Compare commits
5 Commits
| Author | SHA1 | Date |
|---|---|---|
Nic Waller
|
1977912f40 | |
|
Nic Waller
|
433b50da55 | |
|
Nic Waller
|
d1b7d27aa3 | |
|
Nic Waller
|
35b79d89a3 | |
|
Nic Waller
|
704a690c12 |
|
|
@ -17,8 +17,7 @@ if( !defined( 'YOURLS_ABSPATH' ) ) die();
|
|||
* This plugin uses filter chains to evaluate whether specific actions
|
||||
* should be allowed to proceed. The filter names are defined here.
|
||||
*/
|
||||
define( 'AUTHMGR_ALLOW', 'filter_authmgr_allow' );
|
||||
define( 'AUTHMGR_HASROLE', 'filter_authmgr_hasrole' );
|
||||
define( 'AUTHMGR_ALLOW', 'filter_authmgr_allow' );
|
||||
|
||||
// Define constants used for naming roles (but they don't work in config.php)
|
||||
class AuthmgrRoles {
|
||||
|
|
@ -27,15 +26,21 @@ class AuthmgrRoles {
|
|||
const Contributor = 'Contributor';
|
||||
}
|
||||
|
||||
// Define constants used for naming capabilities
|
||||
// Declare capability names for YOURLS built-in functionality
|
||||
class AuthmgrCapability {
|
||||
const ShowAdmin = 'ShowAdmin'; // only display admin panel
|
||||
const ShowAdmin = 'ShowAdmin';
|
||||
const AddURL = 'AddURL';
|
||||
const DeleteURL = 'DeleteURL';
|
||||
const EditURL = 'EditURL';
|
||||
const ManagePlugins = 'ManagePlugins';
|
||||
const API = 'API';
|
||||
const ViewStats = 'ViewStats';
|
||||
|
||||
public function all()
|
||||
{
|
||||
$reflect = new ReflectionClass(get_class($this));
|
||||
return $reflect->getConstants();
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
|
@ -119,6 +124,52 @@ function authmgr_html_append_roles( $original ) {
|
|||
}
|
||||
}
|
||||
|
||||
/************** PLUGIN ADMIN PAGE *************************/
|
||||
|
||||
yourls_add_action( 'plugins_loaded', 'authmgr_add_page' );
|
||||
function authmgr_add_page() {
|
||||
yourls_register_plugin_page( 'authmgr', 'Authorization Manager', 'authmgr_display_page' );
|
||||
}
|
||||
|
||||
function authmgr_display_page() {
|
||||
if ( count( $_POST ) > 0 ) {
|
||||
$rolenames = $_POST['rolenames'];
|
||||
$roledefs = array();
|
||||
foreach ($rolenames as $role) {
|
||||
$roledefs[$role] = $_POST['role-'.$role];
|
||||
}
|
||||
yourls_update_option( 'authmgr_roles', json_encode( $roledefs ) );
|
||||
echo '<b>Updated authmgr roles</b>';
|
||||
}
|
||||
|
||||
$roles = json_decode( yourls_get_option( 'authmgr_roles' ), true );
|
||||
|
||||
echo '<form name="roles" method="POST" action="plugins.php?page=authmgr">';
|
||||
echo '<table border="1">';
|
||||
$allcaps = AuthmgrCapability::all();
|
||||
echo '<tr> <th></th>';
|
||||
foreach ($allcaps as $cap) {
|
||||
echo "<th>$cap</th>";
|
||||
}
|
||||
echo '</tr>';
|
||||
foreach ($roles as $role => $selcaps) {
|
||||
echo '<input type="hidden" name="rolenames[]" value="'.$role.'">';
|
||||
echo '<tr>';
|
||||
echo "<th>$role</th>";
|
||||
foreach ($allcaps as $cap) {
|
||||
echo '<td>';
|
||||
$active = in_array( $cap, $selcaps );
|
||||
$selstr = ( $active ? 'checked' : '' );
|
||||
echo '<input type="checkbox" name="role-'.$role.'[]" value="'.$cap.'" '.$selstr.'>';
|
||||
echo '</td>';
|
||||
}
|
||||
echo '</tr>';
|
||||
}
|
||||
echo '</table>';
|
||||
echo '<input type="submit" value="Update Roles">';
|
||||
echo '</form>';
|
||||
}
|
||||
|
||||
/**************** CAPABILITY TEST/ENUMERATION ****************/
|
||||
|
||||
/*
|
||||
|
|
@ -154,16 +205,15 @@ function authmgr_enumerate_current_capabilities() {
|
|||
return $current_capabilities;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns a list of all capabilities that authmgr is aware of.
|
||||
* This list will be used to build the authmgr GUI.
|
||||
* Other plugins can take advantage of authmgr by hooking this filter.
|
||||
*/
|
||||
function authmgr_enumerate_all_capabilities() {
|
||||
return array(
|
||||
AuthmgrCapability::ShowAdmin,
|
||||
AuthmgrCapability::AddURL,
|
||||
AuthmgrCapability::DeleteURL,
|
||||
AuthmgrCapability::EditURL,
|
||||
AuthmgrCapability::ManagePlugins,
|
||||
AuthmgrCapability::API,
|
||||
AuthmgrCapability::ViewStats,
|
||||
);
|
||||
$default_caps = AuthmgrCapability::all();
|
||||
$all_caps = yourls_apply_filter( 'authmgr_capabilities', $default_caps);
|
||||
return $all_caps;
|
||||
}
|
||||
|
||||
/*
|
||||
|
|
@ -174,8 +224,8 @@ function authmgr_enumerate_all_capabilities() {
|
|||
* chain can change the response, but well-behaved functions will
|
||||
* only change 'false' to 'true', never the other way around.
|
||||
*/
|
||||
function authmgr_have_capability( $capability ) {
|
||||
return yourls_apply_filter( AUTHMGR_ALLOW, false, $capability);
|
||||
function authmgr_have_capability( $capability, $object=null ) {
|
||||
return yourls_apply_filter( AUTHMGR_ALLOW, false, $capability, $object);
|
||||
}
|
||||
|
||||
/******************* FILTERS THAT GRANT CAPABILITIES *****************************/
|
||||
|
|
@ -186,7 +236,7 @@ function authmgr_have_capability( $capability ) {
|
|||
* What capabilities are always available, including anonymous users?
|
||||
*/
|
||||
yourls_add_filter( AUTHMGR_ALLOW, 'authmgr_check_anon_capability', 5 );
|
||||
function authmgr_check_anon_capability( $original, $capability ) {
|
||||
function authmgr_check_anon_capability( $original, $capability, $object ) {
|
||||
global $authmgr_anon_capabilities;
|
||||
|
||||
// Shortcut - trust approval given by earlier filters
|
||||
|
|
@ -203,7 +253,7 @@ function authmgr_check_anon_capability( $original, $capability ) {
|
|||
* What capabilities are available through role assignments to the active user?
|
||||
*/
|
||||
yourls_add_filter( AUTHMGR_ALLOW, 'authmgr_check_user_capability', 10 );
|
||||
function authmgr_check_user_capability( $original, $capability ) {
|
||||
function authmgr_check_user_capability( $original, $capability, $object ) {
|
||||
global $authmgr_role_capabilities;
|
||||
|
||||
// Shortcut - trust approval given by earlier filters
|
||||
|
|
@ -238,7 +288,7 @@ function authmgr_check_user_capability( $original, $capability ) {
|
|||
* By default, only 127.0.0.0/8 (localhost) is an admin range.
|
||||
*/
|
||||
yourls_add_filter( AUTHMGR_ALLOW, 'authmgr_check_admin_ipranges', 15 );
|
||||
function authmgr_check_admin_ipranges( $original, $capability ) {
|
||||
function authmgr_check_admin_ipranges( $original, $capability, $object ) {
|
||||
global $authmgr_admin_ipranges;
|
||||
|
||||
// Shortcut - trust approval given by earlier filters
|
||||
|
|
@ -259,7 +309,7 @@ function authmgr_check_admin_ipranges( $original, $capability ) {
|
|||
* What capabilities are available when making API requests without a username?
|
||||
*/
|
||||
yourls_add_filter( AUTHMGR_ALLOW, 'authmgr_check_apiuser_capability', 15 );
|
||||
function authmgr_check_apiuser_capability( $original, $capability ) {
|
||||
function authmgr_check_apiuser_capability( $original, $capability, $object ) {
|
||||
// Shortcut - trust approval given by earlier filters
|
||||
if ( $original === true ) return true;
|
||||
|
||||
|
|
@ -274,20 +324,9 @@ function authmgr_check_apiuser_capability( $original, $capability ) {
|
|||
|
||||
/*
|
||||
* Determine whether a specific user has a role.
|
||||
* Currently based on role definitions in user/config.php
|
||||
*/
|
||||
function authmgr_user_has_role( $username, $rolename ) {
|
||||
return yourls_apply_filter( AUTHMGR_HASROLE, false, $username, $rolename );
|
||||
}
|
||||
|
||||
// ******************* FILTERS THAT GRANT ROLE MEMBERSHIP *********************
|
||||
// By filtering AUTHMGR_HASROLE, you can connect internal roles to something else.
|
||||
// Any filter handlers should execute as quickly as possible.
|
||||
|
||||
/*
|
||||
* What role memberships are defined for the user in user/config.php?
|
||||
*/
|
||||
yourls_add_filter( AUTHMGR_HASROLE, 'authmgr_user_has_role_in_config');
|
||||
function authmgr_user_has_role_in_config( $original, $username, $rolename ) {
|
||||
global $authmgr_role_assignment;
|
||||
|
||||
// if no role assignments are created, grant everything
|
||||
|
|
|
|||
Loading…
Reference in New Issue