|
|
|
|
@ -3,7 +3,7 @@
|
|
|
|
|
Plugin Name: Auth Manager Plus
|
|
|
|
|
Plugin URI: https://github.com/joshp23/YOURLS-AuthMgrPlus
|
|
|
|
|
Description: Role Based Access Controlls with seperated user data for authenticated users
|
|
|
|
|
Version: 2.3.0
|
|
|
|
|
Version: 2.3.1
|
|
|
|
|
Author: Josh Panter, nicwaller, Ian Barber <ian.barber@gmail.com>
|
|
|
|
|
Author URI: https://unfettered.net
|
|
|
|
|
*/
|
|
|
|
|
@ -201,12 +201,16 @@ function amp_admin_sublinks( $links ) {
|
|
|
|
|
} else {
|
|
|
|
|
|
|
|
|
|
if ( amp_have_capability( ampCap::ManagePlugins ) !== true) {
|
|
|
|
|
foreach( $links['plugins'] as $link => $ar ) {
|
|
|
|
|
if(!in_array($link, $amp_allowed_plugin_pages) )
|
|
|
|
|
unset($links['plugins'][$link]);
|
|
|
|
|
if(!empty($links['plugins'])) {
|
|
|
|
|
foreach( $links['plugins'] as $link => $ar ) {
|
|
|
|
|
if(!in_array($link, $amp_allowed_plugin_pages) )
|
|
|
|
|
unset($links['plugins'][$link]);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
sort($links['plugins']);
|
|
|
|
|
if(!empty($links['plugins'])) {
|
|
|
|
|
sort($links['plugins']);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return $links;
|
|
|
|
|
}
|
|
|
|
|
@ -266,13 +270,16 @@ function amp_have_capability( $capability ) {
|
|
|
|
|
if ( !amp_is_valid_user() ) //XXX
|
|
|
|
|
return false;
|
|
|
|
|
// List capabilities of particular user role
|
|
|
|
|
$user = YOURLS_USER !== false ? YOURLS_USER : NULL;
|
|
|
|
|
$user = defined('YOURLS_USER') ? YOURLS_USER : NULL;
|
|
|
|
|
$user_caps = array();
|
|
|
|
|
foreach ( $amp_role_capabilities as $rolename => $rolecaps ) {
|
|
|
|
|
if ( amp_user_has_role( $user, $rolename ) ) {
|
|
|
|
|
$user_caps = array_merge( $user_caps, $rolecaps );
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if ( amp_user_is_assigned ( $user ) )
|
|
|
|
|
foreach ( $amp_role_capabilities as $rolename => $rolecaps )
|
|
|
|
|
if ( amp_user_has_role( $user, $rolename ) )
|
|
|
|
|
$user_caps = array_merge( $user_caps, $rolecaps );
|
|
|
|
|
|
|
|
|
|
elseif ( isset( $amp_default_role ) && in_array ($amp_default_role, array_keys( $amp_role_capabilities ) ) )
|
|
|
|
|
$user_caps = $amp_role_capabilities [ $amp_default_role ];
|
|
|
|
|
|
|
|
|
|
$user_caps = array_unique( $user_caps );
|
|
|
|
|
// Is the requested capability in this list?
|
|
|
|
|
$return = in_array( $capability, $user_caps );
|
|
|
|
|
@ -287,15 +294,27 @@ function amp_have_capability( $capability ) {
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if( !$return ) {
|
|
|
|
|
if ( isset( $amp_default_role ) && in_array ($amp_default_role, array_keys( $amp_role_capabilities ) ) ) {
|
|
|
|
|
$default_caps = $amp_role_capabilities [ $amp_default_role ];
|
|
|
|
|
$return = in_array( $capability, $default_caps );
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return $return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Determine if a user has been assigned a role
|
|
|
|
|
function amp_user_is_assigned ( $username ) {
|
|
|
|
|
|
|
|
|
|
global $amp_role_assignment;
|
|
|
|
|
if ( empty( $amp_role_assignment ) )
|
|
|
|
|
return false;
|
|
|
|
|
|
|
|
|
|
$return = false;
|
|
|
|
|
|
|
|
|
|
foreach ( $amp_role_assignment as $role )
|
|
|
|
|
if ( in_array( $username, $role ) ) {
|
|
|
|
|
$return = true;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
return $return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Determine whether a specific user has a role.
|
|
|
|
|
function amp_user_has_role( $username, $rolename ) {
|
|
|
|
|
|
|
|
|
|
@ -329,7 +348,7 @@ function amp_admin_list_where($where) {
|
|
|
|
|
if ( amp_have_capability( ampCap::ViewAll ) )
|
|
|
|
|
return $where; // Allow admin/editor users to see the lot.
|
|
|
|
|
|
|
|
|
|
$user = YOURLS_USER !== false ? YOURLS_USER : NULL;
|
|
|
|
|
$user = defined('YOURLS_USER') ? YOURLS_USER : NULL;
|
|
|
|
|
$where['sql'] = $where['sql'] . " AND (`user` = :user OR `user` IS NULL) ";
|
|
|
|
|
$where['binds']['user'] = $user;
|
|
|
|
|
|
|
|
|
|
@ -375,7 +394,7 @@ function amp_get_db_stats( $return, $where ) {
|
|
|
|
|
// or... filter results
|
|
|
|
|
global $ydb;
|
|
|
|
|
$table_url = YOURLS_DB_TABLE_URL;
|
|
|
|
|
$user = YOURLS_USER !== false ? YOURLS_USER : NULL;
|
|
|
|
|
$user = defined('YOURLS_USER') ? YOURLS_USER : NULL;
|
|
|
|
|
|
|
|
|
|
$where['sql'] = $where['sql'] . " AND (`user` = :user OR `user` IS NULL) ";
|
|
|
|
|
$where['binds']['user'] = $user;
|
|
|
|
|
@ -483,7 +502,7 @@ function amp_env_check() {
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Activation: add the user column to the URL table if not added
|
|
|
|
|
yourls_add_action( 'activated_authMgrPlus/plugin.php', 'amp_activated' );
|
|
|
|
|
yourls_add_action('activated_plugin', 'amp_activated');
|
|
|
|
|
function amp_activated() {
|
|
|
|
|
global $ydb;
|
|
|
|
|
|
|
|
|
|
@ -564,7 +583,7 @@ function amp_manage_keyword( $keyword, $capability ) {
|
|
|
|
|
$return = false; // default is to deny access
|
|
|
|
|
if ( amp_is_valid_user() ) { // only authenticated users can manaage keywords
|
|
|
|
|
$owner = amp_keyword_owner($keyword);
|
|
|
|
|
$user = YOURLS_USER !== false ? YOURLS_USER : NULL;
|
|
|
|
|
$user = defined('YOURLS_USER') ? YOURLS_USER : NULL;
|
|
|
|
|
if ( amp_have_capability( ampCap::ManageUsrsURL ) // Admin?
|
|
|
|
|
|| ( $owner === NULL && amp_have_capability( ampCap::ManageAnonURL ) ) // Editor?
|
|
|
|
|
|| ( $owner === $user && amp_have_capability( $capability ) ) ) // Self Edit?
|
|
|
|
|
@ -590,7 +609,7 @@ function amp_insert_link($actions) {
|
|
|
|
|
global $ydb;
|
|
|
|
|
|
|
|
|
|
$keyword = $actions[2];
|
|
|
|
|
$user = defined(YOURLS_USER) ? YOURLS_USER : NULL;
|
|
|
|
|
$user = defined('YOURLS_USER') ? YOURLS_USER : NULL;
|
|
|
|
|
$table = YOURLS_DB_TABLE_URL;
|
|
|
|
|
|
|
|
|
|
// Insert $keyword against $username
|
Mario Voigt
Josh Panter
rizlas
Filippo Lazzarini