Compare commits

...

5 Commits

Author SHA1 Message Date
Nic Waller
1977912f40 First impressions of web GUI for authmgr #10 2013-06-01 23:30:15 -07:00
Nic Waller
433b50da55 Framework for authmgr admin page 2013-06-01 18:50:43 +00:00
Nic Waller
d1b7d27aa3 Change API for AUTHMGR_ALLOW 2013-06-01 18:26:42 +00:00
Nic Waller
35b79d89a3 Remove filter chain for role enumeration 2013-06-01 18:18:50 +00:00
Nic Waller
704a690c12 Enumerate capabilities with filter 2013-06-01 18:01:36 +00:00

View File

@ -17,8 +17,7 @@ if( !defined( 'YOURLS_ABSPATH' ) ) die();
* This plugin uses filter chains to evaluate whether specific actions
* should be allowed to proceed. The filter names are defined here.
*/
define( 'AUTHMGR_ALLOW', 'filter_authmgr_allow' );
define( 'AUTHMGR_HASROLE', 'filter_authmgr_hasrole' );
define( 'AUTHMGR_ALLOW', 'filter_authmgr_allow' );
// Define constants used for naming roles (but they don't work in config.php)
class AuthmgrRoles {
@ -27,15 +26,21 @@ class AuthmgrRoles {
const Contributor = 'Contributor';
}
// Define constants used for naming capabilities
// Declare capability names for YOURLS built-in functionality
class AuthmgrCapability {
const ShowAdmin = 'ShowAdmin'; // only display admin panel
const ShowAdmin = 'ShowAdmin';
const AddURL = 'AddURL';
const DeleteURL = 'DeleteURL';
const EditURL = 'EditURL';
const ManagePlugins = 'ManagePlugins';
const API = 'API';
const ViewStats = 'ViewStats';
public function all()
{
$reflect = new ReflectionClass(get_class($this));
return $reflect->getConstants();
}
}
@ -119,6 +124,52 @@ function authmgr_html_append_roles( $original ) {
}
}
/************** PLUGIN ADMIN PAGE *************************/
yourls_add_action( 'plugins_loaded', 'authmgr_add_page' );
function authmgr_add_page() {
yourls_register_plugin_page( 'authmgr', 'Authorization Manager', 'authmgr_display_page' );
}
function authmgr_display_page() {
if ( count( $_POST ) > 0 ) {
$rolenames = $_POST['rolenames'];
$roledefs = array();
foreach ($rolenames as $role) {
$roledefs[$role] = $_POST['role-'.$role];
}
yourls_update_option( 'authmgr_roles', json_encode( $roledefs ) );
echo '<b>Updated authmgr roles</b>';
}
$roles = json_decode( yourls_get_option( 'authmgr_roles' ), true );
echo '<form name="roles" method="POST" action="plugins.php?page=authmgr">';
echo '<table border="1">';
$allcaps = AuthmgrCapability::all();
echo '<tr> <th></th>';
foreach ($allcaps as $cap) {
echo "<th>$cap</th>";
}
echo '</tr>';
foreach ($roles as $role => $selcaps) {
echo '<input type="hidden" name="rolenames[]" value="'.$role.'">';
echo '<tr>';
echo "<th>$role</th>";
foreach ($allcaps as $cap) {
echo '<td>';
$active = in_array( $cap, $selcaps );
$selstr = ( $active ? 'checked' : '' );
echo '<input type="checkbox" name="role-'.$role.'[]" value="'.$cap.'" '.$selstr.'>';
echo '</td>';
}
echo '</tr>';
}
echo '</table>';
echo '<input type="submit" value="Update Roles">';
echo '</form>';
}
/**************** CAPABILITY TEST/ENUMERATION ****************/
/*
@ -154,16 +205,15 @@ function authmgr_enumerate_current_capabilities() {
return $current_capabilities;
}
/**
* Returns a list of all capabilities that authmgr is aware of.
* This list will be used to build the authmgr GUI.
* Other plugins can take advantage of authmgr by hooking this filter.
*/
function authmgr_enumerate_all_capabilities() {
return array(
AuthmgrCapability::ShowAdmin,
AuthmgrCapability::AddURL,
AuthmgrCapability::DeleteURL,
AuthmgrCapability::EditURL,
AuthmgrCapability::ManagePlugins,
AuthmgrCapability::API,
AuthmgrCapability::ViewStats,
);
$default_caps = AuthmgrCapability::all();
$all_caps = yourls_apply_filter( 'authmgr_capabilities', $default_caps);
return $all_caps;
}
/*
@ -174,8 +224,8 @@ function authmgr_enumerate_all_capabilities() {
* chain can change the response, but well-behaved functions will
* only change 'false' to 'true', never the other way around.
*/
function authmgr_have_capability( $capability ) {
return yourls_apply_filter( AUTHMGR_ALLOW, false, $capability);
function authmgr_have_capability( $capability, $object=null ) {
return yourls_apply_filter( AUTHMGR_ALLOW, false, $capability, $object);
}
/******************* FILTERS THAT GRANT CAPABILITIES *****************************/
@ -186,7 +236,7 @@ function authmgr_have_capability( $capability ) {
* What capabilities are always available, including anonymous users?
*/
yourls_add_filter( AUTHMGR_ALLOW, 'authmgr_check_anon_capability', 5 );
function authmgr_check_anon_capability( $original, $capability ) {
function authmgr_check_anon_capability( $original, $capability, $object ) {
global $authmgr_anon_capabilities;
// Shortcut - trust approval given by earlier filters
@ -203,7 +253,7 @@ function authmgr_check_anon_capability( $original, $capability ) {
* What capabilities are available through role assignments to the active user?
*/
yourls_add_filter( AUTHMGR_ALLOW, 'authmgr_check_user_capability', 10 );
function authmgr_check_user_capability( $original, $capability ) {
function authmgr_check_user_capability( $original, $capability, $object ) {
global $authmgr_role_capabilities;
// Shortcut - trust approval given by earlier filters
@ -238,7 +288,7 @@ function authmgr_check_user_capability( $original, $capability ) {
* By default, only 127.0.0.0/8 (localhost) is an admin range.
*/
yourls_add_filter( AUTHMGR_ALLOW, 'authmgr_check_admin_ipranges', 15 );
function authmgr_check_admin_ipranges( $original, $capability ) {
function authmgr_check_admin_ipranges( $original, $capability, $object ) {
global $authmgr_admin_ipranges;
// Shortcut - trust approval given by earlier filters
@ -259,7 +309,7 @@ function authmgr_check_admin_ipranges( $original, $capability ) {
* What capabilities are available when making API requests without a username?
*/
yourls_add_filter( AUTHMGR_ALLOW, 'authmgr_check_apiuser_capability', 15 );
function authmgr_check_apiuser_capability( $original, $capability ) {
function authmgr_check_apiuser_capability( $original, $capability, $object ) {
// Shortcut - trust approval given by earlier filters
if ( $original === true ) return true;
@ -274,20 +324,9 @@ function authmgr_check_apiuser_capability( $original, $capability ) {
/*
* Determine whether a specific user has a role.
* Currently based on role definitions in user/config.php
*/
function authmgr_user_has_role( $username, $rolename ) {
return yourls_apply_filter( AUTHMGR_HASROLE, false, $username, $rolename );
}
// ******************* FILTERS THAT GRANT ROLE MEMBERSHIP *********************
// By filtering AUTHMGR_HASROLE, you can connect internal roles to something else.
// Any filter handlers should execute as quickly as possible.
/*
* What role memberships are defined for the user in user/config.php?
*/
yourls_add_filter( AUTHMGR_HASROLE, 'authmgr_user_has_role_in_config');
function authmgr_user_has_role_in_config( $original, $username, $rolename ) {
global $authmgr_role_assignment;
// if no role assignments are created, grant everything