
||||
// List capabilities of particular user role
|
||||
$user = YOURLS_USER !== false ? YOURLS_USER : NULL;
|
||||
$user = defined('YOURLS_USER') ? YOURLS_USER : NULL;
|
||||
$user_caps = array();
|
||||
foreach ( $amp_role_capabilities as $rolename => $rolecaps ) {
|
||||
if ( amp_user_has_role( $user, $rolename ) ) {
|
||||
$user_caps = array_merge( $user_caps, $rolecaps );
|
||||
}
|
||||
}
|
||||
if ( amp_user_is_assigned ( $user ) )
|
||||
foreach ( $amp_role_capabilities as $rolename => $rolecaps )
|
||||
if ( amp_user_has_role( $user, $rolename ) )
|
||||
$user_caps = array_merge( $user_caps, $rolecaps );
|
||||
|
||||
elseif ( isset( $amp_default_role ) && in_array ($amp_default_role, array_keys( $amp_role_capabilities ) ) )
|
||||
$user_caps = $amp_role_capabilities [ $amp_default_role ];
|
||||
|
||||
$user_caps = array_unique( $user_caps );
|
||||
// Is the requested capability in this list?
|
||||
$return = in_array( $capability, $user_caps );
|
||||
|
@ -251,15 +294,27 @@ function amp_have_capability( $capability ) {
|
|||
break;
|
||||
}
|
||||
}
|
||||
if( !$return ) {
|
||||
if ( isset( $amp_default_role ) && in_array ($amp_default_role, array_keys( $amp_role_capabilities ) ) ) {
|
||||
$default_caps = $amp_role_capabilities [ $amp_default_role ];
|
||||
$return = in_array( $capability, $default_caps );
|
||||
}
|
||||
}
|
||||
|
||||
return $return;
|
||||
}
|
||||
|
||||
// Determine if a user has been assigned a role
|
||||
function amp_user_is_assigned ( $username ) {
|
||||
|
||||
global $amp_role_assignment;
|
||||
if ( empty( $amp_role_assignment ) )
|
||||
return false;
|
||||
|
||||
$return = false;
|
||||
|
||||
foreach ( $amp_role_assignment as $role )
|
||||
if ( in_array( $username, $role ) ) {
|
||||
$return = true;
|
||||
break;
|
||||
}
|
||||
return $return;
|
||||
}
|
||||
|
||||
// Determine whether a specific user has a role.
|
||||
function amp_user_has_role( $username, $rolename ) {
|
||||
|
||||
|
@ -293,7 +348,7 @@ function amp_admin_list_where($where) {
|
|||
if ( amp_have_capability( ampCap::ViewAll ) )
|
||||
return $where; // Allow admin/editor users to see the lot.
|
||||
|
||||
$user = YOURLS_USER !== false ? YOURLS_USER : NULL;
|
||||
$user = defined('YOURLS_USER') ? YOURLS_USER : NULL;
|
||||
$where['sql'] = $where['sql'] . " AND (`user` = :user OR `user` IS NULL) ";
|
||||
$where['binds']['user'] = $user;
|
||||
|
||||
|
@ -339,7 +394,7 @@ function amp_get_db_stats( $return, $where ) {
|
|||
// or... filter results
|
||||
global $ydb;
|
||||
$table_url = YOURLS_DB_TABLE_URL;
|
||||
$user = YOURLS_USER !== false ? YOURLS_USER : NULL;
|
||||
$user = defined('YOURLS_USER') ? YOURLS_USER : NULL;
|
||||
|
||||
$where['sql'] = $where['sql'] . " AND (`user` = :user OR `user` IS NULL) ";
|
||||
$where['binds']['user'] = $user;
|
||||
|
@ -383,6 +438,7 @@ function amp_env_check() {
|
|||
ampCap::AddURL,
|
||||
ampCap::EditURL,
|
||||
ampCap::DeleteURL,
|
||||
ampCap::ShareURL,
|
||||
ampCap::Traceless,
|
||||
ampCap::ManageAnonURL,
|
||||
ampCap::ManageUsrsURL,
|
||||
|
@ -397,6 +453,7 @@ function amp_env_check() {
|
|||
ampCap::AddURL,
|
||||
ampCap::EditURL,
|
||||
ampCap::DeleteURL,
|
||||
ampCap::ShareURL,
|
||||
ampCap::Traceless,
|
||||
ampCap::ManageAnonURL,
|
||||
ampCap::APIu,
|
||||
|
@ -408,6 +465,7 @@ function amp_env_check() {
|
|||
ampCap::AddURL,
|
||||
ampCap::EditURL,
|
||||
ampCap::DeleteURL,
|
||||
ampCap::ShareURL,
|
||||
ampCap::APIu,
|
||||
ampCap::ViewStats,
|
||||
),
|
||||
|
@ -444,7 +502,7 @@ function amp_env_check() {
|
|||
}
|
||||
|
||||
// Activation: add the user column to the URL table if not added
|
||||
yourls_add_action( 'activated_authMgrPlus/plugin.php', 'amp_activated' );
|
||||
yourls_add_action('activated_plugin', 'amp_activated');
|
||||
function amp_activated() {
|
||||
global $ydb;
|
||||
|
||||
|
@ -479,6 +537,7 @@ function amp_current_capabilities() {
|
|||
ampCap::AddURL,
|
||||
ampCap::EditURL,
|
||||
ampCap::DeleteURL,
|
||||
ampCap::ShareURL,
|
||||
ampCap::Traceless,
|
||||
ampCap::ManageAnonURL,
|
||||
ampCap::ManageUsrsURL,
|
||||
|
@ -495,7 +554,8 @@ function amp_current_capabilities() {
|
|||
}
|
||||
}
|
||||
// allow manipulation of this list ( be mindfull of extending the ampCap class if needed )
|
||||
return yourls_apply_filter( 'amp_current_capabilities', $current_capabilities);
|
||||
$current_capabilities = yourls_apply_filter( 'amp_current_capabilities', $current_capabilities);
|
||||
return $current_capabilities;
|
||||
}
|
||||
|
||||
// Check for IP in a range
|
||||
|
@ -523,7 +583,7 @@ function amp_manage_keyword( $keyword, $capability ) {
|
|||
$return = false; // default is to deny access
|
||||
if ( amp_is_valid_user() ) { // only authenticated users can manaage keywords
|
||||
$owner = amp_keyword_owner($keyword);
|
||||
$user = YOURLS_USER !== false ? YOURLS_USER : NULL;
|
||||
$user = defined('YOURLS_USER') ? YOURLS_USER : NULL;
|
||||
if ( amp_have_capability( ampCap::ManageUsrsURL ) // Admin?
|
||||
|| ( $owner === NULL && amp_have_capability( ampCap::ManageAnonURL ) ) // Editor?
|
||||
|| ( $owner === $user && amp_have_capability( $capability ) ) ) // Self Edit?
|
||||
|
@ -549,7 +609,7 @@ function amp_insert_link($actions) {
|
|||
global $ydb;
|
||||
|
||||
$keyword = $actions[2];
|
||||
$user = YOURLS_USER !== false ? YOURLS_USER : NULL;
|
||||
$user = defined('YOURLS_USER') ? YOURLS_USER : NULL;
|
||||
$table = YOURLS_DB_TABLE_URL;
|
||||
|
||||
// Insert $keyword against $username
|
||||
|
@ -583,4 +643,48 @@ function amp_is_valid_user() {
|
|||
|
||||
return $valid;
|
||||
}
|
||||
|
||||
yourls_add_action( 'html_footer', 'amp_format_table_javascript' );
|
||||
|
||||
function amp_format_table_javascript() {
|
||||
echo <<<JS
|
||||
|
||||
<script>
|
||||
if($("body").hasClass("index")) {
|
||||
document.querySelector("#main_table tfoot th").colSpan = 7;
|
||||
document.querySelector("#nourl_found td").colSpan = 7;
|
||||
}
|
||||
</script>
|
||||
|
||||
JS;
|
||||
}
|
||||
|
||||
function array_insert($array, $position, $insert_array) {
|
||||
$first_array = array_splice($array, 0, $position);
|
||||
$array = array_merge($first_array, $insert_array, $array);
|
||||
|
||||
return $array;
|
||||
}
|
||||
|
||||
yourls_add_filter('table_head_cells', 'amp_username_table_head');
|
||||
function amp_username_table_head( $cells ) {
|
||||
$user_head = array( 'username' => 'Username' );
|
||||
$cells = array_insert($cells, 5, $user_head);
|
||||
return $cells;
|
||||
}
|
||||
|
||||
yourls_add_filter('table_add_row_cell_array', 'amp_add_user_row');
|
||||
function amp_add_user_row( $cells, $keyword ) {
|
||||
$username = amp_keyword_owner($keyword);
|
||||
$user_cell = array(
|
||||
'username' => array(
|
||||
'template' => '%username%',
|
||||
'username' => $username,
|
||||
)
|
||||
);
|
||||
$cells = array_insert($cells, 5, $user_cell);
|
||||
|
||||
return $cells;
|
||||
}
|
||||
|
||||
?>
|
Loading…
Reference in New Issue